Jump to content

All Activity

This stream auto-updates     

  1. Past hour
  2. Hi, I can check for any remnant items that may still be around. I need to see the logs from the Farbar program.
  3. ***This is an automated reply*** Hi, Thanks for posting in the Malwarebytes 3 Help forum. If you are having technical issues with our Windows product, please do the following: If you are having licensing issues, please do the following: Thanks in advance for your patience. -The Malwarebytes Forum Team
  4. I use Malware Bytes Premium 3.8.3.My computer runs Windows 10 Pro and uses Eset 12.2.23.0 for AV. Beginning on 09/18/2019 I began receiving a "Website blocked" Type Outbound, Category Trojan to 52.3.64.241:57801 every 1.5 hours. I have attached the text notification from MalwareBytes. I have run AV scans in admin mode and Malwarebytes scans with everything coming back clean. 52.3.64.241 comes back as registered to Amazon but the domain is listed as ws.bootstrapdevelopment.com. I am unsure of next steps and if I should be concerned. bootstrap.txt
  5. Greetings, Thank you for your feedback. Regarding Scan Scheduler "Quick": I agree that scanning on an hourly basis is far too frequent and does not make sense under any scenario. I have my current "quick" scan being tested at 1 hour and can become somewhat annoying at times. Perhaps an alternate solution would be: (1) "Repeat" -> Start up (2) below this option "Repeat" -> Start up + 4 Hours (3) below this option "Repeat" Weekly etc.. (4) Is it possible given cost effectiveness (Cost/Benefit considerations) to develop an algorithm to warn the user that there is a conflict within the schedules (Custom / Normal / Quick). This could give the user time to adjust the "Scan Scheduler" to fit within the acceptable parameters of Malwarebytes. If the user still does not take care of the problem, then a possible "error" message with the consequence of at least one of the "Type" schedules not functioning. Regarding "tray icon and context menu" - sounds good.
  6. Kevin, Sorry it took longer this time. I ran RogueKiller and it deleted four things. The log is attached. After that, I let my computer sit for a while without chrome open, and during that time I did not see any of these cloud1.pw popups. Some time after re-opening chrome, I did get one again. Malwarebytes did not show any website blocks. roguekiller log.txt
  7. Thank you so much for the comeback! MUCH appreciated!!!!!!!! I have followed “Setting Rendering Options for Best Performance.” In fact, I was able to max out everything & still got 30+ frames, depending on where I was flying. Flying over a densely populated area like Los Angeles reduced frame rates, but that is expected—I’m asking the computer to do a lot more work over LAX than if I’m flying over Nebraska. FYI: my 27” iMac has 32GB of RAM & the Radeon Pro 580 w 8192 MB, all running on High Sierra. I had Mal-bytes when I had X-P on my Dell gaming tower, & I could run a scan of my own design—targeting specific files / folders. Is there a way to do this on the version we’re using now? That seems to be what I need to do. However.... Seems that if Mal-bytes has scanned this program, wherever it is located, & I’m still having a problem, then that would seem to say that I have a corrupted file somewhere inside that folder that is taking up far too much RAM / Video RAM. PITA tho it may be, perhaps the best solution, short of being able to scan just this folder / program, would be to uninstall & reinstall. Answer to the “can I scan just this folder / program” question would be most helpful. Thanks, again, for your input!!!!!!!!!!!!!!!!! Michael
  8. Today
  9. I am downloading malware but when I run it I get this message? What can I do to get passed this? Both buttons take me to Windows security but not sure what to do there.
  10. please help solve the problem. I will provide any logs
  11. Thanks to 1PW, exile360 I downloaded 6.047 ... taking a guess that this was the last XP supported version. Ha! She found 75 items. Nothing in the high risk class, but I rewarded the old girl by allowing her to clean out almost all the suggestions ✌️ Thanks Porthos That was exactly what happened. I guess the level of concern rose, when I tried to run ADWcleaner, and found that it wouldn't run. Best wishes...
