Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue.VirusMelt


  • This topic is locked This topic is locked
14 replies to this topic

#1 jinn0z

jinn0z

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 04 January 2017 - 02:29 PM

I have more viruses from malware-antimalwarebytes. The below rogue always come back when I finished scanning for it...

 

Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.exe, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.exe.config, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.pdb, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.vshost.exe, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.vshost.exe.config, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.vshost.exe.manifest, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\DynamicDataDisplay.dll, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\errordetails.xml, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\errordetailsOpt.xml, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\Erroroptimize.xml, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\icon.ico, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\logoptimizer.xml, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\Microsoft.Win32.TaskScheduler.dll, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\OptErr.xml, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\RegErr.xml, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\Sys_authoptimize.xml, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\trialerror.xml, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\unins000.dat, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\unins000.exe, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\WpfAnimatedGif.dll, Quarantined, [12989], [170396],1.0.926



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:30 AM

Posted 04 January 2017 - 04:31 PM

Hello, look in your Primary drive for the File PCDRCUI.EXE and open it and see if it uninstalls PC Dr
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 04 January 2017 - 04:35 PM

Hi, I can't find the Primary drive... I am using Windows 10 by the way^^;


Edited by jinn0z, 04 January 2017 - 04:37 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:30 AM

Posted 04 January 2017 - 04:48 PM

Click on the top icon in the Side bar
Scroll down to bottom select Windows System then This PC

In the window that opens on left side you should see a "C" drive


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 04 January 2017 - 04:50 PM

k, got it=D. And now how about "PCDRCUI.EXE"? Cant find it in the acer "C" Drove.


Edited by jinn0z, 04 January 2017 - 04:53 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:30 AM

Posted 04 January 2017 - 04:57 PM

Do you have another drive there?
 
EDIT also do these.
 
3Al62Pm.pngMiniToolBox
  • Please download MiniToolBox, save it to your desktop and run it.
  • Checkmark the following checkboxes:
    • Flush DNS
    • Report IE Proxy Settings
    • Reset IE Proxy Settings
    • Report FF Proxy Settings
    • Reset FF Proxy Settings
    • List content of Hosts
    • List IP configuration
    • List Winsock Entries
    • List last 10 Event Viewer log
    • List Installed Programs
    • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run. Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
zcMPezJ.pngAdwCleaner
  • Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
lv0mVRW.pngJunkware Removal Tool
  • Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
cvMlKv6.pngESET Online Scanner
  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by boopme, 04 January 2017 - 05:00 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 04 January 2017 - 05:30 PM

Hi, should I delete the infected files from AdwCleaner?



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:30 AM

Posted 05 January 2017 - 10:21 AM

Post the log first so we don't delete something we shouldn't.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 05 January 2017 - 12:16 PM

Post the log first so we don't delete something we shouldn't.

 

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=64
set interface interface="Local Area Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Dang-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : F8-0F-41-2C-6F-D3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::bd05:42e4:df4c:70f7%2(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, January 05, 2017 9:14:37 AM
   Lease Expires . . . . . . . . . . : Friday, January 06, 2017 9:14:37 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 200806209
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-2D-E3-28-F8-0F-41-2C-6F-D3
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    google.com
Addresses:  2607:f8b0:4004:80a::200e
      173.194.175.139
      173.194.175.113
      173.194.175.102
      173.194.175.138
      173.194.175.101
      173.194.175.100


Pinging google.com [216.58.218.238] with 32 bytes of data:
Reply from 216.58.218.238: bytes=32 time=17ms TTL=53
Reply from 216.58.218.238: bytes=32 time=31ms TTL=53

Ping statistics for 216.58.218.238:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 17ms, Maximum = 31ms, Average = 24ms
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
      2001:4998:44:204::a7
      2001:4998:c:a06::2:4008
      98.139.183.24
      206.190.36.45
      98.138.253.109


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=896ms TTL=51
Reply from 98.139.183.24: bytes=32 time=34ms TTL=51

