Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Autorun errors and Webpage unavailable while offline Error when restarting


  • Please log in to reply
11 replies to this topic

#1 langielearn

langielearn

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 27 December 2016 - 06:08 PM

I am using Windows Vista. I am not sure exactly when the problem started happening since I chose to ignore the problems since they were not too too bothersome. It was months ago when the major problems started happening that I kind of fixed my self or at least I thought I did.

 

The first thing I noticed was when I restarted my computer I would get multiple windows errors saying something failed to autorun from my appdata\local folder. I think it also mentioned registry errors but I am not 100% sure about that. I often delete files that I think I do not need so at that time I thought I just deleted something that was causing errors when I started my computer but after that things ran okay. 

 

Then I started getting "Webpage unavailable while offline" The webpage you requested is not available offline. To view this page, click Connect. with also an option to stay offline. This error would come up constantly sometimes instantly after I pressed the X it would come up again so I would just drag it to the bottom right of my screen.

 

Eventually I started attempting to fix the problem and realized I could not delete the files causing the problems. I used spybot ccleaner, rkill.exe, Malwarebytes Anti-Malware and eventually also tried stuff in safe mode I deleted them though but when I restarted they would just come back. Then I blamed the ZenMate chrome extension since I am not sure how it works but I think anyone who has it becomes a proxy for people to connect to the internet through you. I googled about that and honestly I did not find too much justification for my theory but anyway I uninstalled chrome and finally with some scanning, safe mode stuff eventually I was able to restart without any problems. The programs also no longer instantly showed back up. Thinking things were better I reinstalled chrome but it did not start fresh since I guess it saved my plugins or something and soon after that I noticed those autorun files were back in that folder except they no longer caused errors when I started my computer.

 

Now when I restart my computer I get the webpage unavailable while offline error message once and then nothing else seems to be wrong. So I just stayed living like this for months until yesterday when I checked my processes and seen a rdpclip.exe process which is one of those autorun programs. It hardly shows up though which is why I never seen it until now. I browse the internet with the addons noscript and adblocker and am pretty selective with which sites I visit. Usually when I use anti malware programs it just finds cookies but I have not used any since I thought I got rid of the rdclip.exe months ago. 

 

Some other suspicious things / more details I have found are..

 

1. In my windows\task folder I have a file called SCHEDLGU.TXT which I can not delete. The text file is filled with logs about starting / stopping a thing called longhorn_rtm.080118-1840, from googling a post on the spybot forums says that SCHEDLGU.TXT  has to do with the windows task schedular but googling longhorn_rtm.080118-1840 gets some results about trojans, rootkits, and other things.

 

2. In my msconfig I have a few strange things in the startup but they are disabled. AppData\Local\Ewstion\rdpclip.exe which I think is my problem and another one called LocalSettings\Apps\F.lux which I am not sure about.

 

3. I just went in my appdata\local folder and there is another folder I thought I got rid of there called Amworks with 2 dlls and a txt file in it. Then the Ewstion folder from msconfig which has a two dlls, a txt, and a exe file called rdclip. I can not delete both of the folders since I guess they are running. Googling the folder names does not bring up anything so it could be just random names used for the folders..

 

4. I am not sure if this has to do with anything but for a long time I have been having a strange problem. I can easily replicate the problem by going to ctrl+alt+delete -> start task manager -> end process on explorer.exe -> file new task run explorer.exe then something very noticeable happens. The thing is this happens to me pretty often when I am not ending its process. I guess that means my explorer.exe is corrupted or something or maybe my ram is failing because honestly it is pretty old. 

 

5. In my windows\temp folder there was a picture of a naked family guy picture which is weird since I do not visit any sites that have that.  Although this might be nothing since I think I read adblocker still downloads the ads on pages you visit. So maybe one of the few sites I visit has ads like that? I really do not visit too many sites so I do not think any of them would have that though. The thing that makes me think it might be connected to my Webpage unavailable while offline problem is because I remember that exact picture from months ago when I thought I got rid of this problem. It is very memorable since it has a bright green background. My theory without any evidence other than this picture is that my internet is visiting some hack site without me knowing. 

 

6. I just googled rdclip.exe and it says rdpclip.exe is the main executable for File Copy. It is provides function for Terminal Services server that allows you to copy and paste between server and client. I am not exactly sure what that means but I do use the terminal / command prompt / git bash every once in a while for github and things like that. I don't think I am using something that would have a server though.

 

7. Today when I turned on my computer I had another message a long with the webpage unavailable while offline popup. 

Windows PowerShell has stopped working -  Windows can check online for a solution to the problem then I closed it and a little yellow window thing from the bottom right taskbar icons made another popup about windows powershell. It closed by itself though so I could not read everything but it started with this. Windows PowerShell - To help protect your computer data execution....


Edited by langielearn, 28 December 2016 - 09:25 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:27 AM

Posted 03 January 2017 - 03:16 PM

Hi, this is usually several infections. Let's try getting them.

3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.
>>>

51a46ae42d560-malwarebytes_anti_malware.Malwarebytes Anti-Malware
  • Download MalwareBytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.exe to start the installation of Malwarebytes Anti-Malware.
  • Follow the instructions on your screen to complete the installation. You can find the complete installation procedure here.
  • Click the Scan Now button, a threat scan will start automatically.
  • MalwareBytes Anti-Malware will now check for the latest updates. Click Update Now if new updates are available.
  • Your computer is now being scanned, please do not use your computer during the scan.
    • If no threats were found, click View detailed log.
      • Click Export and save the log as a .txt file on your Desktop or another location.
    • If the scan detected any threats, click Apply Actions.
      • To complete any actions taken you will be prompted to restart your computer...click on Yes.
      • After reboot, start Malwarebytes Anti-Malware again and click the History Tab at the top and select Application Logs.
      • Check the box next to Scan Log. Choose the most current scan and click View.
      • Click Export and save the log as a .txt file on your Desktop or another location.
  • Providing the MalwareBytes' Anti-Malware log file
    • Attach the log file you just saved to your next reply for further review.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 langielearn

langielearn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 03 January 2017 - 10:48 PM

I forgot to mention about a year ago sometimes .exe files I downloaded would require me to right click -> properties -> unblock to let me install them. Not sure if that is something worth mentioning or not..
 