  12. Hello @Johnwesley and Please run the following steps and post back the logs as an attachment when ready. STEP 01 If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes 3 installed yet please download it from here and install it. Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know on your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here. Please attach the Additions.txt log to your reply as well. Thanks Ron
  13. I'm performing an in-place Windows 7 -> Windows 10 upgrade for a friend. A ways into the preliminary "getting ready" steps there is a popup from Malwarebytes claiming that a ransomware thread has been blocked. Unfortunately, this is a SetupHost.exe file from the Win10 upgrade, so the upgrade simply stops. The file is quarantined. I have restored the file, and added an exclusion for it. I hope this time the upgrade gets past this obstacle. -Ransomware Details- File: 1 Malware.Ransom.Agent.Generic, C:\$WINDOWS.~BT\Sources\SetupHost.exe, Quarantined, [0], [392685],0.0.0 False-Ransomware.txt
  14. Yes Kevin it helps, thank you, Just to clarify, a system image will backup the entire drive? all users and pictures, documents, etc? and would I need to purchase a windows 7 home premium installation disk to do the repair install?
  15. Hello, sorry i can´t find not the Log by me. I have only the combofix.exe, No a file this the name Colobox ( i hve renamned it) and a folder, this the Name combofix, but the folder is empty, on C:. MAM
  16. Those sites are common, It is usually just a browser lock. It can be mitigated just as you did by ending the browser process. They usually use scare tactics to get you to call "Microsoft" to fix an issue that does not exist on your computer. Those sites do not "infect" the computer unless you call the phone number and allow the scammers access to your computer.
  17. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-09-2019 01 Ran by NatesPC (21-09-2019 23:44:45) Running from C:\Users\trApwhore\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads Windows 10 Pro Version 1903 18362.356 (X64) (2019-09-16 10:38:25) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2463636829-2393173763-3756376473-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-2463636829-2393173763-3756376473-503 - Limited - Enabled) Guest (S-1-5-21-2463636829-2393173763-3756376473-501 - Limited - Enabled) NatesPC (S-1-5-21-2463636829-2393173763-3756376473-1004 - Administrator - Enabled) => C:\Users\trApwhore WDAGUtilityAccount (S-1-5-21-2463636829-2393173763-3756376473-504 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-2463636829-2393173763-3756376473-1004\...\uTorrent) (Version: 3.5.5.45341 - BitTorrent Inc.) AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.16 - Advanced Micro Devices, Inc.) AMD_Chipset_Drivers (HKLM-x32\...\{D8561EEF-2B90-4BDB-B197-16E96924E6AA}) (Version: 1.7.29.0115 - Advanced Micro Devices, Inc.) Hidden AMD_Chipset_Drivers (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 1.7.29.0115 - Advanced Micro Devices, Inc.) Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.2.0 - Electronic Arts, Inc.) ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.3.4.0 - ASUSTek COMPUTER INC.) Hidden ASUS Aac_NBDT HAL (HKLM-x32\...\{e8758547-b06a-4534-a291-d9062d2a6bf6}) (Version: 2.3.4.0 - ASUSTek COMPUTER INC.) Hidden ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.23 - ASUSTek COMPUTER INC. ) Hidden ASUS AURA Display Component (HKLM-x32\...\{b8af8e27-5c72-412c-bab7-dc6430e70f1b}) (Version: 1.1.23 - ASUSTek COMPUTER INC. ) Hidden ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.16 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Extension Card HAL (HKLM-x32\...\{e46f527f-1e64-4554-abc1-115f3429c25c}) (Version: 1.0.16 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.2.4 - ASUSTek COMPUTER INC.) Hidden ASUS AURA Headset Component (HKLM-x32\...\{7f23d3ea-a821-4293-b7f7-34383bf06437}) (Version: 1.2.4 - ASUSTek COMPUTER INC.) Hidden ASUS AURA Motherboard HAL (HKLM\...\{D800D836-DE15-4B00-8273-521F022CD837}) (Version: 1.0.50 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Motherboard HAL (HKLM-x32\...\{12b6811a-dcdb-43c1-b3e4-80aef31134c5}) (Version: 1.0.50 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Odd Component (HKLM\...\{B5E322FB-C191-463E-BDDD-4F22290EDFDB}) (Version: 1.0.8 - ASUSTeK COMPUTER INC.) Hidden ASUS AURA Odd Component (HKLM-x32\...\{277875e0-972c-4705-b09c-ca5acf5b2f7c}) (Version: 1.0.8 - ASUSTeK COMPUTER INC.) Hidden ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.03.38 - ASUSTek COMPUTER INC.) Hidden ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.2.0 - ASUSTek COMPUTER INC. ) Hidden ASUS AURA VGA Component (HKLM-x32\...