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 34ms, Maximum = 896ms, Average = 465ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  2...f8 0f 41 2c 6f d3 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     10
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.3    266
      192.168.1.3  255.255.255.255         On-link       192.168.1.3    266
    192.168.1.255  255.255.255.255         On-link       192.168.1.3    266
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.3    266
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.3    266
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  2    266 fe80::/64                On-link
  2    266 fe80::bd05:42e4:df4c:70f7/128
                                    On-link
  1    306 ff00::/8                 On-link
  2    266 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/05/2017 03:09:22 AM) (Source: Application Error) (User: )
Description: Faulting application name: onenoteim.exe, version: 16.0.7668.5768, time stamp: 0x585a22b5
Faulting module name: Office.UI.Xaml.Core.dll, version: 0.0.0.0, time stamp: 0x58591e02
Exception code: 0xc0000005
Fault offset: 0x00000000003e9931
Faulting process id: 0x83c
Faulting application start time: 0xonenoteim.exe0
Faulting application path: onenoteim.exe1
Faulting module path: onenoteim.exe2
Report Id: onenoteim.exe3
Faulting package full name: onenoteim.exe4
Faulting package-relative application ID: onenoteim.exe5

Error: (01/05/2017 02:55:13 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (01/05/2017 02:49:22 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (01/04/2017 07:01:00 PM) (Source: ESENT) (User: )
Description: taskhostw (5072) An attempt to open the file "C:\Users\Dang\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).

Error: (01/04/2017 05:34:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (01/04/2017 05:34:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (01/04/2017 05:34:06 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (01/04/2017 05:34:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (01/04/2017 05:34:02 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (01/04/2017 05:33:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.


System errors:
=============
Error: (01/05/2017 09:15:14 AM) (Source: Service Control Manager) (User: )
Description: The SDScannerService service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (01/05/2017 09:15:14 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SDScannerService service to connect.

Error: (01/05/2017 09:14:42 AM) (Source: Service Control Manager) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (01/05/2017 09:14:32 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:09:41 AM on ‎1/‎5/‎2017 was unexpected.

Error: (01/05/2017 09:13:05 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (01/05/2017 09:10:22 AM) (Source: Service Control Manager) (User: )
Description: The SDScannerService service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (01/05/2017 09:10:22 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SDScannerService service to connect.

Error: (01/05/2017 09:09:50 AM) (Source: Service Control Manager) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Error: (01/05/2017 09:09:41 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 3:04:59 AM on ‎1/‎5/‎2017 was unexpected.

Error: (01/05/2017 03:40:19 AM) (Source: Service Control Manager) (User: )
Description: The User Data Access_52350 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (01/05/2017 03:09:22 AM) (Source: Application Error)(User: )
Description: onenoteim.exe16.0.7668.5768585a22b5Office.UI.Xaml.Core.dll0.0.0.058591e02c000000500000000003e993183c01d2672afdf1b471C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.57681.0_x64__8wekyb3d8bbwe\onenoteim.exeC:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.57681.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dlle036fe87-8305-4154-8c77-7a0efde4f257Microsoft.Office.OneNote_17.7668.57681.0_x64__8wekyb3d8bbwemicrosoft.onenoteim

Error: (01/05/2017 02:55:13 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifestC:\Users\Dang\Desktop\esetsmartinstaller_enu.exe

Error: (01/05/2017 02:49:22 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifestC:\Users\Dang\Desktop\esetsmartinstaller_enu.exe

Error: (01/04/2017 07:01:00 PM) (Source: ESENT)(User: )
Description: taskhostw5072C:\Users\Dang\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (01/04/2017 05:34:24 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifestC:\Users\Dang\Desktop\esetsmartinstaller_enu.exe

Error: (01/04/2017 05:34:08 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifestc:\users\dang\desktop\esetsmartinstaller_enu.exe

Error: (01/04/2017 05:34:06 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifestC:\Users\Dang\Desktop\esetsmartinstaller_enu.exe

Error: (01/04/2017 05:34:03 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifestC:\Users\Dang\Desktop\esetsmartinstaller_enu.exe

Error: (01/04/2017 05:34:02 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifestC:\Users\Dang\Desktop\esetsmartinstaller_enu.exe