Also I skimmed through the mini toolbox log and seen a lot of errors about HDragMatch.exe and hxScout.exe. Yesterday I was trying to use hxScout to profile the performance of my game HDragMatch but it kept crashing since hxScout is pretty buggy.
 
The malware bytes link to me to an installerl for 3.0 instead of 2.0 so I am not sure which I should use. I installed the 3.0 and pressed scan now but the scan finishes in just a few seconds so I am not sure if that is correct since  the eset online scanner one took 4 hours or something.
 
Mini Tool Box Log
MiniToolBox by Farbar  Version: 17-06-2016
Ran by Pow (administrator) on 03-01-2017 at 15:40:50
Running from "C:\Users\Pow\Desktop"
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X64)
Model: P35-DS3L Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.type", 0
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
127.0.0.1       localhost
========================= IP Configuration: ================================
 
Realtek PCIe GBE Family Controller = Local Area Connection (Connected)
VirtualBox Host-Only Ethernet Adapter = VirtualBox Host-Only Network (Connected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled taskoffload=disabled
add address name="VirtualBox Host-Only Network" address=192.168.56.1
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : Pow-PC
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net
 
Ethernet adapter Local Area Connection:
 
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 00-1D-7D-E8-FE-2A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:30a:2c87:fc50::43(Preferred) 
   Lease Obtained. . . . . . . . . . : Tuesday, January 03, 2017 2:15:57 PM
   Lease Expires . . . . . . . . . . : Thursday, February 02, 2017 2:15:57 PM
   IPv6 Address. . . . . . . . . . . : 2602:30a:2c87:fc50:b19a:22b7:676e:7c00(Preferred) 
   Temporary IPv6 Address. . . . . . : 2602:30a:2c87:fc50:e1b1:3c1d:b890:be14(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::b19a:22b7:676e:7c00%9(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, January 03, 2017 10:50:03 AM
   Lease Expires . . . . . . . . . . : Wednesday, January 04, 2017 2:15:42 PM
   Default Gateway . . . . . . . . . : fe80::3e36:e4ff:fe75:ef90%9
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 234888573
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-80-08-31-00-1D-7D-E8-FE-2A
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter VirtualBox Host-Only Network:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 0A-00-27-00-00-00
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::395e:4cce:14c2:c69%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 
   DHCPv6 IAID . . . . . . . . . . . : 235536423
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-80-08-31-00-1D-7D-E8-FE-2A
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Local Area Connection* 7:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
Name:    google.com
Addresses:  2607:f8b0:4000:803::200e
 216.58.194.78
 
 
 
Pinging google.com [2607:f8b0:4003:c19::8a] from 2602:30a:2c87:fc50:e1b1:3c1d:b890:be14 with 32 bytes of data:
 
Reply from 2607:f8b0:4003:c19::8a: time=100ms 
 
Reply from 2607:f8b0:4003:c19::8a: time=62ms 
 
 
 
Ping statistics for 2607:f8b0:4003:c19::8a:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 62ms, Maximum = 100ms, Average = 81ms
 
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
Name:    yahoo.com
Addresses:  2001:4998:44:204::a7
 2001:4998:58:c02::a9
 2001:4998:c:a06::2:4008
 98.139.183.24
 98.138.253.109
 206.190.36.45
 
 
 
Pinging yahoo.com [2001:4998:44:204::a7] from 2602:30a:2c87:fc50:e1b1:3c1d:b890:be14 with 32 bytes of data:
 
Reply from 2001:4998:44:204::a7: time=90ms 
 
Reply from 2001:4998:44:204::a7: time=93ms 
 
 
 
Ping statistics for 2001:4998:44:204::a7:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 90ms, Maximum = 93ms, Average = 91ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
  9 ...00 1d 7d e8 fe 2a ...... Realtek PCIe GBE Family Controller
 11 ...0a 00 27 00 00 00 ...... VirtualBox Host-Only Ethernet Adapter
  1 ........................... Software Loopback Interface 1
 10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.102     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.102    266
    192.168.1.102  255.255.255.255         On-link     192.168.1.102    266
    192.168.1.255  255.255.255.255         On-link     192.168.1.102    266
     192.168.56.0    255.255.255.0         On-link      192.168.56.1    266
     192.168.56.1  255.255.255.255         On-link      192.168.56.1    266
   192.168.56.255  255.255.255.255         On-link      192.168.56.1    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.56.1    266
        224.0.0.0        240.0.0.0         On-link     192.168.1.102    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.56.1    266
  255.255.255.255  255.255.255.255         On-link     192.168.1.102    266
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  9    266 ::/0                     fe80::3e36:e4ff:fe75:ef90
  1    306 ::1/128                  On-link
  9     26 2602:30a:2c87:fc50::/60  fe80::3e36:e4ff:fe75:ef90
  9     18 2602:30a:2c87:fc50::/64  On-link
  9    266 2602:30a:2c87:fc50::43/128
                                    On-link
  9    266 2602:30a:2c87:fc50:b19a:22b7:676e:7c00/128
                                    On-link
  9    266 2602:30a:2c87:fc50:e1b1:3c1d:b890:be14/128
                                    On-link
 11    266 fe80::/64                On-link
  9    266 fe80::/64                On-link
 11    266 fe80::395e:4cce:14c2:c69/128
                                    On-link
  9    266 fe80::b19a:22b7:676e:7c00/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    266 ff00::/8                 On-link
  9    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (01/03/2017 03:37:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
Error: (01/03/2017 03:37:49 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.
 
