Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Chrome defaults searchbar to "chromesearch.win" even after reinstall


  • Please log in to reply
18 replies to this topic

#1 ben706

ben706

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 11 December 2017 - 03:48 PM

Hi,

 

I stupidly downloaded something from a shady website and got my computer infected. The download was made using Google Chrome, and immediately after the download started, several new extensions added themselves to Chrome. I went through and deleted each extension. I then noticed that my default search engine had been changed to "chromesearch.win" and my new tab page was also a spoof of the default Chrome new tab page. When clicking on the options dropdown to attempt removal of this search engine, nothing happens. I therefore cannot remove it directly. I then disconnected my browser from syncing with my Google account, and attempted to use the built-in reset tool. I can follow through all the steps, but nothing happens when it resets. I then downloaded Chrome Cleanup Tool from Google using Microsoft Edge and ran it, but it gave me the error "0xc0000005: the application failed to start correctly." It proceeded to run after this message, but found no installed programs. Finally, I completely uninstalled Google Chrome, deleted my synced data on my Google account, deleted every single Google folder in Program Files and AppData, and ran MalwareBytes, which quarantined a few things. After this, I downloaded Chrome using Edge and after installation, an extension called "Chrome Cleaner Pro" immediately added itself to Chrome, as well as the spoof search engine and new tab page. I uninstalled Chrome again and deleted all Google files again, and this time I ran MalwareBytes and Adwcleaner. MalwareBytes found nothing, but Adwcleaner found a few things and got rid of them. I reinstalled Chrome again, and the unwanted extension, search engine, and new tab page all came up again.

 

I am using Windows 10 Home Edition 64-bit, upgraded from Windows 7 Home Edition 64-bit, on a Dell XPS 8300 with an i5-2400, a GTX 1070, 12GB of DDR3, a Samsung 850 EVO 500GB boot drive, and a WD Blue 1TB 7200rpm secondary drive.

 

Any ideas?



BC AdBot (Login to Remove)

 


#2 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:05:33 PM

Posted 13 December 2017 - 03:24 AM

G'day and Welcome Ben!

 

 

 

Apologies for the delay in getting to you. Things have been a little busy around here.

 

To start off, let's have a look and see what's going on using a simple tool first.

 

I should let you know that I'm just a normal member like you, not a Trained Malware Removal Expert. I have been working with computers since about 1976.

 

I'd like you to follow the instructions below please and post back the contents of any log in your Reply.......

 

 

Before we start, will you please have a look in your C:\ folder for a subfolder called C:\AdwCleaner and find me your latest Scan and Cleaning Files.

They'll be in the format AdwCleaner[CX].txt (a cleaning log,) and,  AdwCleaner[SX].txt (a scan log.) The higher the number the more recent, generally.

If you can find them, please paste them in to a reply before continuing.

 

 

 

Do Not Enclose Reports In Quotes or Delete or Insert Any Characters - No Redaction!

Please Post All Reports in Plain Text. Ensure You Include All Report Headers.

Please Press the Return Key 3 Times Between Reports.

Don't Attach them either.....Pleeeez!

 

 

Please make sure you have Backed Up your Files and Save any Work you have Open before proceeding!

You can find Free Back Up Software in the Bleeping Computer "Downloads" Section.

It's unlikely that anything I ask you to do will wipe your data, but better to be safe than sorry.

 

 

Some Tools May Close Down Any Open Windows or Programs, Please Be Aware of This!

 

 

 

Remember that there is no such thing as a "Stupid Question." If you encounter ANY problems or difficulties along the way, STOP and Message Me!!

 

 

 

**Read All Notes Under Individual Instructions BEFORE Running the Tools.**

 

You might find it useful to print these instructions for reference.

 

 

 

 

 

 

 

 

(1)

 

  

Download a copy of a program called RKill (Courtesy of Grinler at Bleeping Computer) which is available at the links below:

(This program attempts to stop any running malware processes so other tools may function efficiently, plus a few other things.)

 

Save it to your Desktop so you can easily locate it.

 

(If one won't run, download the other. Malware sometimes recognises RKill.exe and tries to interfere with it.)

 

 

RKill.exe                              <<== Try this first.

 

RKill as iExplore.exe         <<== Try this one if option one doesn't work.

 

  • Right Click RKill and Select "Run As Administrator."
  • Soon after a Black Box will appear while RKill Runs. (This is normal. RKill may appear to hang. It's just working.)
  • When the RKill has finished it will Open a Report in Notepad.
  • RKill will also save a copy of its log to your Desktop called "RKill.log"
  • After RKill has run successfully Don't Restart your computer until the other tool(s) have run.
  • Please Copy and Paste the contents of the Report into your Next Reply.
  • If RKill will not run in Normal Windows Mode, Restart in Safe Mode and Repeat the above Steps.

 

NOTES:

Please Ignore any warnings from about RKill containing Viruses or Trojans etc. If necessary, shut down or temporarily disable your Antivirus while RKill runs. Don't forget to Re-enable your Anti-Virus once RKill completes, unless I ask otherwise.

 

If RKill still won't run, please Post back here and advise me.(After trying both versions and Safe Mode.) Please note any Error messages or other useful information and Include it in your Reply.

 

 

 

(2)

 

 

Please download Security Check (by screen317) from: HERE

(Save it to your Desktop.)

 

 

  • Right Click SecurityCheck and Select "Run As Administrator."
  • Follow the Prompts in the Black Box which opens on your screen.
  • When the program is complete a Notepad Document called Checkup.txt should open Automatically in Notepad.
  • Please Copy & Paste the Contents of Checkup.txt into your Next Reply.

 

Please Note the Following:

 

If you receive an "UNSUPPORTED OPERATING SYSTEM! ABORTED!," please Restart Windows and Security Check should Run Fine.

Should a problem persist, please Post Back Here and include any Error Messages & Other Useful Information.

 

Security Check may require you to permit "Dig.exe" to access the internet. Please allow access through your Firewall if necessary.

It is not uncommon for Security Check to generate "false positives" from  some Anti-Virus/Anti-Malware Programs. Please Ignore These if They Occur.

 

 

(3)

 

 

Download Farbar Service Scanner onto your Desktop (FSS :)  HERE

 

 

Please Ensure the following Options are Selected:

 

 

  • RpcSs and PlugPlay <= (May be greyed out.)
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
  • Other Services

(Please Don't Click the "Search Files" or "Export Service Buttons")

  • Click the Scan button to start scanning.
  • (FSS may take a short while to complete.)
  • When the Scan is Complete, a Report should Pop-Up in Notepad.
  • Please Copy and Paste the Contents into your Next Reply.

 

*(The Tool will create a log file called FSS.txt in the Folder the Tool is Run from.

That log will be saved. If there are any problems with the Pop-Up one, Copy from FSS.txt.)

 

 

(4)

 

 

Download MiniToolBox(By FARBAR) to your Desktop:  HERE

 

 

Right Click the Blue\Black MiniToolBox Icon and Select "Run as Administrator."

(The Tool will show Version: 17-06-2016 in the title bar.)