Error: (01/04/2017 05:33:56 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifestC:\Users\Dang\Desktop\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
  Date: 2017-01-01 22:03:33.795
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-01-01 14:03:49.685
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-20 08:09:32.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-17 08:24:50.505
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-15 14:44:04.405
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-12-03 07:23:43.379
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-12-02 07:36:54.838
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-11-30 06:20:38.745
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-11-17 15:45:06.424
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-11-17 15:45:06.382
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


=========================== Installed Programs ============================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.9.43085 - BitTorrent Inc.)
7-Zip 15.12 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3502 - Acer Incorporated)
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
Agatha Christie - Death on the Nile (HKLM-x32\...\WTA-552202d9-486c-42e8-a5fc-9e665c96f62c) (Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{D9B8D7C4-BE13-5877-6999-B076956AA3F9}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
Bejeweled 2 Deluxe (HKLM-x32\...\WTA-6badf540-2acc-4c8d-91c5-6e6ca8612852) (Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Build-a-lot 4 - Power Source (HKLM-x32\...\WTA-b61dd39c-9b3c-488b-9fdf-0612f2e5dbec) (Version: 2.2.0.97 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
Chronicles of Albian (HKLM-x32\...\WTA-8648d6d4-8b2e-4657-ae5e-6d65da6eb0e1) (Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (HKLM-x32\...\WTA-f35c83a4-3eb3-40c8-b232-4bb7e320acdd) (Version: 2.2.0.95 - WildTangent) Hidden
clear.fi (HKLM-x32\...\{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}) (Version: 1.0.1517_36458 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.15 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}) (Version: 9.0.8026 - CyberLink Corp.) Hidden
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.2024.15 - CyberLink Corp.)
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3500 - Acer Incorporated)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cradle of Rome 2 (HKLM-x32\...\WTA-46136ebf-a107-406c-a71c-e02469cef0ef) (Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dora's World Adventure (HKLM-x32\...\WTA-33241d41-80a9-45b6-97f4-affeecad32fc) (Version: 2.2.0.95 - WildTangent) Hidden
Driver Support (HKLM-x32\...\DriverSupport) (Version: 10.1.4.10 - PC Drivers HeadQuarters LP)
DriverUpdate (HKLM-x32\...\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}) (Version: 2.7.0 - Slimware Utilities Holdings, Inc.) Hidden
eBay Worldwide (HKLM-x32\...\{D3E5A972-9A15-427D-AE78-8181A5FD943C}) (Version: 2.2.0409 - OEM)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Final Drive: Nitro (HKLM-x32\...\WTA-26fedbd1-5e9f-479b-afd2-04719b98bd6d) (Version: 2.2.0.95 - WildTangent) Hidden
foobar2000 v1.3.13 (HKLM-x32\...\foobar2000) (Version: 1.3.13 - Peter Pawlowski)
GlassWire 1.2 (remove only) (HKLM-x32\...\GlassWire 1.2) (Version: 1.2.1079 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.31.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-b2fbd683-f98e-409a-9bbc-fc67bad30a03) (Version: 2.2.0.95 - WildTangent) Hidden
Gramblr (HKLM\...\Gramblr) (Version: 2.8.0 - Gramblr Team)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3505 - Acer Incorporated)
iCloud (HKLM\...\{724A887F-2B55-4306-B6F9-8F0E7A04B1B5}) (Version: 5.2.2.87 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3501 - Acer Incorporated)