Error: (01/02/2017 06:13:37 PM) (Source: Application Error) (User: )
Description: Faulting application hxScout.exe, version 0.0.0.0, time stamp 0x5615fd99, faulting module hxScout.exe, version 0.0.0.0, time stamp 0x5615fd99, exception code 0xc0000005, fault offset 0x00153293,
process id 0x10b0, application start time 0xhxScout.exe0.
 
Error: (01/02/2017 06:13:26 PM) (Source: Application Error) (User: )
Description: Faulting application hxScout.exe, version 0.0.0.0, time stamp 0x5615fd99, faulting module hxScout.exe, version 0.0.0.0, time stamp 0x5615fd99, exception code 0xc0000005, fault offset 0x00153293,
process id 0x1aac, application start time 0xhxScout.exe0.
 
Error: (01/02/2017 05:41:10 PM) (Source: Application Error) (User: )
Description: Faulting application HDragMatch.exe, version 0.0.0.0, time stamp 0x586ae506, faulting module HDragMatch.exe, version 0.0.0.0, time stamp 0x586ae506, exception code 0xc0000005, fault offset 0x0086af6b,
process id 0x146c, application start time 0xHDragMatch.exe0.
 
Error: (01/02/2017 05:36:51 PM) (Source: Application Error) (User: )
Description: Faulting application HDragMatch.exe, version 0.0.0.0, time stamp 0x586ae36c, faulting module HDragMatch.exe, version 0.0.0.0, time stamp 0x586ae36c, exception code 0xc0000005, fault offset 0x00423e44,
process id 0x9cc, application start time 0xHDragMatch.exe0.
 
Error: (01/02/2017 05:35:54 PM) (Source: Application Error) (User: )
Description: Faulting application hxScout.exe, version 0.0.0.0, time stamp 0x5615fd99, faulting module hxScout.exe, version 0.0.0.0, time stamp 0x5615fd99, exception code 0xc0000005, fault offset 0x001281a8,
process id 0xd50, application start time 0xhxScout.exe0.
 
Error: (01/02/2017 05:35:31 PM) (Source: Application Error) (User: )
Description: Faulting application hxScout.exe, version 0.0.0.0, time stamp 0x5615fd99, faulting module hxScout.exe, version 0.0.0.0, time stamp 0x5615fd99, exception code 0xc0000005, fault offset 0x00153293,
process id 0x182c, application start time 0xhxScout.exe0.
 
Error: (01/02/2017 05:35:08 PM) (Source: Application Error) (User: )
Description: Faulting application HDragMatch.exe, version 0.0.0.0, time stamp 0x586ae36c, faulting module HDragMatch.exe, version 0.0.0.0, time stamp 0x586ae36c, exception code 0xc0000005, fault offset 0x00423e44,
process id 0x1210, application start time 0xHDragMatch.exe0.
 
Error: (01/02/2017 05:35:03 PM) (Source: Application Error) (User: )
Description: Faulting application HDragMatch.exe, version 0.0.0.0, time stamp 0x586ae36c, faulting module HDragMatch.exe, version 0.0.0.0, time stamp 0x586ae36c, exception code 0xc0000005, fault offset 0x00423e44,
process id 0x1668, application start time 0xHDragMatch.exe0.
 
 
System errors:
=============
Error: (01/03/2017 10:51:43 AM) (Source: Service Control Manager) (User: )
Description: Windows Media Player Network Sharing ServiceUPnP Device Host%%1068 = The dependency service or group failed to start.
 
 
Error: (01/03/2017 10:51:43 AM) (Source: Service Control Manager) (User: )
Description: UPnP Device HostSSDP Discovery%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Error: (01/03/2017 10:51:43 AM) (Source: Service Control Manager) (User: )
Description: SQL Server (SQLEXPRESS)%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (01/03/2017 10:51:43 AM) (Source: Service Control Manager) (User: )
Description: 30000SQL Server (SQLEXPRESS)
 
Error: (01/03/2017 10:49:52 AM) (Source: volmgr) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.
 
Error: (01/03/2017 10:49:46 AM) (Source: volmgr) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.
 
Error: (01/03/2017 08:30:45 AM) (Source: Service Control Manager) (User: )
Description: Windows Media Player Network Sharing ServiceUPnP Device Host%%1068 = The dependency service or group failed to start.
 
 
Error: (01/03/2017 08:30:45 AM) (Source: Service Control Manager) (User: )
Description: UPnP Device HostSSDP Discovery%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
 
Error: (01/03/2017 08:28:57 AM) (Source: volmgr) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.
 
Error: (01/03/2017 08:28:50 AM) (Source: volmgr) (User: )
Description: Configuring the Page file for crash dump failed. Make sure there is a page
file on the boot partition and that is large enough to contain all physical
memory.
 
 
Microsoft Office Sessions:
=========================
Error: (01/03/2017 03:37:56 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Pow\Desktop\esetsmartinstaller_enu.exe
 
Error: (01/03/2017 03:37:49 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Users\Pow\Desktop\OldScripts\koreanGame\esetsmartinstaller_enu.exe
 
Error: (01/02/2017 06:13:37 PM) (Source: Application Error)(User: )
Description: hxScout.exe0.0.0.05615fd99hxScout.exe0.0.0.05615fd99c00000050015329310b001d26556360e91df
 
Error: (01/02/2017 06:13:26 PM) (Source: Application Error)(User: )
Description: hxScout.exe0.0.0.05615fd99hxScout.exe0.0.0.05615fd99c0000005001532931aac01d265562f8a920f
 
Error: (01/02/2017 05:41:10 PM) (Source: Application Error)(User: )
Description: HDragMatch.exe0.0.0.0586ae506HDragMatch.exe0.0.0.0586ae506c00000050086af6b146c01d26551b0039daf
 
Error: (01/02/2017 05:36:51 PM) (Source: Application Error)(User: )
Description: HDragMatch.exe0.0.0.0586ae36cHDragMatch.exe0.0.0.0586ae36cc000000500423e449cc01d265511700715f
 