 

 

Select the following Check-boxes:

 

 

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings (Make sure IE is closed before pressing GO! please.)
  • Report FF Proxy Settings
  • Reset FF Proxy Settings (Make sure Firefox is closed before pressing GO! please.)
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (DO NOT change any settings for this - Only "Problems" should be set by Default.)
  • List Users, Partitions and Memory size
  • List Minidump Files
  • List Restore Points

 

Click the "Go" Button.

 

  • Report should Pop-Up on your Screen in Notepad after a short wait.
  • Please Copy an Paste the Report Contents into your Next Reply.

(If you accidentally "kill" the Notepad Report, all is not lost, it should be saved on your Desktop as MTB.txt)

 

 

(5)

 

 

Download AdwCleaner(from Xplode.)   

 

From here: AdwCleaner.exe

 

 

Save to your Desktop so you can easily locate it.

 

  • Before Starting Ensure You've Saved Anything You Have Open that you Wish to Keep!!
  • Right Click AdwCleaner.exe & Select "Run As Administrator"
  • Please Click on the Tools Menu. There should be 2 Tabs: Options & Advanced.
  • In Options under DeleteSelect Tracing Keys(Usually pre-selected,) Prefetch and, under RESET select All Options on the Right Hand Side.
  • Do Not select any other Options with Square Boxes.
  • There should be Options for Mode and Debug. You can leave these at their Defaults. Press OK.
  • Next, you should see Two main Buttons, Scan and Logfiles. Please Press Scan.
  • AdwCleaner will Start to Update the Database if required. This may take a little while.
  • The Progress Bar will gradually move to the right as the scan progresses. It can take a while.
  • Next you should receive a Popup Notification advising of the Scan Result.
  • Select any Items AdwCleaner may have found for DeletionorDeselect anything you may wish to keep.
  • Under the Popup there will be a Log. Please Copy and Paste the Contents into your next Reply.
  • Next, Click Clean. Even if nothing was detected. This will require you to reboot the machine. Please do so.
  • Once the computer has rebooted, a second Log should appear. Please Paste into your Reply as well.

 

  • If you need to access Logs again, Open the Tool and Click the LogFiles Button. They are stored there.

 

The Logs can be a tad confusing at first. They all contain a number such as [S0] which is Log One. They are also accompanied by a date to the left side column. The lower the number in the square brackets, the earlier the Log. For example, I may have Logs; AdwCleaner[S0].txt (Earliest) to AdwCleaner[S27].txt (Most Recent.) Double Click a Log to Open it.

 

 

 

(6)

 

 
Next, if you have Malwarebytes installed on your Machine, please do the following:
(Otherwise download Malwarebytes: HERE  and install it.)
 
Re-run the steps for RKill (Step 1. All Points.)
This is due to the Reboot Required after Running AdwCleaner.
 
  • Start the Malwarebytes Application.
  • Open the Malwarebytes Dashboard.
  • Ensure that Malwarebytes is Updated to the Most Recent Definitions and Version.(Version Update may require license or Trial.)
 
 
Click Settings, then Application:
 
Enable the Following Options If Not Enabled:
(If you do not have a license or trial activated some options will not be able to be set.)
 
  • Automatically download and install application updates
  • Notify me when full version updates are available
  • Show Malwarebytes notifications in the Windows System Tray
  • Show Notifications when Real Time Protection settings are turned off
  • Set Manual Scans have high priority
  • Configure Proxy Server if you use one. (If you don't know what this means you likely don't. If in doubt, CHECK!)
 
 
Now switch to the Protection Tab and where possible Enable:
(The same license note as above applies here too.)
  • Web Protection
  • Exploit Protection
  • Malware Protection
  • Ransomware Protection
  • Scan for Rootkits.
  • Scan within Archives.
  • Use Signature-Less anomaly detection for increased protection
  • Always detect PUPs
  • Always detect PUMs
  • Automatically check for updates (Select Check every 15 Mins.)
  • Notify if time since last update exceeds 24 hours
  • Start Malwarebytes at Windows Startup
  • Enable Self Protection Module
  • Enable Self Protection Early Start
  • Automatically Quarantine detected Malware
 
I suggest, when in this situation, using Threat Scan. Select Scans Tab. Select all Drives(C: D: etc.,) and ensure scanning for Rootkits is enabled. (The Rootkit option MAY not be available to you if you haven't activated Trial, or, don't have a license.)
 
  • If you'd rather not Use Threat ScanReturn to Dashboard and Click Scan Now.
  • Once Scan is complete, please Ensure any Threats found are Selected and Removed.
  • Please obtain a copy of your Scan Report from the Reports section and Paste in to your Next Reply.
 

 

(7)

 

Download Malwarebytes Anti-Rootkit (MBAR) to your desktop.

 

From Here: Malwarebytes Anti-Rootkit

  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"



NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.

 

 (My Thanks to Broni, Bleeping Computer Advisor for the use of the above, mostly pilfered, MBAR Notes.

 

 

 

(8)

 

Re-run the steps for RKill (Step 1All Points.)

This is due to the Reboot Required after Running MBAR (Only required if Reboot needed after MBAR run.)
 

Download and run the ESET Free Online Virus Scanner from:  HERE

(Please note that the Instructions may vary from time to time with version changes etc.)

  • Turn off your antivirus program. See here how to do this.
  • Accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Now click on Advanced Settings and make sure that the option Clean threats automatically is NOT checked, and select the following:
    • Enable detection of potentially unsafe applications
    • Enable detection of suspicious applications
    • Scan archives
    • Enable Anti-Stealth Technology
    • Click on the Change button and select only Operating Memory, Autostart Locations and drive(s) C:\D:\ etc.to be scanned
    • Click Start to begin the Scan.
  • The ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite a while.
  • When the scan completes, a list of found threats will open automatically (if any malicious files are found).
  • Push the SAVE to TEXT FILE button and save the file to your desktop using a unique name, such as ESETScan+Date.txtInclude the contents of this report in your next reply.
  • Push the CLEAN button.
  • Click Back, then Finish to exit ESET Online Scanner.

 

Let me know if you encounter any problems.

 

 

I'm in Australia, so the chances are there will be time zone differences.

I'll get back to you as quickly as I can.

 

If you don't hear back from me after 24 hours, please Personal Message me.

If you don't hear back after 48 hours, please Personal Message another Helper or Moderator.

 

Please remember we are Volunteers, so, please try to be a little patient.

We have other tasks and jobs that sometimes delay us here.

 

 

Cheers,

 

 

 

Kilt    :thumbup2: 


Edited by Unworn_Kilt, 13 December 2017 - 03:28 AM.

PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#3 ben706

ben706
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 13 December 2017 - 03:22 PM

No problem, thanks for the help. Here is the order of the reports below:

 

1. AdwCleaner Scan Log (from before this process, as you asked for)

2. AdwCleaner Cleaning Log (from before this process, as you asked for)

3. RKill (was able to run as RKill.exe)

4. Security Check

5. Farbar Service Scanner

6. MiniToolBox

7. AdwCleaner Scan Log (I did restart and run RKill again after running this scan, but there is no second cleaning log file. It didn't find any malware so I don't know if this matters).

9. Malwarebytes

10. Malwarebytes Anti-Rootkit MBAR-Log

11. Malwarebytes Anti-Rootkit System-Log

12. ESET (this seems to be the only one within your process that found some new malware)

 

Also, YouTubeDownloader is a program I put on my computer about six years ago, and I have never had a problem with it, but it was detected as a PUP by AdwCleaner and ESET so I have no problem with getting rid of it.