\{55c3ae30-56f9-48ea-a96d-1fad2739e1a2}) (Version: 0.0.2.0 - ASUSTek COMPUTER INC. ) Hidden ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.0.37 - ASUSTek COMPUTER INC.) Hidden ASUS Keyboard HAL (HKLM-x32\...\{ae71a627-f426-4c18-afc9-b379b0e88f97}) (Version: 1.0.37 - ASUSTek COMPUTER INC.) Hidden ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.30 - ASUSTeK Computer Inc.) Hidden ASUS MB Peripheral Products (HKLM-x32\...\{a3a1beb0-9f5b-4b4e-8cfa-ef25842faf55}) (Version: 1.0.30 - ASUSTeK Computer Inc.) Hidden ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.0.39 - ASUSTek COMPUTER INC.) Hidden ASUS Mouse HAL (HKLM-x32\...\{d25743f5-a12e-4fa8-a426-6ee9c7b2ef9c}) (Version: 1.0.39 - ASUSTek COMPUTER INC.) Hidden ASUS MousePad HAL (HKLM\...\{723B40A4-5BF2-4DC6-834A-2ADF75F3CF7E}) (Version: 1.0.1.1 - ASUSTek COMPUTER INC.) Hidden ASUS MousePad HAL (HKLM-x32\...\{3fb92594-5d14-44b6-aa83-5e9823daa7e8}) (Version: 1.0.1.1 - ASUSTek COMPUTER INC.) Hidden AURA (HKLM-x32\...\{5899CD4F-8764-4303-A0D9-C60A62CFC24F}) (Version: 1.07.71 - ASUSTeK Computer Inc.) AURA DRAM Component (HKLM\...\{3881F403-B6B7-4D2F-BDAC-7901EB677F52}) (Version: 1.0.30 - ASUS) Hidden AURA DRAM Component (HKLM-x32\...\{e6f373bb-3881-463c-bd1a-3c948b067041}) (Version: 1.0.30 - ASUS) Hidden AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.03.56 - ASUSTeK Computer Inc.) Hidden AURA Service (HKLM-x32\...\{fae81274-d8ce-4fcf-a8c8-2c1d949df742}) (Version: 3.03.56 - ASUSTeK Computer Inc.) Balanced (HKLM-x32\...\{0EA45DD4-A825-420C-AFED-C659EFE3B84F}) (Version: 4.00.0000 - Advanced Micro Devices, Inc.) Hidden Battlefield™ V (HKLM-x32\...\{e26b382f-e945-4f70-9318-121b683f1d61}) (Version: 1.0.61.51714 - Electronic Arts) Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.51.0 - Bethesda Softworks) Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.12 - CORSAIR COMPONENTS INC.) Hidden Corsair AURA DRAM Component (HKLM-x32\...\{7f2fddab-1f7d-4301-b534-6723e6315fe1}) (Version: 1.0.12 - CORSAIR COMPONENTS INC.) Hidden DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.0940 - Disc Soft Ltd) ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 2.0.8 - ENE TECHNOLOGY INC.) Hidden ENE RGB HAL (HKLM\...\{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden ENE RGB HAL (HKLM-x32\...\{de9f7705-d509-49a2-90f2-29a80ff3b785}) (Version: 1.00.10 - Ene Tech.) Hidden ENE_EHD_M2_HAL (HKLM\...\{1CD178C9-BB49-4E59-9DA6-3C152E2A9844}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden ENE_EHD_M2_HAL (HKLM-x32\...\{fe81cfd3-9db4-409d-b0f9-26707d1423c6}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden Epic Games Launcher (HKLM-x32\...\{5B340CD5-07E3-41AA-9117-0A0EC863E454}) (Version: 1.1.220.0 - Epic Games, Inc.) Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden GALAX GAMER RGB (HKLM\...\{06A16AA8-BBA7-4362-962E-16651962D87C}) (Version: 1.00.02 - Galaxy Microsystems Ltd.) Hidden GALAX GAMER RGB (HKLM-x32\...\{1257fdeb-ffa3-4e17-9d4b-189075ea3656}) (Version: 1.00.02 - Galaxy Microsystems Ltd.) Intel(R) Network Connections 24.2.0.0 (HKLM\...\PROSetDX) (Version: 24.2.0.0 - Intel) Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.15 - KINGSTON COMPONENTS INC.) Hidden Kingston AURA DRAM Component (HKLM-x32\...\{83d4c398-3b93-4ab0-95f0-6091b0a2f601}) (Version: 1.0.15 - KINGSTON COMPONENTS INC.) Hidden Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes) Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 19.152.0801.0008 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation) Mozilla Firefox 69.0 (x64 en-US) (HKLM\...\Mozilla Firefox 69.0 (x64 en-US)) (Version: 69.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0 - Mozilla) NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 3.20.0.118 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.118 - NVIDIA Corporation) NVIDIA Graphics Driver 436.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 436.30 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation) NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation) OEM Application Profile (HKLM-x32\...\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Patriot Viper RGB (HKLM\...\{E42E13B0-071E-49C1-B1CC-58198E82F302}) (Version: 1.00.06 - Patriot Memory) Hidden Patriot Viper RGB (HKLM-x32\...\{72d8889e-2136-423e-b16f-aa8db820adad}) (Version: 1.00.06 - Patriot Memory) Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8468 - Realtek Semiconductor Corp.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN) WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH) Packages: ========= HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6 [2019-09-03] (HP Inc.) Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-31] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-08-31] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-08-31] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-10] (Microsoft Corporation) [MS Ad] NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.955.0_x64__56jybvy8sckqj [2019-08-31] (NVIDIA Corp.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileCoAuthLib64.dll => No File CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-08-31] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-08-31] (AVB Disc Soft, SIA -> Disc Soft Ltd) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_22f76d3b12d7bde2\nvshext.dll [2019-09-06] (NVIDIA Corporation -> NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal) ContextMenuHandlers1_S-1-5-21-2463636829-2393173763-3756376473-1004: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers4_S-1-5-21-2463636829-2393173763-3756376473-1004: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ContextMenuHandlers5_S-1-5-21-2463636829-2393173763-3756376473-1004: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2019-08-31 03:02 - 2019-08-31 03:00 - 006065152 _____ () [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.76\libprotobufd.dll 2019-06-19 09:43 - 2019-06-19 09:43 - 000207872 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\AacHal_x86.dll 2018-03-20 14:34 - 2018-03-20 14:34 - 000265728 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\SB_SMBUS_SDK.dll 2019-06-28 10:51 - 2019-06-28 10:51 - 000184832 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE_EHD_M2_HAL\AacHal_x86.dll 2018-09-20 09:39 - 2018-09-20 09:39 - 000156672 _____ () [File not signed] C:\Program Files\Galaxy\Aac_GALAX GAMER RGB\AacHal_x86.dll 2019-03-07 13:48 - 2019-03-07 13:48 - 000156672 _____ () [File not signed] C:\Program Files\Patriot\Aac_Patriot Viper RGB\AacHal_x86.dll 2019-05-06 16:07 - 2019-05-06 16:07 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll 2018-09-20 09:08 - 2018-09-20 09:08 - 000053760 _____ (MS) [File not signed] C:\Program Files\Galaxy\Aac_GALAX GAMER RGB\MsIo32_Galax.dll 2019-03-07 13:35 - 2019-03-07 13:35 - 000053248 _____ (MS) [File not signed] C:\Program Files\Patriot\Aac_Patriot Viper RGB\MsIo32_Patriot.dll 2019-06-28 16:23 - 2019-06-28 16:23 - 000428544 _____ (TODO: <Company name>) [File not signed] C:\Program Files\ASUS\Aac_Keyboard\AacKbHal_x86.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-08-31 03:08 - 2019-08-31 03:06 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2463636829-2393173763-3756376473-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\trApwhore\OneDrive\Pictures\Wallpapers\STRIX_QHD_2560x1440_511.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == If an entry is included in the fixlist, it will be removed. HKLM\...\StartupApproved\Run32: => "ASUS Ai Charger" HKLM\...\StartupApproved\Run32: => "RamCache II " HKU\S-1-5-21-2463636829-2393173763-3756376473-1004\...\StartupApproved\Run: => "uTorrent" HKU\S-1-5-21-2463636829-2393173763-3756376473-1004\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" HKU\S-1-5-21-2463636829-2393173763-3756376473-1004\...\StartupApproved\Run: => "EpicGamesLauncher" HKU\S-1-5-21-2463636829-2393173763-3756376473-1004\...\StartupApproved\Run: => "Speech Recognition" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{D3F3FF23-D571-4172-B5B3-C949DDEC11C2}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe (NVIDIA GameStream Server -> Respawn Entertainment) [File not signed] FirewallRules: [UDP Query User{7B583567-7396-466B-8CF3-442B70B9256F}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe (NVIDIA GameStream Server -> Respawn Entertainment) [File not signed] FirewallRules: [TCP Query User{FCCD5A5C-0487-447F-8CFE-AB1F5416EFBD}A:\origin games\battlefield v\bfv.exe] => (Allow) A:\origin games\battlefield v\bfv.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB) FirewallRules: [UDP Query User{D264691A-CB09-4B7C-A386-3CA2957AA235}A:\origin games\battlefield v\bfv.exe] => (Allow) A:\origin games\battlefield v\bfv.