Error: (01/02/2017 05:35:54 PM) (Source: Application Error)(User: )
Description: hxScout.exe0.0.0.05615fd99hxScout.exe0.0.0.05615fd99c0000005001281a8d5001d26550eb72c8df
 
Error: (01/02/2017 05:35:31 PM) (Source: Application Error)(User: )
Description: hxScout.exe0.0.0.05615fd99hxScout.exe0.0.0.05615fd99c000000500153293182c01d26550e2f2a31f
 
Error: (01/02/2017 05:35:08 PM) (Source: Application Error)(User: )
Description: HDragMatch.exe0.0.0.0586ae36cHDragMatch.exe0.0.0.0586ae36cc000000500423e44121001d26550d99df71f
 
Error: (01/02/2017 05:35:03 PM) (Source: Application Error)(User: )
Description: HDragMatch.exe0.0.0.0586ae36cHDragMatch.exe0.0.0.0586ae36cc000000500423e44166801d26550d6fe1eef
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-09-29 11:54:34.953
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-29 11:54:34.906
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-29 11:54:34.860
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-29 11:54:34.813
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-26 17:47:07.648
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-26 17:47:07.601
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-26 17:47:07.492
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-26 17:47:07.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-26 17:47:07.351
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-09-26 17:47:07.319
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
µTorrent (HKCU-x32\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
9th Dawn II (HKLM\...\OXRoZGF3bmlp_is1) (Version: 1 - )
9th Dawn II (HKLM-x32\...\OXRoZGF3bmlp_is1) (Version: 1 - )
Aegisub 3.2.1 (HKLM\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.1 - Aegisub Team)
Aegisub 3.2.1 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.1 - Aegisub Team)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Skybox Labs)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version:  - Skybox Labs)
AMD Catalyst Install Manager (HKLM\...\{9248FA70-BD64-2FD1-CD23-448112E7ACE9}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Catalyst Install Manager (HKLM-x32\...\{9248FA70-BD64-2FD1-CD23-448112E7ACE9}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AutoHotkey 1.1.21.03 (HKLM\...\AutoHotkey) (Version: 1.1.21.03 - Lexikos)
AutoHotkey 1.1.21.03 (HKLM-x32\...\AutoHotkey) (Version: 1.1.21.03 - Lexikos)
ccc-utility64 (HKLM-x32\...\{F1852B54-4D59-8A8E-8F51-4691163E3A2B}) (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CCleaner (HKLM-x32\...\CCleaner) (Version: 4.10 - Piriform)
CMake (HKLM\...\{BA10F212-1E9B-4AA8-AB12-261E77DFD900}) (Version: 3.6.1 - Kitware)
CMake (HKLM-x32\...\{BA10F212-1E9B-4AA8-AB12-261E77DFD900}) (Version: 3.6.1 - Kitware)
Dark Souls: Prepare to Die Edition (HKLM\...\Steam App 211420) (Version:  - FromSoftware)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Defraggler (HKLM\...\Defraggler) (Version: 2.10 - Piriform)
Defraggler (HKLM-x32\...\Defraggler) (Version: 2.10 - Piriform)
Discord (HKCU\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Discord (HKCU-x32\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dogecoin Core (32-bit) (HKCU\...\Dogecoin Core (32-bit)) (Version: 1.8.1 - Dogecoin project)
Dogecoin Core (32-bit) (HKCU-x32\...\Dogecoin Core (32-bit)) (Version: 1.8.1 - Dogecoin project)
Dropbox (HKCU\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
Dropbox (HKCU-x32\...\Dropbox) (Version: 16.4.30 - Dropbox, Inc.)
EVE Online (HKCU\...\{1583d763-55b0-4989-8591-2e60df5aa0c2}) (Version: 1.0.0 - CCP)
EVE Online (HKCU-x32\...\{1583d763-55b0-4989-8591-2e60df5aa0c2}) (Version: 1.0.0 - CCP)
Evernus (HKCU\...\{3fbdb1c9-549f-4e2e-8dc2-0cbe5e0f9b48}) (Version: 1.42 - Evernus)
Evernus (HKCU-x32\...\{3fbdb1c9-549f-4e2e-8dc2-0cbe5e0f9b48}) (Version: 1.42 - Evernus)
Everything 1.3.4.686 (x64) (HKLM\...\Everything) (Version:  - )
Everything 1.3.4.686 (x64) (HKLM-x32\...\Everything) (Version:  - )
GameMaker-Studio 1.4 (HKCU\...\GameMaker-Studio14) (Version:  - YoYo Games Ltd.)
GameMaker-Studio 1.4 (HKCU-x32\...\GameMaker-Studio14) (Version:  - YoYo Games Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GIMP 2.8.14 (HKLM-x32\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Git version 2.9.2 (HKLM\...\Git_is1) (Version: 2.9.2 - The Git Development Community)
Git version 2.9.2 (HKLM-x32\...\Git_is1) (Version: 2.9.2 - The Git Development Community)
GitHub (HKCU\...\5f7eb300e2ea4ebf) (Version: 3.1.1.4 - GitHub, Inc.)
GitHub (HKCU-x32\...\5f7eb300e2ea4ebf) (Version: 3.1.1.4 - GitHub, Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.240 - SurfRight B.V.)
HitmanPro 3.7 (HKLM-x32\...\HitmanPro37) (Version: 3.7.9.240 - SurfRight B.V.)
ImageMagick 6.9.0-3 Q16 (64-bit) (2015-02-15) (HKLM\...\ImageMagick 6.9.0 Q16 (64-bit)_is1) (Version: 6.9.0 - ImageMagick Studio LLC)
ImageMagick 6.9.0-3 Q16 (64-bit) (2015-02-15) (HKLM-x32\...\ImageMagick 6.9.0 Q16 (64-bit)_is1) (Version: 6.9.0 - ImageMagick Studio LLC)
ImDisk Virtual Disk Driver (HKLM\...\ImDisk) (Version: 1.* - )
ImDisk Virtual Disk Driver (HKLM-x32\...\ImDisk) (Version: 1.* - )
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Inkscape 0.91 (HKLM-x32\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Java 7 Update 79 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java 7 Update 79 (64-bit) (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F06417079FF}) (Version: 7.0.790 - Oracle)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java SE Development Kit 7 Update 79 (64-bit) (HKLM-x32\...\{64A3A4F4-B792-11D6-A78A-00B0D0170790}) (Version: 1.7.0.790 - Oracle)
Java™ 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045FF}) (Version: 6.0.450 - Oracle)
Java™ 6 Update 45 (64-bit) (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F86416045FF}) (Version: 6.0.450 - Oracle)
Java™ SE Development Kit 6 Update 38 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0160380}) (Version: 1.6.0.380 - Oracle)
Java™ SE Development Kit 6 Update 38 (64-bit) (HKLM-x32\...\{64A3A4F4-B792-11D6-A78A-00B0D0160380}) (Version: 1.6.0.380 - Oracle)
KeeperRL (HKLM\...\Steam App 329970) (Version:  - Michal Brzozowski)
KeeperRL (HKLM-x32\...\Steam App 329970) (Version:  - Michal Brzozowski)
King's Bounty: The Legend (HKLM\...\Steam App 25900) (Version:  - 1C Company)
King's Bounty: The Legend (HKLM-x32\...\Steam App 25900) (Version:  - 1C Company)
Lord of Dwarves (HKLM\...\Steam App 477900) (Version:  - Stellar Sage Games)