 

 

 

 

# AdwCleaner 7.0.5.0 - Logfile created on Mon Dec 11 20:10:51 2017
# Updated on 2017/29/11 by Malwarebytes
# Database: 12-11-2017.1
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Legacy, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
PUP.Optional.Legacy, C:\ProgramData\ytd video downloader
PUP.Optional.Legacy, C:\ProgramData\Application Data\ytd video downloader
PUP.Optional.Legacy, C:\Users\All Users\ytd video downloader

***** [ Files ] *****
PUP.Optional.Legacy, C:\Users\All Users\Desktop\YTD Video Downloader.lnk
PUP.Optional.Legacy, C:\Users\Public\Desktop\YTD Video Downloader.lnk

***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3977901330-796150372-2162604158-1001\Software\YahooPartnerToolbar
PUP.Optional.Legacy, [Key] - HKCU\Software\YahooPartnerToolbar
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3977901330-796150372-2162604158-1001\Software\Zugo
PUP.Optional.Legacy, [Key] - HKCU\Software\Zugo
PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-3977901330-796150372-2162604158-1001\Software\SoftSuma
PUP.Optional.Legacy, [Key] - HKCU\Software\SoftSuma

***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries.
*************************
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########

 

 

 

 

# AdwCleaner 7.0.5.0 - Logfile created on Mon Dec 11 20:11:16 2017
# Updated on 2017/29/11 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services deleted.
***** [ Folders ] *****
Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader
Deleted: C:\ProgramData\ytd video downloader
Deleted: C:\ProgramData\Application Data\ytd video downloader
Deleted: C:\Users\All Users\ytd video downloader

***** [ Files ] *****
Deleted: C:\Users\All Users\Desktop\YTD Video Downloader.lnk
Deleted: C:\Users\Public\Desktop\YTD Video Downloader.lnk

***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks deleted.
***** [ Registry ] *****
Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Deleted: [Key] - HKU\S-1-5-21-3977901330-796150372-2162604158-1001\Software\YahooPartnerToolbar
Deleted: [Key] - HKCU\Software\YahooPartnerToolbar
Deleted: [Key] - HKU\S-1-5-21-3977901330-796150372-2162604158-1001\Software\Zugo
Deleted: [Key] - HKCU\Software\Zugo
Deleted: [Key] - HKU\S-1-5-21-3977901330-796150372-2162604158-1001\Software\SoftSuma
Deleted: [Key] - HKCU\Software\SoftSuma

***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries deleted.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries deleted.
*************************
::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0
 
*************************
C:/AdwCleaner/AdwCleaner[S0].txt - [1886 B] - [2017/12/11 20:10:51]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

 

 

 

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 12/13/2017 12:14:57 PM in x64 mode.
Windows Version: Windows 10 Home
Checking for Windows services to stop:
 * No malware services found to stop.
Checking for processes to terminate:
 * No malware processes found to kill.
Checking Registry for malware related settings:
 * No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
 * Windows Defender Disabled
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
Searching for Missing Digital Signatures:
 * No issues found.
Checking HOSTS File:
 * No issues found.
Program finished at: 12/13/2017 12:15:19 PM
Execution time: 0 hours(s), 0 minute(s), and 22 seconds(s)

 

 

 

 Results of screen317's Security Check version 1.014 --- 12/23/15 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Avast Antivirus   
Windows Defender  
Malwarebytes      
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 151 
 Java version 32-bit out of Date!
 Adobe Flash Player  27.0.0.187 
 Google Chrome (63.0.3239.84)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamtray.exe 
 Oracle Java javapath AvastSvc.exe -?-
 AVAST Software Avast AvastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

 

 

Farbar Service Scanner Version: 27-01-2016
Ran by Ben Martin (administrator) on 13-12-2017 at 12:05:17
Running from "C:\Users\Ben Martin\Desktop"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Policy:
========================

Security Center:
============

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

 

 

 

 

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Ben Martin (administrator) on 13-12-2017 at 12:06:56
Running from "C:\Users\Ben Martin\Desktop"
Microsoft Windows 10 Home  (X64)
Model: XPS 8300 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set global
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wireless Network Connection 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wireless Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd
# End of IPv4 configuration
 
Windows IP Configuration
   Host Name . . . . . . . . . . . . : Ben_Martins_PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : studentwireless.binghamton.edu
Ethernet adapter Local Area Connection:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
   Physical Address. . . . . . . . . : 78-2B-CB-9C-8C-41
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 2:
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 68-A3-C4-8C-A3-AA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wireless Network Connection:
   Connection-specific DNS Suffix  . : studentwireless.binghamton.edu
   Description . . . . . . . . . . . : The DW WLAN Card provides wireless local area networking.
   Physical Address. . . . . . . . . : 68-A3-C4-8C-A3-AA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::b542:3620:3830:eb5%14(Preferred)
   IPv4 Address. . . . . . . . . . . : 149.125.56.183(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.252.0
   Lease Obtained. . . . . . . . . . : Wednesday, December 13, 2017 11:56:34 AM
   Lease Expires . . . . . . . . . . : Wednesday, December 13, 2017 12:26:34 PM
   Default Gateway . . . . . . . . . : 149.125.56.1
   DHCP Server . . . . . . . . . . . : 128.226.1.11
   DHCPv6 IAID . . . . . . . . . . . : 191407044
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-78-64-4F-78-2B-CB-9C-8C-41
   DNS Servers . . . . . . . . . . . : 128.226.1.11
                                       128.226.20.130
   NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Teredo Tunneling Pseudo-Interface:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3cda:13e7:6a82:c748(Preferred)
   Link-local IPv6 Address . . . . . : fe80::3cda:13e7:6a82:c748%6(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 452984832
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-78-64-4F-78-2B-CB-9C-8C-41
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  bingnet1.cc.binghamton.edu
Address:  128.226.1.11
Name:    google.com
Addresses:  2607:f8b0:4006:814::200e
   172.217.11.14

Pinging google.com [172.217.11.14] with 32 bytes of data:
Reply from 172.217.11.14: bytes=32 time=10ms TTL=54
Reply from 172.217.11.14: bytes=32 time=12ms TTL=54
Ping statistics for 172.217.11.14:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 12ms, Average = 11ms
Server:  bingnet1.cc.binghamton.edu
Address:  128.226.1.11
Name:    yahoo.com
Addresses:  2001:4998:58:2201::73
   2001:4998:c:e33::53
   2001:4998:44:204::100d
   98.138.252.38
   98.139.180.180
   206.190.39.42