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB) FirewallRules: [TCP Query User{045E6245-7BAB-4690-90D3-714F560C1855}C:\users\trapwhore\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\trapwhore\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [UDP Query User{B8EE5E58-C980-4F1C-A100-948DBA931346}C:\users\trapwhore\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\trapwhore\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.) FirewallRules: [{F192E228-F589-4637-9722-FEF2D712F065}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{2FBC4329-88AB-4F6B-A617-354B041579C8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation) FirewallRules: [{3AA4D021-D62E-432A-9420-4A89446669A0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{A9B86F91-44F6-4B61-ABD6-18CDFF490DCF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation) FirewallRules: [{1ED6BD15-FB91-4F7A-A604-DA676416C8F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed] FirewallRules: [{194DBC21-B3A2-437F-BD84-1057B28A7608}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed] ==================== Restore Points ========================= 16-09-2019 07:15:27 Windows Update 19-09-2019 09:10:49 Installed ASUS Ai Charger 21-09-2019 18:38:58 Asus Sonic Studio 3 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/21/2019 11:42:40 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {37e0a02d-9e53-4606-8749-764c14d1ddcd} Error: (09/21/2019 06:41:14 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (09/21/2019 06:11:33 PM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. Error: (09/21/2019 06:03:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Origin.exe, version: 10.5.47.29954, time stamp: 0x5d6ff09f Faulting module name: libcurl.dll_unloaded, version: 7.59.0.0, time stamp: 0x5ab4389f Exception code: 0xc0000005 Fault offset: 0x000350a4 Faulting process id: 0x22f8 Faulting application start time: 0x01d570e189c5d9e5 Faulting application path: C:\Program Files (x86)\Origin\Origin.exe Faulting module path: libcurl.dll Report Id: b42e8093-c4d3-4ca0-a648-070809b1354b Faulting package full name: Faulting package-relative application ID: Error: (09/21/2019 06:03:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Origin.exe, version: 10.5.47.29954, time stamp: 0x5d6ff09f Faulting module name: MSVCR120.dll_unloaded, version: 12.0.21005.1, time stamp: 0x524f7ce6 Exception code: 0xc00001a5 Fault offset: 0x0001a0d5 Faulting process id: 0x22f8 Faulting application start time: 0x01d570e189c5d9e5 Faulting application path: C:\Program Files (x86)\Origin\Origin.exe Faulting module path: MSVCR120.dll Report Id: f0b5364d-a556-488d-a0b5-37cec11d2601 Faulting package full name: Faulting package-relative application ID: Error: (09/16/2019 10:39:32 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: HxOutlook.exe, version: 16.0.11901.20180, time stamp: 0x5d3c154a Faulting module name: Office.UI.Xaml.Hx.Mail.dll, version: 16.0.11901.20184, time stamp: 0x5d3cc832 Exception code: 0xc0000005 Fault offset: 0x0000000000199dbd Faulting process id: 0x18e0 Faulting application start time: 0x01d56cb44eb8264b Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe\HxOutlook.exe Faulting module path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Hx.Mail.dll Report Id: 798320c5-8265-4f54-a79c-48c63a75eb52 Faulting package full name: microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: microsoft.windowslive.mail Error: (09/16/2019 09:02:10 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-484E7DC) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (09/16/2019 04:15:04 AM) (Source: SecurityCenter) (EventID: 17) (User: ) Description: Security Center failed to validate caller with error %1. System errors: ============= Error: (09/21/2019 11:35:07 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The AppVClient service terminated with the following service-specific error: There is no MTS object context Error: (09/21/2019 11:35:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The shpamsvc service terminated with the following error: Catastrophic failure Error: (09/21/2019 11:35:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The AsSysCtrlService service failed to start due to the following error: The system cannot find the file specified. Error: (09/21/2019 11:35:06 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The UevAgentService service terminated with the following service-specific error: The storage control blocks were destroyed. Error: (09/21/2019 11:34:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (09/21/2019 11:34:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Disc Soft Lite Bus Service service terminated unexpectedly. It has done this 1 time(s). Error: (09/21/2019 11:34:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service. Error: (09/21/2019 11:34:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The LightingService service terminated unexpectedly. It has done this 1 time(s). Windows Defender: =================================== Date: 2019-09-21 23:17:34.744 Description: Controlled Folder Access blocked C:\Program