Lord of Dwarves (HKLM-x32\...\Steam App 477900) (Version:  - Stellar Sage Games)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM-x32\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM-x32\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{79A2C6E8-C727-4D12-B4B3-19790C181DEA}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM-x32\...\{79A2C6E8-C727-4D12-B4B3-19790C181DEA}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{C3525BF7-3698-4CD3-A8C3-69BD6F57BA3B}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{C3525BF7-3698-4CD3-A8C3-69BD6F57BA3B}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM-x32\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM-x32\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM-x32\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM-x32\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM-x32\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM-x32\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM-x32\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM-x32\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM-x32\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
NetWorx 5.3.4 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
NetWorx 5.3.4 (HKLM-x32\...\NetWorx_is1) (Version:  - Softperfect Research)
Nuclear Throne (HKLM\...\Steam App 242680) (Version:  - Vlambeer)
Nuclear Throne (HKLM-x32\...\Steam App 242680) (Version:  - Vlambeer)
NVIDIA 3D Vision Controller Driver 326.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA 3D Vision Controller Driver 326.01 (HKLM-x32\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 326.01 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.23 (HKLM-x32\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM-x32\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
Ogmo Editor (HKCU\...\6d90049a416737ce) (Version: 2.1.0.6 - Ogmo Editor)
Ogmo Editor (HKCU-x32\...\6d90049a416737ce) (Version: 2.1.0.6 - Ogmo Editor)
Oracle VM VirtualBox 5.0.14 (HKLM\...\{82022940-639B-48A3-86D9-B139864105F7}) (Version: 5.0.14 - Oracle Corporation)
Oracle VM VirtualBox 5.0.14 (HKLM-x32\...\{82022940-639B-48A3-86D9-B139864105F7}) (Version: 5.0.14 - Oracle Corporation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Paint.NET v3.5.10 (HKLM-x32\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
Patrician III (HKLM\...\Steam App 33570) (Version:  - Ascaron Entertainment ltd.)
Patrician III (HKLM-x32\...\Steam App 33570) (Version:  - Ascaron Entertainment ltd.)
ProxyGate version 3.0.0.1176 (HKCU\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1176 - Gold Click Ltd)
ProxyGate version 3.0.0.1176 (HKCU-x32\...\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1) (Version: 3.0.0.1176 - Gold Click Ltd)
Python 2.7.12 (64-bit) (HKLM\...\{9DA28CE5-0AA5-429E-86D8-686ED898C666}) (Version: 2.7.12150 - Python Software Foundation)
Python 2.7.12 (64-bit) (HKLM-x32\...\{9DA28CE5-0AA5-429E-86D8-686ED898C666}) (Version: 2.7.12150 - Python Software Foundation)
Python 3.5.1 (32-bit) (HKCU\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)
Python 3.5.1 (32-bit) (HKCU-x32\...\{c39d559b-aa83-4476-ba20-988a35a1199a}) (Version: 3.5.1150.0 - Python Software Foundation)
Realm of the Mad God (HKLM\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realm of the Mad God (HKLM-x32\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Recuva (HKLM\...\Recuva) (Version: 1.40 - Piriform)
Recuva (HKLM-x32\...\Recuva) (Version: 1.40 - Piriform)
Revo Uninstaller Pro 3.1.6 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Revo Uninstaller Pro 3.1.6 (HKLM-x32\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.6 - VS Revo Group, Ltd.)
Risk of Rain (HKLM\...\Steam App 248820) (Version:  - Hopoo Games, LLC)
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - Hopoo Games, LLC)
Robocraft version 0.3.290 (HKCU\...\{9F101691-69D3-422E-BB5C-8CAD7110781B}_is1) (Version: 0.3.290 - Freejam)
Robocraft version 0.3.290 (HKCU-x32\...\{9F101691-69D3-422E-BB5C-8CAD7110781B}_is1) (Version: 0.3.290 - Freejam)
Ruby 2.2.4-p230-x64 (HKCU\...\{A98E44F8-6401-400F-830E-B1A2919C22BD}_is1) (Version: 2.2.4-p230 - RubyInstaller Team)
Ruby 2.2.4-p230-x64 (HKCU-x32\...\{A98E44F8-6401-400F-830E-B1A2919C22BD}_is1) (Version: 2.2.4-p230 - RubyInstaller Team)
Rust 1.13 (MSVC 64-bit) (HKLM\...\{092C233A-EFE7-4A1D-9257-224778027C7D}) (Version: 1.13.0.6156 - The Rust Project Developers)
Rust 1.13 (MSVC 64-bit) (HKLM-x32\...\{092C233A-EFE7-4A1D-9257-224778027C7D}) (Version: 1.13.0.6156 - The Rust Project Developers)
Rust 1.5 (64-bit) (HKLM\...\{1B84390F-4FDD-4B42-93BD-20ABDE16B952}) (Version: 1.5.0.5817 - Mozilla Foundation)
Rust 1.5 (64-bit) (HKLM-x32\...\{1B84390F-4FDD-4B42-93BD-20ABDE16B952}) (Version: 1.5.0.5817 - Mozilla Foundation)
Salt and Sanctuary (HKLM\...\Steam App 283640) (Version:  - Ska Studios)
Salt and Sanctuary (HKLM-x32\...\Steam App 283640) (Version:  - Ska Studios)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (64-bit) (HKLM-x32\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
Speccy (HKLM-x32\...\Speccy) (Version: 1.28 - Piriform)
SQL Server 2008 R2 SP2 Common Files (HKLM\...\{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Common Files (HKLM\...\{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Common Files (HKLM-x32\...\{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Common Files (HKLM-x32\...\{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (HKLM\...\{FA7394B8-CE65-4F9E-AC99-F372AD365424}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (HKLM\...\{FBD367D1-642F-47CF-B79B-9BE48FB34007}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (HKLM-x32\...\{FA7394B8-CE65-4F9E-AC99-F372AD365424}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (HKLM-x32\...\{FBD367D1-642F-47CF-B79B-9BE48FB34007}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (HKLM\...\{A2122A9C-A699-4365-ADF8-68FEAC125D61}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (HKLM\...\{C942A025-A840-4BF2-8987-849C0DD44574}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (HKLM-x32\...\{A2122A9C-A699-4365-ADF8-68FEAC125D61}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (HKLM-x32\...\{C942A025-A840-4BF2-8987-849C0DD44574}) (Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM\...\{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (HKLM-x32\...\{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}) (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Sublime Text Build 3114 (HKLM\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
Sublime Text Build 3114 (HKLM-x32\...\Sublime Text 3_is1) (Version:  - Sublime HQ Pty Ltd)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1128 - SUPERAntiSpyware.com)
SUPERAntiSpyware (HKLM-x32\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1128 - SUPERAntiSpyware.com)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Witcher: Enhanced Edition (HKLM\...\Steam App 20900) (Version:  - CD PROJEKT RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD PROJEKT RED)
Tiled (HKLM\...\{372625FD-5A01-4302-9DB1-6898D9946BF5}) (Version: 0.17.0 - mapeditor.org)
Tiled (HKLM-x32\...\{372625FD-5A01-4302-9DB1-6898D9946BF5}) (Version: 0.17.0 - mapeditor.org)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unity Web Player (HKCU-x32\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU-x32\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinRAR 4.01 (64-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
 