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.7.122.1 - Intel Security)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Jewel Match 3 (HKLM-x32\...\WTA-72fab16a-b3c9-4ff1-b626-271d5113db8a) (Version: 2.2.0.97 - WildTangent) Hidden
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Miscreation Palicourea Scroinogh (HKLM-x32\...\Miscreation Palicourea Scroinogh) (Version: 2.00 - Tiptoeingly Inc.)
Mozilla Firefox 50.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 50.0.2 (x64 en-US)) (Version: 50.0.2 - Mozilla)
Mozilla Firefox 50.1.0 (x64 en-US) (HKLM\...\Mozilla Firefox 50.1.0 (x64 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Firefox 50.1.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 en-US)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Mystery of Mortlake Mansion (HKLM-x32\...\WTA-2285cbce-35ff-4a54-8cad-4b8882c166b3) (Version: 2.2.0.98 - WildTangent) Hidden
MyWinLocker (HKLM\...\{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}) (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker 4 (HKLM-x32\...\{39F15B50-A977-4CA6-B1C3-6A8724CDA025}) (Version: 4.0.14.25 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.15 - Egis Technology Inc.)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.4.7070 - Barnesandnoble.com)
NpackdCL (HKLM-x32\...\{C32CA36A-DA63-4D55-9B17-87C61033137D}) (Version: 1.18.7 - Npackd)
Penguins! (HKLM-x32\...\WTA-6ee6c980-641e-4c48-8849-f368bd1e6452) (Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-3704614d-8c17-4391-adee-38a4653f22d2) (Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (HKLM-x32\...\WTA-60055fc5-542c-4807-99c3-589de0ae3fbc) (Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (HKLM-x32\...\WTA-bb776004-0596-44df-b5d5-33acda1e9570) (Version: 2.2.0.95 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RealDownloader (HKLM-x32\...\{13743594-F75E-491E-9EFF-203C8F8DF705}) (Version: 18.1.5.699 - RealNetworks) Hidden
RealDownloader (HKLM-x32\...\{410F406E-7AFC-4E9F-BF7E-0CB3C72BDAB9}) (Version: 18.1.5.699 - RealNetworks, Inc.) Hidden
RealDownloader (HKLM-x32\...\{4e8ca438-78fb-4658-ac5b-2d128f60c54e}) (Version: 18.1.5.699 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (HKLM-x32\...\{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}) (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (HKLM-x32\...\{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}) (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.5 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Shredder (HKLM\...\{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Shredder (HKLM-x32\...\{C2695E83-CF1D-43D1-84FE-B3BEC561012A}) (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1230 - SUPERAntiSpyware.com)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Times Reader (HKLM-x32\...\{491ADA37-04EE-2ECE-9F86-DDC0106047AC}) (Version: 2.055 - The New York Times Company) Hidden
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Torchlight (HKLM-x32\...\WTA-b1b73d1f-79ce-487c-9683-558854f2df66) (Version: 2.2.0.97 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
vc2012_redist (HKLM-x32\...\{9402AEF2-5981-4097-8BE2-6501DAC4DBFD}) (Version: 1.0.0.0 - Realnetworks) Hidden
Video Downloader (HKLM-x32\...\{80CE5A20-ACAD-46A7-94A0-5FD34A7744F3}) (Version: 1.2.0 - RealNetworks) Hidden
Virtual Villagers 5 - New Believers (HKLM-x32\...\WTA-eccbc502-f204-49e1-a195-0e891a11f3c4) (Version: 2.2.0.97 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
vs2015_redist x64 (HKLM\...\{EAED8692-5B63-4665-B857-D626633691DA}) (Version: 1.0.0.0 - Realnetworks) Hidden
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
WildTangent Games App (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer) (Version: 4.0.10.16 - WildTangent) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.6.2015.18 - Ruiware)
Zuma's Revenge (HKLM-x32\...\WTA-fcf9fb43-92b3-4f44-bad4-0e68edf05614) (Version: 2.2.0.97 - WildTangent) Hidden