Pinging yahoo.com [98.138.252.38] with 32 bytes of data:
Reply from 98.138.252.38: bytes=32 time=47ms TTL=52
Reply from 98.138.252.38: bytes=32 time=43ms TTL=52
Ping statistics for 98.138.252.38:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 43ms, Maximum = 47ms, Average = 45ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 12...78 2b cb 9c 8c 41 ......Broadcom NetLink ™ Gigabit Ethernet
 13...68 a3 c4 8c a3 aa ......Microsoft Hosted Network Virtual Adapter
 14...68 a3 c4 8c a3 aa ......The DW WLAN Card provides wireless local area networking.
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     149.125.56.1   149.125.56.183     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
     149.125.56.0    255.255.252.0         On-link    149.125.56.183    311
   149.125.56.183  255.255.255.255         On-link    149.125.56.183    311
   149.125.59.255  255.255.255.255         On-link    149.125.56.183    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link    149.125.56.183    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link    149.125.56.183    311
===========================================================================
Persistent Routes:
  None
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  6    331 ::/0                     On-link
  1    331 ::1/128                  On-link
  6    331 2001::/32                On-link
  6    331 2001:0:5ef5:79fb:3cda:13e7:6a82:c748/128
                                    On-link
 14    311 fe80::/64                On-link
  6    331 fe80::/64                On-link
  6    331 fe80::3cda:13e7:6a82:c748/128
                                    On-link
 14    311 fe80::b542:3620:3830:eb5/128
                                    On-link
  1    331 ff00::/8                 On-link
 14    311 ff00::/8                 On-link
  6    331 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
========================= Event log errors: ===============================
Application errors:
==================
Error: (12/13/2017 12:01:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Error: (12/13/2017 12:00:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Error: (12/13/2017 12:09:22 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Error: (12/12/2017 11:58:20 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 10.0.15063.0, time stamp: 0xe5f810c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00090f42
Faulting process id: 0x3d8
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5
Error: (12/12/2017 11:58:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: rundll32.exe, version: 10.0.15063.0, time stamp: 0xe5f810c5
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0009264e
Faulting process id: 0xb20
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
Faulting package full name: rundll32.exe4
Faulting package-relative application ID: rundll32.exe5
Error: (12/12/2017 11:56:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Error: (12/12/2017 11:56:21 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Error: (12/12/2017 11:55:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Error: (12/12/2017 11:54:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
Error: (12/12/2017 11:54:40 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.

System errors:
=============
Error: (12/13/2017 11:56:20 AM) (Source: Service Control Manager) (User: )
Description: The PST Service service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (12/13/2017 11:56:20 AM) (Source: Service Control Manager) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (12/13/2017 11:56:19 AM) (Source: Service Control Manager) (User: )
Description: The CldFlt service failed to start due to the following error:
%%50 = The request is not supported.

Error: (12/12/2017 11:55:21 PM) (Source: Service Control Manager) (User: )
Description: The PST Service service failed to start due to the following error:
%%2 = The system cannot find the file specified.

Error: (12/12/2017 11:55:21 PM) (Source: Service Control Manager) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (12/12/2017 11:55:20 PM) (Source: Service Control Manager) (User: )
Description: The CldFlt service failed to start due to the following error:
%%50 = The request is not supported.

Error: (12/12/2017 11:54:44 PM) (Source: DCOM) (User: Ben_Martins_PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (12/12/2017 11:54:44 PM) (Source: DCOM) (User: Ben_Martins_PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (12/12/2017 11:54:44 PM) (Source: DCOM) (User: Ben_Martins_PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
Error: (12/12/2017 11:54:44 PM) (Source: DCOM) (User: Ben_Martins_PC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Microsoft Office Sessions:
=========================
Error: (12/13/2017 12:01:12 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifestC:\Program Files (x86)\Audacity\audacity.exe
Error: (12/13/2017 12:00:36 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifestC:\Program Files (x86)\Audacity\audacity.exe
Error: (12/13/2017 12:09:22 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifestC:\Program Files (x86)\Audacity\audacity.exe
Error: (12/12/2017 11:58:20 PM) (Source: Application Error)(User: )
Description: rundll32.exe10.0.15063.0e5f810c5unknown0.0.0.000000000c000000500090f423d801d373ceff168fcbC:\Windows\SysWOW64\rundll32.exeunknowne43c5f4a-f10c-4f67-9a0d-1ba17a69e7ec
Error: (12/12/2017 11:58:10 PM) (Source: Application Error)(User: )
Description: rundll32.exe10.0.15063.0e5f810c5unknown0.0.0.000000000c00000050009264eb2001d373cef8c330e8C:\Windows\SysWOW64\rundll32.exeunknownfbb6f2aa-edd0-46e5-9421-a30309f480c1
Error: (12/12/2017 11:56:45 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifestC:\Program Files (x86)\Audacity\audacity.exe
Error: (12/12/2017 11:56:21 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifestC:\Program Files (x86)\Audacity\audacity.exe
Error: (12/12/2017 11:55:32 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifestC:\Program Files (x86)\Audacity\audacity.exe
Error: (12/12/2017 11:54:43 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifestC:\Program Files (x86)\Audacity\audacity.exe
Error: (12/12/2017 11:54:40 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifestC:\Program Files (x86)\Audacity\audacity.exe

CodeIntegrity Errors:
===================================
  Date: 2017-12-13 12:06:37.002
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-12-13 12:04:41.954
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-12-13 12:03:03.946
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-12-13 12:01:57.139
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-12-13 11:57:14.768
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-12-13 11:56:55.056
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-12-13 11:56:42.242
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-12-13 11:56:42.053
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-12-13 00:05:11.224
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
  Date: 2017-12-13 00:05:11.056
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