========================= Memory info: ===================================
 
Percentage of memory in use: 23%
Total physical RAM: 6141.58 MB
Available physical RAM: 4693.99 MB
Total Virtual: 12209.62 MB
Available Virtual: 10358.12 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:298.09 GB) (Free:28.31 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\POW-PC
 
Administrator            Guest                    Pow                      
 
 
**** End of log ****
 
 
AdwCleaner Log
# AdwCleaner v6.041 - Logfile created 03/01/2017 at 15:53:54
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-03.1 [Local]
# Operating System : Windows ™ Vista Home Basic Service Pack 2 (X64)
# Username : Pow - POW-PC
# Running from : C:\Users\Pow\Desktop\AdwCleaner.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\ProgramData\SecTaskMan
Folder Found:  C:\ProgramData\Application Data\SecTaskMan
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found:  HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
Key Found:  [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
Key Found:  HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
Key Found:  HKU\.DEFAULT\Software\INSTALLPATH\STATUS
Key Found:  HKU\.DEFAULT\Software\Auslogics
Key Found:  HKU\S-1-5-21-270619904-830403761-2816806085-1000\Software\Auslogics
Key Found:  HKU\S-1-5-21-270619904-830403761-2816806085-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
Key Found:  HKU\S-1-5-21-270619904-830403761-2816806085-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
Key Found:  HKU\S-1-5-18\Software\INSTALLPATH\STATUS
Key Found:  HKU\S-1-5-18\Software\Auslogics
Key Found:  HKCU\Software\Auslogics
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
Key Found:  [x64] HKCU\Software\Auslogics
Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
Key Found:  [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
Value Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Codec Settings UAC Manager]
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\FixMyRegistry
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [2855 Bytes] - [03/01/2017 15:53:54]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2928 Bytes] ##########
 
JRT Log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows ™ Vista Home Basic x64 
Ran by Pow (Administrator) on 01/03/2017 Tue at 15:58:25.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 18 
 
Successfully deleted: C:\Users\Pow\AppData\Roaming\Mozilla\Firefox\Profiles\fwd1wjj5.default-1483201005183\user.js (File) 
Successfully deleted: C:\Windows\Tasks\update-S-1-5-21-270619904-830403761-2816806085-1000.job (Task) 
Successfully deleted: C:\Users\Pow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0M35WN48 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LH9BPU7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4SYY750 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AIS1SC1A (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FEQHIO1B (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G168ZFH7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H46I5L24 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Pow\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRFNY8SI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0M35WN48 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3LH9BPU7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A4SYY750 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AIS1SC1A (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FEQHIO1B (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G168ZFH7 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H46I5L24 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRFNY8SI (Temporary Internet Files Folder) 
 