========================= Memory info: ===================================

Percentage of memory in use: 60%
Total physical RAM: 3796.87 MB
Available physical RAM: 1498.05 MB
Total Virtual: 7636.87 MB
Available Virtual: 4946.83 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:446.13 GB) (Free:217.34 GB) NTFS

========================= Users: ========================================

User accounts for \\DANG-PC

Administrator            Dang                     DefaultAccount           
Guest                    


**** End of log ****
 

 

 

 

# AdwCleaner v6.041 - Logfile created 05/01/2017 at 09:26:15
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-03.1 [Local]
# Operating System : Windows 10 Home  (X64)
# Username : Dang - DANG-PC
# Running from : C:\Users\Dang\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\WINDOWS\Installer\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}
Folder Found:  C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
Folder Found:  C:\Program Files (x86)\ShowMyPCService


***** [ Files ] *****

File Found:  C:\WINDOWS\SysNative\LavasoftTcpService64.dll
File Found:  C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
File Found:  C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
File Found:  C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

Task Found:  ByteFence Scan


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}_is1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Key Found:  HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\darwendlm
Key Found:  HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\Microsoft\Tinstalls
Key Found:  HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\Pokki
Key Found:  HKCU\Software\darwendlm
Key Found:  HKCU\Software\Microsoft\Tinstalls
Key Found:  HKCU\Software\Pokki
Key Found:  HKLM\SOFTWARE\Lavasoft\Web Companion
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Key Found:  [x64] HKCU\Software\darwendlm
Key Found:  [x64] HKCU\Software\Microsoft\Tinstalls
Key Found:  [x64] HKCU\Software\Pokki
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\B092921321B09AF46BAFE1A1075E9292
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\B092921321B09AF46BAFE1A1075E9292
Key Found:  HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B092921321B09AF46BAFE1A1075E9292
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B092921321B09AF46BAFE1A1075E9292
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\B092921321B09AF46BAFE1A1075E9292
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\B092921321B09AF46BAFE1A1075E9292
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Key Found:  HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5F14633B-433F-48B3-AD6F-E2ACAE4ED66E}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5F14633B-433F-48B3-AD6F-E2ACAE4ED66E}
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5F14633B-433F-48B3-AD6F-E2ACAE4ED66E}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5F14633B-433F-48B3-AD6F-E2ACAE4ED66E}
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5F14633B-433F-48B3-AD6F-E2ACAE4ED66E}
Value Found:  HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web data] - www.safesear.ch

*************************

C:\AdwCleaner\AdwCleaner[C4].txt - [1280 Bytes] - [12/10/2015 15:45:14]
C:\AdwCleaner\AdwCleaner[C5].txt - [4154 Bytes] - [24/10/2015 16:12:59]
C:\AdwCleaner\AdwCleaner[C6].txt - [21735 Bytes] - [04/11/2015 21:21:01]
C:\AdwCleaner\AdwCleaner[C7].txt - [1147 Bytes] - [06/12/2015 19:01:56]
C:\AdwCleaner\AdwCleaner[R0].txt - [16679 Bytes] - [09/05/2015 20:20:44]
C:\AdwCleaner\AdwCleaner[R1].txt - [16739 Bytes] - [09/05/2015 20:49:28]
C:\AdwCleaner\AdwCleaner[R2].txt - [1028 Bytes] - [12/05/2015 19:52:58]
C:\AdwCleaner\AdwCleaner[R3].txt - [1092 Bytes] - [14/05/2015 09:04:53]
C:\AdwCleaner\AdwCleaner[R4].txt - [2769 Bytes] - [19/05/2015 20:42:34]
C:\AdwCleaner\AdwCleaner[S0].txt - [5934 Bytes] - [09/05/2015 20:50:40]
C:\AdwCleaner\AdwCleaner[S10].txt - [1031 Bytes] - [06/12/2015 18:58:22]
C:\AdwCleaner\AdwCleaner[S11].txt - [12642 Bytes] - [04/01/2017 17:17:05]
C:\AdwCleaner\AdwCleaner[S12].txt - [11343 Bytes] - [04/01/2017 17:31:50]
C:\AdwCleaner\AdwCleaner[S13].txt - [8929 Bytes] - [05/01/2017 09:26:15]
C:\AdwCleaner\AdwCleaner[S1].txt - [1095 Bytes] - [12/05/2015 19:54:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [1157 Bytes] - [14/05/2015 09:09:47]
C:\AdwCleaner\AdwCleaner[S3].txt - [1567 Bytes] - [19/05/2015 20:44:23]
C:\AdwCleaner\AdwCleaner[S6].txt - [1176 Bytes] - [12/10/2015 15:43:21]
C:\AdwCleaner\AdwCleaner[S7].txt - [5022 Bytes] - [24/10/2015 16:10:47]
C:\AdwCleaner\AdwCleaner[S8].txt - [20605 Bytes] - [04/11/2015 21:12:56]
C:\AdwCleaner\AdwCleaner[S9].txt - [1030 Bytes] - [06/12/2015 18:44:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S13].txt - [9515 Bytes] ##########
 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Dang (Administrator) on Thu 01/05/2017 at  9:27:47.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/05/2017 at  9:32:55.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Eset didnt have any viruses or malware.