=========================== Installed Programs ============================
18 Wheels of Steel: American Long Haul  (HKLM-x32\...\18 Wheels of Steel: American Long Haul) (Version:  - ValuSoft)
757 Jetliner - RNZAF Free Livery (HKLM-x32\...\{9E5E72F5-799A-4A8E-943E-5FB5185C24C0}) (Version: 1.00.0000 - Just Flight Ltd)
A321 Repaint Pack (HKLM-x32\...\A321 Repaint Pack) (Version:  - )
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.009.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 27.0.0.124 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.3.0.256 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.2 - Adobe Systems Incorporated)
Adobe Flash Player 27 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 27.0.0.187 - Adobe Systems Incorporated)
Adobe Flash Player 27 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 27.0.0.130 - Adobe Systems Incorporated)
Adobe Lightroom Classic CC (HKLM-x32\...\LTRM_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2018 (HKLM-x32\...\AME_12_0_0) (Version: 12.0.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2018 (HKLM-x32\...\PHSP_19_0) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 13 (HKLM-x32\...\{E76173BC-DC9A-49C3-9B9F-FD7814FC3308}) (Version: 13.1 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2018 (HKLM-x32\...\PPRO_12_0_0) (Version: 12.0.0 - Adobe Systems Incorporated)
American Truck Simulator (HKLM\...\Steam App 270880) (Version:  - SCS Software)
Apple Application Support (32-bit) (HKLM-x32\...\{F1D83CEA-2855-4224-9935-D981785AA75D}) (Version: 6.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{E2A6344A-45BF-47A0-9AE1-848325E7FD88}) (Version: 6.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BD6778C5-6FA5-492A-ADD6-E706339C2A7B}) (Version: 11.0.2.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
Audacity 2.2.0 (HKLM-x32\...\Audacity_is1) (Version: 2.2.0 - Audacity Team)
Auran Trainz GMAX Gamepack (HKLM-x32\...\{936AE64F-F744-4013-99EF-16B86474D6D7}) (Version:  - )
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.8.2318 - AVAST Software)
Bandicam (HKLM-x32\...\Bandicam) (Version:  - Bandisoft.com)
BeamNG.drive (HKLM-x32\...\Steam App 284160) (Version:  - BeamNG)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BVE (HKLM-x32\...\{BFBF0452-83DE-4678-9F1D-E58AA41265F0}) (Version: 1.0.2.0 - mackoy)
BVE 4 (HKLM-x32\...\{E52382DC-2E7A-439D-8ECE-A27D8B816645}) (Version: 2.1.0 - mackoy)
BVE Uchibo Line (HKLM-x32\...\{DF372CE7-C89F-454C-9D6C-1BCAEFF45FB3}) (Version: 9.0.2.2 - mackoy)
Cars Demo (HKLM-x32\...\{8D361950-BDB3-40CF-B57C-53F9F4E5048A}) (Version: 1.00.0000 - THQ)
ccc-core-static (HKLM-x32\...\{38B2B0F6-0C7F-ECE6-9A61-C546658508F4}) (Version: 2010.1110.1532.27809 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.37 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6499 - CDBurnerXP)
ChrisTrains Jet Train v2.2 (HKCU\...\ChrisTrains Jet Train v2.2) (Version:  - )
Cities: Skylines (HKLM\...\Steam App 255710) (Version:  - Colossal Order Ltd.)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
CPUID CPU-Z 1.80.2 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.80.2 - )
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows 1.31 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dolphin (HKLM-x32\...\Dolphin) (Version: 5.0 - Dolphin Team)
Driver San Francisco (HKLM-x32\...\Steam App 33440) (Version:  - Ubisoft Reflections)
Dropbox (HKLM-x32\...\Dropbox) (Version: 40.4.46 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 5.60.48.35 - Dell Inc.)
DX10 Scenery Fixer (HKLM-x32\...\{F00FF0E9-21AB-4F8F-BD98-D6B3A9E70091}) (Version: 3.2.98.1 - Stevefx)
Euro Truck Simulator 2 (HKLM-x32\...\Steam App 227300) (Version:  - SCS Software)
EVGA Precision XOC (HKLM-x32\...\{8511B82F-7868-4B76-AFF4-18D60CDF67FE}) (Version: 6.1.16 - EVGA Corporation)
Flight Simulator X (HKLM-x32\...\RTMshadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version:  - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version:  - )
FSX Qantas Airbus A380-800 1.0 (HKLM\...\{C615C707-3349-493F-BD41-5E529FE73AC0}) (Version: 1.0 - Fly Away Simulation)
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
gmax (HKLM-x32\...\{3FA7A919-87DA-42B1-814B-86DE8DCA17C2}) (Version: 4.4.0.125 - Discreet)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.84 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
HydraVision (HKLM-x32\...\{B3FE9974-B81C-179C-F054-B8B498FB93CB}) (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{619e726e-d2b4-4e28-9568-c964fd81ee6c}) (Version: 10.1.1.14 - Intel® Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
iTunes (HKLM\...\{BE8F64BA-7E51-4FB8-AE03-04C7200043A2}) (Version: 12.7.2.58 - Apple Inc.)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Junk Mail filter update (HKLM-x32\...\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}) (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause 3 (HKLM\...\Steam App 225540) (Version:  - Avalanche Studios)
Just Flight - 757 Jetliner - American Airlines (New) Livery Pack (HKLM-x32\...\{17F122A7-2F9B-4794-91F8-DF0FB253E74F}) (Version: 1.00.000 - Just Flight)
Just Flight - 757 Jetliner Freemium (HKLM-x32\...\{B0F7B3B5-E856-4558-BD7C-BDA32943C783}) (Version: 1.00.000 - Just Flight)
Kerbal Space Program (HKLM-x32\...\1429864849_is1) (Version: 2.4.0.6 - GOG.com)
Kerbal Space Program Demo (HKLM-x32\...\{ED501254-06B8-4883-B7F3-4799C9EDD288}_is1) (Version: 1.0 Demo - Squad)
KeyShot 6 64 bit (HKLM-x32\...\KeyShot 6_64) (Version: 6.1 64 bit - Luxion ApS)
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
LokProgrammer 4.6.1 (HKLM-x32\...\LokProgrammer4) (Version: 4.6.1 - ESU electronic solutions ulm GmbH & Co. KG)
LokSound Template Pack 1.9 (HKCU\...\LokSoundTemplatePack) (Version: 1.9 - ESU electronic solutions ulm GmbH & Co. KG)
LTspice XVII (HKLM\...\LTspice XVII) (Version:  - Linear Technology Corporation)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Maximum G Force Coasters (HKLM-x32\...\Maximum G Force Coasters) (Version:  - )
Mesh Runtime (HKLM-x32\...\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}) (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Flight (HKLM-x32\...\GFWL_{4D5308D2-DC8E-4658-A37C-351000008100}) (Version: 1.0.0000.129 - Microsoft Studios)
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{A9729B90-D37B-4A69-B66A-7436AC1F7274}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Midtown Madness 2 (HKLM-x32\...\Midtown Madness 2.0) (Version:  - )
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.8625.2139 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM-x32\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Management Objects (HKLM-x32\...\{F5E87B12-3C27-452F-8E78-21D42164FD83}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM-x32\...\{9D6D76A6-4328-49E8-97A7-531A74841DA5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English (HKLM-x32\...\{0C19D563-5F25-4621-BF10-01F741BD283F}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version:  - )
Microsoft Visual C# 2008 Express Edition with SP1 - ENU (HKLM-x32\...\Microsoft Visual C# 2008 Express Edition with SP1 - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140) (HKLM-x32\...\{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140) (Version: 1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu (HKLM\...\{DFB3AD2B-4EE2-3077-BF1D-3CA164BC5336}) (Version: 3.5.30729 - Microsoft Corporation)
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32 (HKLM\...\{F5C819A5-E068-4f7d-B91A-1BD18702AFFB}) (Version: 6.1.5295.17011 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 3.0 (HKLM-x32\...\{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}) (Version: 3.0.11010.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Microsoft XNA Game Studio 3.1 (HKLM-x32\...\XNA Game Studio 3.1) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Game Studio Platform Tools (HKLM-x32\...\{BED4CEEC-863F-4AB3-BA23-541764E2D2CE}) (Version: 1.1.0.0 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Moonbase Alpha (HKLM\...\Steam App 39000) (Version:  - Virtual Heroes)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Multimedia Card Reader (HKLM-x32\...\{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower) Hidden
Multimedia Card Reader (HKLM-x32\...\InstallShield_{41068A8C-3F30-46B6-978A-EA692F28D1AF}) (Version: 1.7.915.93 - Fitipower)
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1599 - Electronic Arts)
Next Car Game Free Technology Demo (HKLM-x32\...\Next Car Game Free Technology Demo) (Version:  - Bugbear Entertainment)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.8 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.97 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NVIDIA PhysX v8.10.29 (HKLM-x32\...\{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}) (Version: 8.10.29 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8625.2139 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
openBVE version 1.5.2.3 (HKLM-x32\...\{D617A45D-C2F6-44D1-A85C-CA7FFA91F7FC}_is1) (Version: 1.5.2.3 - Christopher Lees)
PEVSoft AttachmentMaker (HKLM-x32\...\PEVattachmentmaker) (Version:  - )
PEVSoft PM2IM 2 (HKLM-x32\...\PEVpm2im) (Version:  - PEVSoft)
PEVSoft QuickShadows (HKLM-x32\...\PEVquickshadows) (Version:  - PEVSoft)
PEVSoft Trainz Mesh Viewer 2 (HKLM-x32\...\PEVMesh_Viewer2) (Version:  - )
Q1aUpgrade (HKLM-x32\...\{AAB04084-D284-455F-B093-48F22C60EF3E}) (Version: 1.05.0000 - QS Industries, Inc.)
QuantumUpgrade (HKLM-x32\...\{8A984014-0286-4E5F-9180-4A2472E1D7BE}) (Version: 3.01.0000 - QS Industries, Inc.)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
R62A Version 'Cobra' BETA (HKCU\...\R62A Version 'Cobra' BETA) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Rigs of Rods 0.38.67 (HKLM-x32\...\Rigs of Rods 0.38.67) (Version: 0.38.67 - Rigs of Rods Team)
Run8 Amtrak01 (HKLM-x32\...\Run8 Amtrak01051813) (Version: 051813 - Run8 Studios, Ltd.)
Run8 Autoracks01 AddOn (HKLM-x32\...\Run8 Autoracks01 AddOn030613) (Version: 030613 - Run8 Studios, Ltd.)
Run8 BNSF Needles Sub Route (HKLM-x32\...\Run8 BNSF Needles Sub Route06112013) (Version: 06112013 - Run8 Studios, Ltd.)
Run8 Pigs01 AddOn (HKLM-x32\...\Run8 Pigs01 AddOn031513) (Version: 031513 - Run8 Studios, Ltd.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SmartSound Common Data (HKLM-x32\...\{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.) Hidden
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
Solid Edge ST10 (HKLM\...\{3D4C868F-5CCD-49F9-820C-DA31D714ABF6}) (Version: 110.00.00107 - Siemens)
Solid Edge Standard Parts Machinery Library (HKLM\...\{6289C17D-1E80-471F-AB93-97FFEA1CFF79}) (Version: 110.00.00107 - Siemens)
Solid Edge Standard Parts Piping Library (HKLM\...\{8563A60C-FBD2-499A-97EE-AA4C163CAA59}) (Version: 110.00.00107 - Siemens)
Spintires (HKLM\...\Steam App 263280) (Version:  - Oovee® Game Studios)
Spotify (HKCU\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{C965F01C-76EA-4BD7-973E-46236AE312D7}) (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
SQL Server System CLR Types (HKLM-x32\...\{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}) (Version: 10.0.1600.22 - Microsoft Corporation)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TANE (HKLM-x32\...\TANE_is1) (Version:  - Auran)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.1.4.2 - TeamSpeak Systems GmbH)
Train Simulator (HKLM\...\Steam App 24010) (Version:  - Dovetail Games)
Train Simulator 2013 (HKLM-x32\...\Steam App 24010) (Version:  - RailSimulator.com)
Trainz (HKLM-x32\...\{F03D7004-F232-4B7A-A4A0-4B8FC118C4BD}) (Version: 1.00.000 - )
Trainz Classics 1 & 2 (HKLM-x32\...\Trainz Classics 1 & 2) (Version:  - GameStop)
Trainz Paint Shed (HKLM-x32\...\{6202DCFE-2F03-445C-9885-CB54B062BC0F}) (Version: 1.6 - )
Trainz 'PRR T1 - A Fleet of Modernism' Addon Pack (HKLM-x32\...\AuranTS2009_DLC2_is1) (Version:  - Auran)
Trainz Simulator 2009: World Builder Edition (HKLM-x32\...\AuranTS2009_is1) (Version:  - Auran)
TrainzObjectz 5.0c (HKLM-x32\...\TrainzObjectz_is1) (Version: 5.0c - TaFWeb Software)
TRS2004 (HKLM-x32\...\{BDE1289F-4025-41A5-AD17-101DB4D82CA7}) (Version: 1.00.000 - )
TRS2006 (HKLM-x32\...\{5ED9E38C-9A96-49D8-89B3-92E278003FCF}) (Version: 1.00.000 - )
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Uplay (HKLM-x32\...\Uplay) (Version: 22.0 - Ubisoft)
USAir Flight 1549 - Bird Strike (HKCU\...\USAir Flight 1549 - Bird Strike) (Version:  - )
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{6DA2B636-698A-3294-BF4A-B5E11B238CDD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x64 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{14866AAD-1F23-39AC-A62B-7091ED1ADE64}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177 (HKLM-x32\...\{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}.KB958357) (Version: 9.0.30729.177 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
========================= Devices: ================================