Deleted the following from C:\Users\Pow\AppData\Roaming\Mozilla\Firefox\Profiles\fwd1wjj5.default-1483201005183\prefs.js
user_pref(browser.urlbar.suggest.searches, true);
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/03/2017 Tue at 16:03:03.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
ESET Online Scanner Log
C:\Games\DarkestDungeon Build 11029\_windows\steam_api.dll a variant of Win32/HackTool.Crack.DW potentially unsafe application cleaned by deleting
C:\Program Files\9th Dawn II\steam_api.dll a variant of Win32/HackTool.Crack.EN potentially unsafe application cleaned by deleting
C:\Program Files\NetWorx\nfapi.dll a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting
C:\Program Files (x86)\uTorrent\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application cleaned by deleting
C:\Users\Pow\AppData\Local\Amworks\tmldancn.dll a variant of Win32/Packed.Themida suspicious application cleaned by deleting
C:\Users\Pow\AppData\Local\Amworks\zrvneknj.dll a variant of Win32/Boaxxe.CO.gen trojan cleaned by deleting
C:\Users\Pow\AppData\Local\Ewstion\ksxsivvv.dll a variant of Win32/Boaxxe.CO.gen trojan cleaned by deleting
C:\Users\Pow\AppData\Local\Ewstion\rdpclip.exe NSIS/Injector.FP trojan cleaned by deleting
C:\Users\Pow\AppData\Local\Ewstion\xgpdoxwn.dll a variant of Win32/Packed.Themida suspicious application cleaned by deleting
C:\Users\Pow\AppData\Local\Temp\Block Puzzle Jewel_v13.0_apkpure.com.apk a variant of Android/Dianjin.B potentially unsafe application deleted
C:\Users\Pow\AppData\Local\Temp\Block Puzzle Mania_v4.0_apkpure.com.apk a variant of Android/Dianjin.B potentially unsafe application deleted
C:\Users\Pow\AppData\Local\Temp\dipeptide.dll a variant of Win32/Injector.DHER trojan cleaned by deleting
C:\Users\Pow\AppData\Local\Temp\phonation.dll a variant of Win32/Injector.DHJT trojan cleaned by deleting
C:\Users\Pow\AppData\Roaming\Aero.dll a variant of Win32/Injector.DDYJ trojan cleaned by deleting
C:\Users\Pow\AppData\Roaming\Arrays.dll Win32/Injector.DFAE trojan cleaned by deleting
C:\Users\Pow\AppData\Roaming\Blowfish.dll Win32/Injector.DFVX trojan cleaned by deleting
C:\Users\Pow\AppData\Roaming\CDRom.dll Win32/Injector.DEKG trojan cleaned by deleting
C:\Users\Pow\AppData\Roaming\Crypto.dll Win32/Injector.DEAH trojan cleaned by deleting
C:\Users\Pow\AppData\Roaming\DumpLog.dll Win32/Injector.DEBX trojan cleaned by deleting
C:\Users\Pow\AppData\Roaming\NsResize.dll Win32/Injector.DELK trojan cleaned by deleting
C:\Users\Pow\AppData\Roaming\Nwiz.dll Win32/Injector.DEYH trojan cleaned by deleting
C:\Users\Pow\AppData\Roaming\ProxySettings.dll a variant of Win32/Injector.DFTO trojan cleaned by deleting
C:\Users\Pow\AppData\Roaming\Registry.dll Win32/Injector.DEYO trojan cleaned by deleting
C:\Users\Pow\AppData\Roaming\SFhelper.dll a variant of Win32/Injector.DEOU trojan cleaned by deleting
C:\Users\Pow\Desktop\games\Knights.of.Pen.and.Paper.2.Deluxe.Edition\Knights.of.Pen.and.Paper.2.Deluxe.Edition\steam_api.dll a variant of Win32/HackTool.Crack.EN potentially unsafe application cleaned by deleting
C:\Users\Pow\Desktop\games\Knights.of.Pen.and.Paper.2.Deluxe.Edition\Knights.of.Pen.and.Paper.2.Deluxe.Edition\kopp2_Data\Plugins\steam_api.dll a variant of Win32/HackTool.Crack.EN potentially unsafe application cleaned by deleting
C:\Windows\gdp32.exe Win32/TrojanDownloader.VB.QZI trojan cleaned by deleting
C:\Windows\System32\drivers\networx.sys a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Aero.dll a variant of Win32/Injector.DDYJ trojan cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Arrays.dll Win32/Injector.DFAE trojan cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Blowfish.dll Win32/Injector.DFVX trojan cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\CDRom.dll Win32/Injector.DEKG trojan cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Crypto.dll Win32/Injector.DEAH trojan cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DumpLog.dll Win32/Injector.DEBX trojan cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\NsResize.dll Win32/Injector.DELK trojan cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Nwiz.dll Win32/Injector.DEYH trojan cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\ProxySettings.dll a variant of Win32/Injector.DFTO trojan cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Registry.dll Win32/Injector.DEYO trojan cleaned by deleting
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SFhelper.dll a variant of Win32/Injector.DEOU trojan cleaned by deleting
C:\Windows\Temp\NetworkManager0624.exe a variant of Win32/Amonetize.MB potentially unwanted application deleted
C:\Windows\Temp\SnapDoNew0624.exe a variant of Win32/Amonetize.MB potentially unwanted application deleted
 
MalwareBytes Log
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 1/3/17
Scan Time: 9:33 PM
Logfile: malbyteslog.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.5.1299
Components Version: 
Update Package Version: 
License: Free
 
-System Information-
OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Pow-PC\Pow
 
-Scan Summary-
Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 0
(No malicious items detected)
Time Elapsed: 0 min, 8 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:27 AM

Posted 04 January 2017 - 12:17 PM

Hello, are things improved?
Remove what ADW cleaner found..

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


    Your use of cracks has put some very dangerous malware on your system, like injectors.
    I cannot be sire you will stay clean with them. If you do any financials or banking on ths maine you may have problems.