Files (x86)\RamCache II\Uninstall.exe from making changes to memory. Detection time: 2019-09-22T06:17:34.743Z Path: \Device\HarddiskVolume4 Process Name: C:\Program Files (x86)\RamCache II\Uninstall.exe Security intelligence Version: 1.301.1974.0 Engine Version: 1.1.16300.1 Product Version: 4.18.1908.7 Date: 2019-09-21 22:44:42.803 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {F89E9F86-1A6F-46E3-B873-1536D0778CBF} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2019-09-21 18:52:00.403 Description: C:\Program Files (x86)\Overwolf\0.134.0.26\OWCleanup.exe has been blocked from modifying %userprofile%\Desktop by Controlled Folder Access. Detection time: 2019-09-22T01:52:00.402Z Path: %userprofile%\Desktop Process Name: C:\Program Files (x86)\Overwolf\0.134.0.26\OWCleanup.exe Security intelligence Version: 1.301.1896.0 Engine Version: 1.1.16300.1 Product Version: 4.18.1908.7 Date: 2019-09-21 18:40:38.851 Description: C:\ProgramData\Caphyon\Advanced Installer\{CF8E6767-AF00-47A9-9F68-C583556BE3D9}\setup.exe has been blocked from modifying %common_desktop%\ by Controlled Folder Access. Detection time: 2019-09-22T01:40:38.851Z Path: %common_desktop%\ Process Name: C:\ProgramData\Caphyon\Advanced Installer\{CF8E6767-AF00-47A9-9F68-C583556BE3D9}\setup.exe Security intelligence Version: 1.301.1896.0 Engine Version: 1.1.16300.1 Product Version: 4.18.1908.7 Date: 2019-09-21 18:36:57.580 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {C747A59C-8A3F-4516-AD4D-3705E94E9813} Scan Type: Antimalware Scan Parameters: Full Scan Date: 2019-09-16 18:16:15.749 Description: Windows Defender Antivirus has encountered an error trying to update security intelligence. New security intelligence Version: Previous security intelligence Version: 1.301.1445.0 Update Source: Microsoft Update Server Security intelligence Type: AntiVirus Update Type: Full Current Engine Version: Previous Engine Version: 1.1.16300.1 Error code: 0x80240438 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. CodeIntegrity: =================================== Date: 2019-09-21 23:41:34.619 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2019-09-21 23:38:08.023 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2019-09-21 23:36:50.455 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2019-09-21 23:36:49.345 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2019-09-21 23:36:38.391 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2019-09-21 23:36:37.789 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2019-09-21 23:36:34.599 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. Date: 2019-09-21 23:36:34.312 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== BIOS: American Megatrends Inc. 2605 08/06/2019 Motherboard: ASUSTeK COMPUTER INC. ROG STRIX B450-F GAMING Processor: AMD Ryzen 5 2600X Six-Core Processor Percentage of memory in use: 22% Total physical RAM: 16314.71 MB Available physical RAM: 12634.6 MB Total Virtual: 18746.71 MB Available Virtual: 13194.7 MB ==================== Drives ================================ Drive a: (HDD) (Fixed) (Total:465.76 GB) (Free:333.24 GB) NTFS Drive 😄 () (Fixed) (Total:222.21 GB) (Free:29.12 GB) NTFS \\?\Volume{ea8e6346-9ae7-4621-806d-355b06093f7b}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS \\?\Volume{0b4f2328-8e0a-4437-9aa8-58a298faf0e8}\ () (Fixed) (Total:0.81 GB) (Free:0.38 GB) NTFS \\?\Volume{9488dfbb-5358-4c63-b60e-650e39efeb8d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000) Partition: GPT. ======================================================== Disk: 1 (Size: 465.8 GB) (Disk ID: D2790CAD) Partition: GPT. ==================== End of Addition.txt ============================
  18. # ------------------------------- # Malwarebytes AdwCleaner 7.4.1.0 # ------------------------------- # Build: 09-05-2019 # Database: 2019-09-18.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 09-21-2019 # Duration: 00:00:01 # OS: Windows 10 Pro # Cleaned: 5 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** Deleted C:\Windows\System32\drivers\JitDriver.sys ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com Deleted HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner_Debug.log - [13002 octets] - [21/09/2019 23:33:39] AdwCleaner[S00].txt - [2327 octets] - [21/09/2019 23:34:11] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
  19. Hello ncarter777, Ok, if you believe your system is infected continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes version 3 from the following link: https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Report tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin....