========================= Memory info: ===================================
Percentage of memory in use: 29%
Total physical RAM: 12270.45 MB
Available physical RAM: 8657.31 MB
Total Virtual: 24558.45 MB
Available Virtual: 21314.95 MB
========================= Partitions: =====================================
1 Drive c: (OS) (Fixed) (Total:465.22 GB) (Free:3.85 GB) NTFS
2 Drive d: (HDD) (Fixed) (Total:931.39 GB) (Free:426.35 GB) NTFS
========================= Users: ========================================
User accounts for \\BEN_MARTINS_PC
Administrator            Ben Martin               DefaultAccount          
Guest                   
========================= Minidump Files ==================================
No minidump file found
========================= Restore Points ==================================
12-12-2017 01:15:33 Removed Dell DataSafe Online
**** End of log ****
 
 
 
# AdwCleaner 7.0.5.0 - Logfile created on Wed Dec 13 17:12:39 2017
# Updated on 2017/29/11 by Malwarebytes
# Database: 12-13-2017.2
# Running on Windows 10 Home (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries.
*************************
C:/AdwCleaner/AdwCleaner[C0].txt - [1912 B] - [2017/12/11 20:11:16]
C:/AdwCleaner/AdwCleaner[S0].txt - [1886 B] - [2017/12/11 20:10:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

 

 

 

 

Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 12/13/17
Scan Time: 12:18 PM
Log File: aa9fda42-e029-11e7-ab0c-782bcb9c8c41.json
Administrator: Yes
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3481
License: Trial
-System Information-
OS: Windows 10 (Build 15063.786)
CPU: x64
File System: NTFS
User: Ben_Martins_PC\Ben Martin
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 402434
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 4 min, 33 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)

(end)

 

 

 

 

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
Database version:
  main:    v2017.12.13.06
  rootkit: v2017.10.14.01
Windows 10 x64 NTFS
Internet Explorer 11.786.15063.0
Ben Martin :: BEN_MARTINS_PC [administrator]
12/13/2017 12:25:07 PM
mbar-log-2017-12-13 (12-25-07).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 304205
Time elapsed: 11 minute(s), 30 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)

 

 

 