Edited by jinn0z, 05 January 2017 - 12:20 PM.


#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:30 AM

Posted 05 January 2017 - 02:47 PM

Ok remove what ADW found

Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 05 January 2017 - 03:27 PM

Hi, am I supposed to upload the "deleted" files version or the "found"?

 

 

FOUND:

# AdwCleaner v6.041 - Logfile created 05/01/2017 at 15:10:40
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-05.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Dang - DANG-PC
# Running from : C:\Users\Dang\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\WINDOWS\Installer\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}
Folder Found:  C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
Folder Found:  C:\Program Files (x86)\ShowMyPCService


***** [ Files ] *****

File Found:  C:\WINDOWS\SysNative\LavasoftTcpService64.dll
File Found:  C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
File Found:  C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
File Found:  C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

Task Found:  ByteFence Scan


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}_is1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
Key Found:  [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Key Found:  HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\darwendlm
Key Found:  HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\Microsoft\Tinstalls
Key Found:  HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\Pokki
Key Found:  HKCU\Software\darwendlm
Key Found:  HKCU\Software\Microsoft\Tinstalls
Key Found:  HKCU\Software\Pokki
Key Found:  HKLM\SOFTWARE\Lavasoft\Web Companion
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Key Found:  [x64] HKCU\Software\darwendlm
Key Found:  [x64] HKCU\Software\Microsoft\Tinstalls
Key Found:  [x64] HKCU\Software\Pokki
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\B092921321B09AF46BAFE1A1075E9292
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\B092921321B09AF46BAFE1A1075E9292
Key Found:  HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B092921321B09AF46BAFE1A1075E9292
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B092921321B09AF46BAFE1A1075E9292
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Features\B092921321B09AF46BAFE1A1075E9292
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\B092921321B09AF46BAFE1A1075E9292
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
Key Found:  HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5F14633B-433F-48B3-AD6F-E2ACAE4ED66E}
Key Found:  HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5F14633B-433F-48B3-AD6F-E2ACAE4ED66E}
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5F14633B-433F-48B3-AD6F-E2ACAE4ED66E}
Key Found:  [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5F14633B-433F-48B3-AD6F-E2ACAE4ED66E}
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5F14633B-433F-48B3-AD6F-E2ACAE4ED66E}
Value Found:  HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web data] - www.safesear.ch

*************************

C:\AdwCleaner\AdwCleaner[C4].txt - [1280 Bytes] - [12/10/2015 15:45:14]
C:\AdwCleaner\AdwCleaner[C5].txt - [4154 Bytes] - [24/10/2015 16:12:59]
C:\AdwCleaner\AdwCleaner[C6].txt - [21735 Bytes] - [04/11/2015 21:21:01]
C:\AdwCleaner\AdwCleaner[C7].txt - [1147 Bytes] - [06/12/2015 19:01:56]
C:\AdwCleaner\AdwCleaner[R0].txt - [16679 Bytes] - [09/05/2015 20:20:44]
C:\AdwCleaner\AdwCleaner[R1].txt - [16739 Bytes] - [09/05/2015 20:49:28]
C:\AdwCleaner\AdwCleaner[R2].txt - [1028 Bytes] - [12/05/2015 19:52:58]
C:\AdwCleaner\AdwCleaner[R3].txt - [1092 Bytes] - [14/05/2015 09:04:53]
C:\AdwCleaner\AdwCleaner[R4].txt - [2769 Bytes] - [19/05/2015 20:42:34]
C:\AdwCleaner\AdwCleaner[S0].txt - [5934 Bytes] - [09/05/2015 20:50:40]
C:\AdwCleaner\AdwCleaner[S10].txt - [1031 Bytes] - [06/12/2015 18:58:22]
C:\AdwCleaner\AdwCleaner[S11].txt - [12642 Bytes] - [04/01/2017 17:17:05]
C:\AdwCleaner\AdwCleaner[S12].txt - [11343 Bytes] - [04/01/2017 17:31:50]
C:\AdwCleaner\AdwCleaner[S13].txt - [9719 Bytes] - [05/01/2017 09:26:15]
C:\AdwCleaner\AdwCleaner[S14].txt - [9004 Bytes] - [05/01/2017 15:10:40]
C:\AdwCleaner\AdwCleaner[S1].txt - [1095 Bytes] - [12/05/2015 19:54:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [1157 Bytes] - [14/05/2015 09:09:47]
C:\AdwCleaner\AdwCleaner[S3].txt - [1567 Bytes] - [19/05/2015 20:44:23]
C:\AdwCleaner\AdwCleaner[S6].txt - [1176 Bytes] - [12/10/2015 15:43:21]
C:\AdwCleaner\AdwCleaner[S7].txt - [5022 Bytes] - [24/10/2015 16:10:47]
C:\AdwCleaner\AdwCleaner[S8].txt - [20605 Bytes] - [04/11/2015 21:12:56]
C:\AdwCleaner\AdwCleaner[S9].txt - [1030 Bytes] - [06/12/2015 18:44:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S14].txt - [9590 Bytes] ##########
 