    You probably should in and re install those two items.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 langielearn

langielearn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 04 January 2017 - 02:44 PM

Its hard to notice a difference when I hardly had noticeable problems. I did not have popups, slow internet speeds, or anything like that. The main problem was how after restarting it would say that webpage unavailable while offline message. I also had a problem that seemed like explorer.exe would crash which I have not had yet but it did not happen frequent enough to be sure of. Still I am not sure if that explorer.exe crash problem was actually a virus though since it only would seem to happen when my computer was under heavy load and the ram is really old so maybe its failing.
 
After restarting my computer it no longer says that webpage unavailable while offline message but now it says two error messages about missing DLLs which I included below. In my ctrl+alt+del task manager processes I no longer see any strange processes like adp.exe and rdclip.exe which I guess are what would start from those dlls, every process in my task manager seems normal now. In the two appdata\local directories I mentioned in the original post no longer have dlls in them just a single .txt file in each.
 
RegSvr32
The module "C:\Users\Pow\AppData\Local\Ewstion\ksxsivv.dll" failed to load.
 
Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .DLL files. 
 
The specified module could not be found.
and a very similar message 
 
----------
 
RegSvr32
The module "C:\Users\Pow\AppData\Local\Amworks\tmldancn.dll" failed to load.
 
Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .DLL files. 
 
The specified module could not be found.
 
In my msconfig startup tab it still has Ewstion as a possible startup item but still also left unchecked. The location of the file for the startup is C:\Users\Pow\AppData\Local\Ewstion\rdclip.exe which used to be a file there but I guess since the dll fails to load it no longer shows up or maybe it was removed or something. Its startup location says HKCU\software\microsoft\windows\currentversion\run which I checked and I see two things that I imagine are causing the dll errors. They say..
 
Name Type Data
Ahworks REG_SZ  C:\Windows\SysWOW64\regsvr32.exe C:\Users\Pow\AppData\Local\Ewstion\ksxsivvv.dll
Amworks REG_SZ  regsvr32.exe C:\Users\Pow\AppData\Local\Amworks\tmldancn.dll
 
In a directory below that Registry Editor Run directory there is a AutoRunsDisabled folder which has another file that I used to have problems with. I think I might've added it to that autorunsdisabled when I tried to fix these problems months ago.
 
ProxyGate REG_SZ  C:\Users\Pow\AppData\Roaming\ProxyGate\MainService.exe
 
Maybe I just need to delete these from the registry?
 
I have not used my computer for any banking stuff but I was hoping to...
 
AdwCleaner
 
# AdwCleaner v6.041 - Logfile created 04/01/2017 at 12:25:04
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-03.1 [Local]
# Operating System : Windows ™ Vista Home Basic Service Pack 2 (X64)
# Username : Pow - POW-PC
# Running from : C:\Users\Pow\Desktop\OldScripts\koreanGame\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
[#] Folder deleted on reboot: C:\ProgramData\SecTaskMan
[#] Folder deleted on reboot: C:\ProgramData\Application Data\SecTaskMan
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKU\.DEFAULT\Software\INSTALLPATH\STATUS
[-] Key deleted: HKU\.DEFAULT\Software\Auslogics
[-] Key deleted: HKU\S-1-5-21-270619904-830403761-2816806085-1000\Software\Auslogics
[-] Key deleted: HKU\S-1-5-21-270619904-830403761-2816806085-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[-] Key deleted: HKU\S-1-5-21-270619904-830403761-2816806085-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[#] Key deleted on reboot: HKU\S-1-5-18\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKU\S-1-5-18\Software\Auslogics
[#] Key deleted on reboot: HKCU\Software\Auslogics
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[#] Key deleted on reboot: [x64] HKCU\Software\Auslogics
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1EC095EE-8CA3-43D6-B9F5-0C55B82ED3D7}}_is1
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [codec Settings UAC Manager]
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\FixMyRegistry
 
 
***** [ Web browsers ] *****
 
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2944 Bytes] - [04/01/2017 12:25:04]
C:\AdwCleaner\AdwCleaner[S0].txt - [3031 Bytes] - [03/01/2017 15:53:54]
C:\AdwCleaner\AdwCleaner[S1].txt - [3126 Bytes] - [04/01/2017 12:21:50]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3163 Bytes] ##########

Edited by langielearn, 04 January 2017 - 02:45 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:27 AM

Posted 04 January 2017 - 04:53 PM

On the DLL's

 

Its not unusual to receive such an error after using specialized fix tools.

A "Cannot find...", "Could not run...", "Error loading... or "specific module could not be found" message is usually related to malware that was set to run at startup but has been deleted. Windows is trying to load this file but cannot locate it since the file was mostly likely removed during an anti-virus or anti-malware scan. However, an associated orphaned registry entry remains and is telling Windows to load the file when you boot up. Since the file no longer exists, Windows will display an error message. You need to remove this registry entry so Windows stops searching for the file when it loads.

To resolve this, download Autoruns, search for the related entry and then delete it.

Create a new folder on your hard drive called AutoRuns (C:\AutoRuns) and extract (unzip) the file there. (click here if you're not sure how to do this.)
Open the folder and double-click on autoruns.exe to launch it.
Please be patient as it scans and populates the entries.
When done scanning, it will say Ready at the bottom.
Scroll through the list and look for a startup entry related to the file(s) in the error message. -->>>ihibulam.dll
Right-click on the entry and choose delete.
Reboot your computer and see if the startup error returns.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 langielearn

langielearn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 04 January 2017 - 06:24 PM

Nothing pops up when I restart anymore.



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:27 AM

Posted 05 January 2017 - 10:25 AM

Ok, so all is good here now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 langielearn

langielearn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 05 January 2017 - 11:11 AM

Every thing has been perfect since then still. 



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:27 AM

Posted 05 January 2017 - 11:26 AM

Cool... have a great day!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 langielearn

langielearn
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:27 AM

Posted 05 January 2017 - 06:30 PM

oh yeah forgot say thanks  :lol:



#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:27 AM

Posted 06 January 2017 - 11:17 AM

:thumbup2:  Appreciated


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users