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.10.3.1001
© Malwarebytes Corporation 2011-2012
OS version: 10.0.9200 Windows 10 x64
Account is Administrative
Internet Explorer version: 11.786.15063.0
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.093000 GHz
Memory total: 12866502656, free: 9879810048
Downloaded database version: v2017.12.13.06
Downloaded database version: v2017.11.28.01
Initializing...
======================
Driver version: 4.3.0.15
------------ Kernel report ------------
     12/13/2017 12:25:02
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\SleepStudyHelper.sys
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\storahci.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\DRIVERS\Lbd.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\drivers\aswVmm.sys
\SystemRoot\system32\drivers\aswRvrt.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\aswbuniva.sys
\SystemRoot\system32\drivers\aswbloga.sys
\SystemRoot\system32\drivers\aswbidsha.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\vmbkmclr.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\system32\DRIVERS\VBoxNetAdp6.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\Windows\system32\drivers\mbae64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\aswbidsdrivera.sys
\SystemRoot\system32\drivers\aswArPot.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\bcmwl664.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\k57nd60a.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\nvvhci.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\system32\drivers\LGBusEnum.sys
\SystemRoot\system32\drivers\LGJoyXlCore.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_storahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\USBSTOR.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\MbamChameleon.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\??\C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\mbamswissarmy.sys
\SystemRoot\system32\DRIVERS\mwac.sys
\SystemRoot\system32\DRIVERS\farflt.sys
\SystemRoot\system32\DRIVERS\mbam.sys
\SystemRoot\System32\drivers\tunnel.sys
\??\C:\Windows\system32\drivers\63729111.sys
----------- End -----------
Done!
Scan started
Database versions:
  main:    v2017.12.13.06
  rootkit: v2017.10.14.01
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffbf8989f8f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffbf8989eaa9f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffbf8989f8f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffbf89891bf060, DeviceName: \Device\00000027\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 4A489969
Partition information:
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition is bootable
    Partition file system is NTFS
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 975639617
    Partition is not bootable
    Partition file system is NTFS
    Partition 2 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 975847424  Numsec = 921600
    Partition is not bootable
    Partition file system is NTFS
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
Disk Size: 500107862016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffbf8989f8e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffbf8989ea99f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffbf8989f8e060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffbf89891bd060, DeviceName: \Device\00000028\, DriverName: \Driver\storahci\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 1BAF944A
GPT Protective MBR Partition information:
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
GPT Partition information:
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2572694198
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid 9c0c6cc9-ec17-4d39-9097-fbbb1568637
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2572694198
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid 9c0c6cc9-ec17-4d39-9097-fbbb1568637
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128
    Partition 0 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 3ffdaff7-7123-42b3-ade3-34dc67c2a8b
    FirstLBA 34  Last LBA 262177
    Attributes 0
    Partition Name         Microsoft reserved partition
    Partition 1 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 53a7b75f-d71a-4bdd-b922-2b26c54bf15
    FirstLBA 264192  Last LBA 1953523711
    Attributes 0
    Partition Name                 Basic data partition
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
Done!
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffbf898c626060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffbf898c62c9f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffbf898c626060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffbf898c63a540, DeviceName: \Device\0000004d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffbf898c666060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffbf898c662040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffbf898c666060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffbf898c630060, DeviceName: \Device\0000004e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffbf898c660060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffbf898c65d9f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffbf898c660060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffbf898c62b700, DeviceName: \Device\0000004f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffbf898c657610, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffbf898c65b040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffbf898c657610, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffbf898c62d060, DeviceName: \Device\00000050\, DriverName: \Driver\USBSTOR\
------------ End ----------
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-206848-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-975847424-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

 

 

 

C:\AdwCleaner\Quarantine\1xVPfvJcrg\ytd_installer.exe a variant of Win32/YTDDownloader.D potentially unwanted application,a variant of Win32/YTDDownloader.A potentially unwanted application 
C:\Users\Ben Martin\AppData\LocalLow\Sun\Java\jre1.7.0_45\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application 
C:\Windows\Installer\4734e.msi a variant of Win32/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.B potentially unwanted application,a variant of Win32/Toolbar.Visicom.C potentially unwanted application 


Edited by ben706, 13 December 2017 - 03:34 PM.


#4 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:05:33 PM

Posted 13 December 2017 - 08:07 PM

G'day Ben,

 

 

Thanks for getting back to me.

 

The scans actually picked up a little more than initially meets the eye.

 

 

For example:

 

C:\AdwCleaner\Quarantine\1xVPfvJcrg\ytd_installer.exe a variant of Win32/YTDDownloader.D potentially unwanted application,a variant of Win32/YTDDownloader.A potentially unwanted application 

 

C:\Users\Ben Martin\AppData\LocalLow\Sun\Java\jre1.7.0_45\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application 

 

C:\Windows\Installer\4734e.msi a variant of Win32/Toolbar.Visicom.A potentially unwanted application,a variant of Win32/Toolbar.Visicom.B potentially unwanted application,a variant of Win32/Toolbar.Visicom.C potentially unwanted application 

 

 

How is your initial problem going now that we've done the cleaning? Has it returned or does it seem to be rectified?

Is it still defaulting to ChromeSearch.Win?

 

 

Also, there is one other pointer in there that I think we should double check.

 

Please go to the link regarding the removal of Web ToolBars and run the section for HitmanPro: HERE

(Note: If HitmanPro finds any threats, please remove them. Ensure you save Log Files

 before and After Cleaning(if any) and post them in your next reply.)

 

 

Thanks Ben!

 

 

Cheers,

 

 

 

 

Kilt.   :thumbup2: 

 

 


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#5 ben706

ben706
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 13 December 2017 - 11:54 PM

After your cleaning process, I checked Chrome, and I still cannot remove “chromesearch.win” as my search engine, remove the spoof homepage, reset my browser, or have Chrome Cleanup Tool run properly and detect my Chrome install. I rebooted and tested again, and then ran RKill and tested again, and the symptoms persisted.

Sorry but I will be away from this computer until January 15, so I will have to wait to run HitmanPro then. Could we resume this at that time?

Thanks

#6 Unworn_Kilt

Unworn_Kilt

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:05:33 PM

Posted 13 December 2017 - 11:59 PM

Sure Ben.

 

Make a note of my Name and Send me a Personal Message.

 

Otherwise, start a fresh topic.

 

Cheers & Merry Christmas.


PLEASE NOTE

 

I am only a Standard Member,  NOT a Trained Malware Removal Expert. If you have ANY concerns regarding any advice I may give, please contact a Member of Staff before making changes.

 

Thanks!

 

 

** Walk Softly and Carry a Big Stick **

 

 

 


#7 ben706

ben706
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 15 January 2018 - 09:54 PM

I am back, thanks for your patience. I have sent a PM to notify you like you asked as well.