 

 

 

 

 

DELETED:

# AdwCleaner v6.041 - Logfile created 05/01/2017 at 15:14:30
# Updated on 16/12/2016 by Malwarebytes
# Database : 2017-01-05.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Dang - DANG-PC
# Running from : C:\Users\Dang\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\WINDOWS\Installer\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}
[-] Folder deleted: C:\Users\Dang\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
[-] Folder deleted: C:\Program Files (x86)\ShowMyPCService


***** [ Files ] *****

[-] File deleted: C:\WINDOWS\SysNative\LavasoftTcpService64.dll
[-] File deleted: C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
[-] File deleted: C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
[-] File deleted: C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: ByteFence Scan


***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}
[#] Key deleted on reboot: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0088BAD5-E065-4A0F-B4A9-3DB6803D495B}_is1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[-] Key deleted: HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
[-] Key deleted: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\darwendlm
[-] Key deleted: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\Microsoft\Tinstalls
[-] Key deleted: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\Pokki
[#] Key deleted on reboot: HKCU\Software\darwendlm
[#] Key deleted on reboot: HKCU\Software\Microsoft\Tinstalls
[#] Key deleted on reboot: HKCU\Software\Pokki
[-] Key deleted: HKLM\SOFTWARE\Lavasoft\Web Companion
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[#] Key deleted on reboot: [x64] HKCU\Software\darwendlm
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Tinstalls
[#] Key deleted on reboot: [x64] HKCU\Software\Pokki
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\B092921321B09AF46BAFE1A1075E9292
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Products\B092921321B09AF46BAFE1A1075E9292
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B092921321B09AF46BAFE1A1075E9292
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B092921321B09AF46BAFE1A1075E9292
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Features\B092921321B09AF46BAFE1A1075E9292
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\Products\B092921321B09AF46BAFE1A1075E9292
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\50D2BAFD096C90345A82B25A790BDF69
[-] Key deleted: HKU\S-1-5-21-2649704876-1349671222-1448162478-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5F14633B-433F-48B3-AD6F-E2ACAE4ED66E}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5F14633B-433F-48B3-AD6F-E2ACAE4ED66E}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5F14633B-433F-48B3-AD6F-E2ACAE4ED66E}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5F14633B-433F-48B3-AD6F-E2ACAE4ED66E}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5F14633B-433F-48B3-AD6F-E2ACAE4ED66E}
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com


***** [ Web browsers ] *****

[-] [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Dang\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: www.safesear.ch