  20. Hello Saloushe12 and welcome to Malwarebytes, Continue with the following: If you do not have Malwarebytes installed do the following: Download Malwarebytes version 3 from the following link: https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes or Malwarebytes is already installed do the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes quarantine any found entries... To get the log from Malwarebytes do the following: Click on the Report tab > from main interface. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have two options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Let me see those logs in your reply... Thank you, Kevin....
  21. well ill be honest I think I'm still infected a lot of shady weird things happening on my pc
  22. Hello Scardra and welcome to Malwarebytes, Run the following: Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Thank you, Kevin.
  23. Hello ARINEEDSHELP, A repair install does not remove any personal data, videos, music, pictures etc. However, it is always essential to have backups to avoid potential loss. Also I assume you are aware of Rasomware, a current threat that encrypts all personal stuff and basically holds you to ransom for a decryption key. Although security experts are cracking this threat there are still many versions with no current fix. I have a 2 TB SSD installed in my laptop and a 4 TB external HD for backups and full images... Not sure if you`ve heard of software by AOMEI, I use the pro versions. One of two freeware versions I recommend for you is Aomei One Key Recovery, the free version is more than adequate. Its a fully automated service that creates its own hidden Recovery Partition that is available at Boot. The partition holds a full image backup of your C:\ Drive, so if you have major problems you can revert back to that image by selecting the chosen key at boot. https://www.aomeitech.com/onekey-recovery.html The second one is Aomei Backupper Standard, again free version is more than adequate for you. Make sure to read up on these programs at Manf Website before installing and using... https://www.aomeitech.com/ab/standard.html Does that help...? Kevin...
  24. Hello ncarter777, The file in question is classed as legitimate by all of VirusTotal analysis engines, including Microsoft. Add that file as an exclusion to WD to stop the alerts... https://support.microsoft.com/en-gb/help/4028485/windows-10-add-an-exclusion-to-windows-security Is also worthwhile contacting MS support and make them aware of this False Positive... https://support.microsoft.com/en-us/contactus/ Thank you, Kevin
  25. I thought you may have misread that, so I downloaded the X-Plane 11 demo to see and it simply says it But that runs counter to what most other developers recommend, especially if you are running a recent version of macOS where any application that is run from somewhere other than the Applications folder is sandboxed, which will somewhat slow it down and also restrict it from doing certain suspect behaviors. And I did read the KB note about Moving X-Plane Out of the Mac Applications Folder. In any case, as I said before, both the Applications folder and your Desktop are on your Fusion Drives and Malwarebytes will scan both no matter which part of your Fusion Drive they are located on, so it's almost certain that malware is not what is causing slow frame rates. You haven't mentioned what version of macOS you are running nor the specific Mac it's running on. The developer indicates you will need a high end iMac or MacBook Pro for optimal performance. Have you followed the instructions for Setting the Rendering Options for Best Performance? I'll just add that I have never run across any reports of X-Plane being infected by any type of malware. In fact the infection of any Mac app is extremely rare. There are instances of sites being hacked and a fake app substituted for the real thing, as well as some that are purposely monetized with adware, but I doubt that is the case here. I've also seen many instances of browsers being modified to display adware by various means, but those have all been limited to browsers.
  26. Hello! @kevinf80 , pardon my late reponse, i hope all is well!, I am still trying to do the repair install and a few questions I SHOULD back up all of my data before reinstalling without wiping the drive, right? how to back up ALL (every account on the laptop) USERS data? and should I do it on the cloud or on a hard drive? any recommendations? I currently have 400 gb worth of data on the drive (C:) and 500 mb on the recovery, Should I buy a 1TB external hard drive? or should I do a system image? also, the process in the link you provided for me, is this essentially the same method? : https://www.youtube.com/watch?v=RC_5eb9wTfk thank you in advance!!! looking forward to your reply
  1. Load more activity
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.