 

I have now had a chance to run HitmanPro, which was your latest instruction. It found some things and removed them, but all the symptoms I described earlier still persist. Here are the logs (first is after scan, second is after removal):

 

 

 

HitmanPro 3.7.20.286
www.hitmanpro.com
   Computer name . . . . : BEN_MARTINS_PC
   Windows . . . . . . . : 10.0.0.15063.X64/4
   User name . . . . . . : Ben_Martins_PC\Ben Martin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2018-01-15 21:45:33
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 52s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 3
   Objects scanned . . . : 4,255,781
   Files scanned . . . . : 170,826
   Remnants scanned  . . : 2,006,164 files / 2,078,791 keys
Suspicious files ____________________________________________________________
   C:\Windows\system32\drivers\lpsport.sys
      Size . . . . . . . : 61,304 bytes
      Age  . . . . . . . : 0.0 days (2018-01-15 21:31:15)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : 9743E25EE92F3BCEF9672BFD6B94F4173B156E706120B7F921D737771ACF87A1
      Product
      Publisher
      Description
      Version  . . . . . : 8.0.4624.2183
      Copyright
      RSA Key Size . . . : 2048
      Service  . . . . . : lpsport
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 23.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         Authors name is missing in version info. This is not common to most programs.
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Starts automatically as a service during system bootup.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKLM\SYSTEM\ControlSet001\Services\lpsport\

Cookies _____________________________________________________________________
   C:\Users\Ben Martin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\630P5V38.cookie

 

 

 

 

HitmanPro 3.7.20.286
www.hitmanpro.com
   Computer name . . . . : BEN_MARTINS_PC
   Windows . . . . . . . : 10.0.0.15063.X64/4
   User name . . . . . . : Ben_Martins_PC\Ben Martin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2018-01-15 21:45:33
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 52s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 3
   Objects scanned . . . : 4,255,781
   Files scanned . . . . : 170,826
   Remnants scanned  . . : 2,006,164 files / 2,078,791 keys
Suspicious files ____________________________________________________________
   C:\Windows\system32\drivers\lpsport.sys
      Size . . . . . . . : 61,304 bytes
      Age  . . . . . . . : 0.0 days (2018-01-15 21:31:15)
      Entropy  . . . . . : 6.0
      SHA-256  . . . . . : 9743E25EE92F3BCEF9672BFD6B94F4173B156E706120B7F921D737771ACF87A1
      Product
      Publisher
      Description
      Version  . . . . . : 8.0.4624.2183
      Copyright
      RSA Key Size . . . : 2048
      Service  . . . . . : lpsport
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 23.0
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         Authors name is missing in version info. This is not common to most programs.
         Program starts automatically without user intervention.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Starts automatically as a service during system bootup.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKLM\SYSTEM\ControlSet001\Services\lpsport\

Cookies _____________________________________________________________________
   C:\Users\Ben Martin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\630P5V38.cookie

Edited by ben706, 15 January 2018 - 09:57 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:33 AM

Posted 21 January 2018 - 04:04 PM

Hello, look at your plug ins on Chrome. See if it is there and disable it.

How To Disable Individual Plug-ins in Google Chrome

Also look in the uninstall menu for it.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 ben706

ben706
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 22 January 2018 - 11:11 PM

Hello, look at your plug ins on Chrome. See if it is there and disable it.

How To Disable Individual Plug-ins in Google Chrome

Also look in the uninstall menu for it.

 

If there was any suspicious program in the uninstall menu, I would have deleted it as pretty much my first step. Also, the article you linked to is from 2010 and the instructions don't even work anymore. Typing "about:plugins" into the address bar no longer works. In fact, I don't even think they are called plugins on Chrome anymore - they are extensions. As I described in my first post, an extension called "Chrome Cleaner Pro" adds itself every time I completely uninstall and reinstall Chrome. As I said, I can remove the extension but that does not change any of my symptoms.

 

One thing in the article I was able to try was installing the developer version of Chrome. All this did was install it alongside standard Chrome. The developer version does not have any of the problems I am having in the standard version, but the regular version still does.



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:33 AM

Posted 23 January 2018 - 09:14 AM

Ok, I do not know exactly what you've done. Plug is = extentions =add on o OK.

I will look at the newer method as that has worked till now.
In meantime see if this works

https://community.box.com/t5/How-to-Guides-for-Account/How-To-Disable-Plugins-Add-Ons-Extensions-In-Multiple-Browsers/ta-p/19

Edited by boopme, 23 January 2018 - 09:16 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 sjpritch25

sjpritch25

  • Security Colleague
  • 899 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:03:33 AM

Posted 23 January 2018 - 09:30 AM

 

Hello, look at your plug ins on Chrome. See if it is there and disable it.

How To Disable Individual Plug-ins in Google Chrome

Also look in the uninstall menu for it.

 

If there was any suspicious program in the uninstall menu, I would have deleted it as pretty much my first step. Also, the article you linked to is from 2010 and the instructions don't even work anymore. Typing "about:plugins" into the address bar no longer works. In fact, I don't even think they are called plugins on Chrome anymore - they are extensions. As I described in my first post, an extension called "Chrome Cleaner Pro" adds itself every time I completely uninstall and reinstall Chrome. As I said, I can remove the extension but that does not change any of my symptoms.

 

One thing in the article I was able to try was installing the developer version of Chrome. All this did was install it alongside standard Chrome. The developer version does not have any of the problems I am having in the standard version, but the regular version still does.

 

open chrome and go back into settings, under sync> click on the right facing arrow and you should be in advanced sync options> Click on the sync all toggle to toggle off > click on Extensions toggle to turn off.  Go ahead and reset chrome again and see if that works.   


Microsoft MVP Consumer Security--2007-2010

#12 ben706

ben706
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 23 January 2018 - 03:44 PM

 

 

Hello, look at your plug ins on Chrome. See if it is there and disable it.

How To Disable Individual Plug-ins in Google Chrome

Also look in the uninstall menu for it.

 

If there was any suspicious program in the uninstall menu, I would have deleted it as pretty much my first step. Also, the article you linked to is from 2010 and the instructions don't even work anymore. Typing "about:plugins" into the address bar no longer works. In fact, I don't even think they are called plugins on Chrome anymore - they are extensions. As I described in my first post, an extension called "Chrome Cleaner Pro" adds itself every time I completely uninstall and reinstall Chrome. As I said, I can remove the extension but that does not change any of my symptoms.

 

One thing in the article I was able to try was installing the developer version of Chrome. All this did was install it alongside standard Chrome. The developer version does not have any of the problems I am having in the standard version, but the regular version still does.

 

open chrome and go back into settings, under sync> click on the right facing arrow and you should be in advanced sync options> Click on the sync all toggle to toggle off > click on Extensions toggle to turn off.  Go ahead and reset chrome again and see if that works.   

 

I did this long ago (and said so in my initial post) and it makes no difference. Chrome still will not reset itself and all symptoms persist.


Edited by ben706, 23 January 2018 - 03:50 PM.


#13 ben706

ben706
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 23 January 2018 - 03:49 PM

Ok, I do not know exactly what you've done. Plug is = extentions =add on o OK.

I will look at the newer method as that has worked till now.
In meantime see if this works

https://community.box.com/t5/How-to-Guides-for-Account/How-To-Disable-Plugins-Add-Ons-Extensions-In-Multiple-Browsers/ta-p/19

 

"Plug is = extentions =add on o OK."

 

Huh?  :huh: 

 

Anyway, that guide says literally the same exact thing as the last one except it instructs to type in "chrome://plugins/" instead of "about:plugins". Either way I don't think that settings page exists anymore, as Chrome says "ERR_INVALID_URL" for both.



#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:33 AM

Posted 23 January 2018 - 04:54 PM

Sorry about the typos.. Plug ins, extentions, Add ons

Have you tried reinstalling Chrome
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 ben706

ben706
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:33 AM

Posted 23 January 2018 - 05:19 PM

Sorry about the typos.. Plug ins, extentions, Add ons

Have you tried reinstalling Chrome

 

Seriously? Reread the title of this thread as well as my first post. Don't get me wrong, I appreciate the help, but come on.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users