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C4].txt - [1280 Bytes] - [12/10/2015 15:45:14]
C:\AdwCleaner\AdwCleaner[C5].txt - [4154 Bytes] - [24/10/2015 16:12:59]
C:\AdwCleaner\AdwCleaner[C6].txt - [21735 Bytes] - [04/11/2015 21:21:01]
C:\AdwCleaner\AdwCleaner[C7].txt - [1147 Bytes] - [06/12/2015 19:01:56]
C:\AdwCleaner\AdwCleaner[C8].txt - [8968 Bytes] - [05/01/2017 15:14:30]
C:\AdwCleaner\AdwCleaner[R0].txt - [16679 Bytes] - [09/05/2015 20:20:44]
C:\AdwCleaner\AdwCleaner[R1].txt - [16739 Bytes] - [09/05/2015 20:49:28]
C:\AdwCleaner\AdwCleaner[R2].txt - [1028 Bytes] - [12/05/2015 19:52:58]
C:\AdwCleaner\AdwCleaner[R3].txt - [1092 Bytes] - [14/05/2015 09:04:53]
C:\AdwCleaner\AdwCleaner[R4].txt - [2769 Bytes] - [19/05/2015 20:42:34]
C:\AdwCleaner\AdwCleaner[S0].txt - [5934 Bytes] - [09/05/2015 20:50:40]
C:\AdwCleaner\AdwCleaner[S10].txt - [1031 Bytes] - [06/12/2015 18:58:22]
C:\AdwCleaner\AdwCleaner[S11].txt - [12642 Bytes] - [04/01/2017 17:17:05]
C:\AdwCleaner\AdwCleaner[S12].txt - [11343 Bytes] - [04/01/2017 17:31:50]
C:\AdwCleaner\AdwCleaner[S13].txt - [9719 Bytes] - [05/01/2017 09:26:15]
C:\AdwCleaner\AdwCleaner[S14].txt - [9794 Bytes] - [05/01/2017 15:10:40]
C:\AdwCleaner\AdwCleaner[S1].txt - [1095 Bytes] - [12/05/2015 19:54:25]
C:\AdwCleaner\AdwCleaner[S2].txt - [1157 Bytes] - [14/05/2015 09:09:47]
C:\AdwCleaner\AdwCleaner[S3].txt - [1567 Bytes] - [19/05/2015 20:44:23]
C:\AdwCleaner\AdwCleaner[S6].txt - [1176 Bytes] - [12/10/2015 15:43:21]
C:\AdwCleaner\AdwCleaner[S7].txt - [5022 Bytes] - [24/10/2015 16:10:47]
C:\AdwCleaner\AdwCleaner[S8].txt - [20605 Bytes] - [04/11/2015 21:12:56]
C:\AdwCleaner\AdwCleaner[S9].txt - [1030 Bytes] - [06/12/2015 18:44:17]

########## EOF - C:\AdwCleaner\AdwCleaner[C8].txt - [10365 Bytes] ##########
 


Edited by jinn0z, 05 January 2017 - 03:29 PM.


#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:30 AM

Posted 05 January 2017 - 03:33 PM

That's it. How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 jinn0z

jinn0z
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:11:30 PM

Posted 05 January 2017 - 03:36 PM

Hi boom,

 

its still there. the Rogue.VirusMelt is still there when I am scanning using malwarebytes.

 

I have more viruses from malware-antimalwarebytes. The below rogue always come back when I finished scanning for it...

 

Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.exe, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.exe.config, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.pdb, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.vshost.exe, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.vshost.exe.config, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\AKickPCDoctor.vshost.exe.manifest, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\DynamicDataDisplay.dll, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\errordetails.xml, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\errordetailsOpt.xml, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\Erroroptimize.xml, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\icon.ico, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\logoptimizer.xml, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\Microsoft.Win32.TaskScheduler.dll, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\OptErr.xml, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\RegErr.xml, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\Sys_authoptimize.xml, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\trialerror.xml, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\unins000.dat, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\unins000.exe, Quarantined, [12989], [170396],1.0.926
Rogue.VirusMelt, C:\ProgramData\System Data\WpfAnimatedGif.dll, Quarantined, [12989], [170396],1.0.926


Edited by jinn0z, 05 January 2017 - 03:48 PM.


#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,176 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:30 AM

Posted 05 January 2017 - 04:00 PM

Ok. Start a new topic from this guide. Title it "Rogue.VirusMelt keeps returning." We need a deeper look to get it out.

Star at step 6....

Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 hamluis

hamluis

    Moderator


  • Moderator
  • 55,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:11:30 PM

Posted 05 January 2017 - 06:30 PM

`MRL topic at

 

To avoid confusion this topic in Am I Infected is now closed.

 

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users