AdvancedSetup

Let's start out with some generic clean up and verifying that all the Windows operating system files are valid and not corrupt. If we're still having issues after this then we'll dig into specific fixes for each. I'm officially off work now but will check back on you again in the morning. Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from. NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt Thanks

ATTENTION: System Restore is disabled (Total:111.31 GB) (Free:22.2 GB) (20%) Please enable System Restore and create a new Restore Point The logs show a few issues. The last attempt shows the license activation was in progress and then the computer initiated a shutdown. Then there is an error about an invalid SSL request. The Event Logs show quite a few issues as well that need to be looked at. I will move your topic to the Malware Removal forum where I can assist you in checking on fixing up the computer. @ibanana Application errors: ================== Error: (07/15/2020 06:36:53 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "D:\Games\BBMO\BBDLauncher_usa.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/15/2020 06:35:47 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: TEOPC) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (07/15/2020 06:35:16 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "D:\Games\BBMO\BBDLauncher_usa.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/15/2020 06:10:50 AM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "D:\Games\BBMO\BBDLauncher_usa.exe". Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (07/15/2020 06:09:47 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (07/15/2020 06:09:47 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (07/15/2020 06:09:47 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . Error: (07/15/2020 06:09:47 AM) (Source: VSS) (EventID: 8193) (User: ) Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress. . System errors: ============= Error: (07/15/2020 06:40:14 AM) (Source: NetBT) (EventID: 4311) (User: ) Description: Initialization failed because the driver device could not be created. Use the string "%2" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. Error: (07/15/2020 06:40:14 AM) (Source: NetBT) (EventID: 4311) (User: ) Description: Initialization failed because the driver device could not be created. Use the string "%2" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name. Error: (07/15/2020 06:39:02 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The nordvpn-service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (07/15/2020 06:14:53 AM) (Source: NetBT) (EventID: 4311) (User: ) Description: Initialization failed because the driver device could not be created. Use the string "%2" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.

Hello @Ben51 You should be able to simply reinstall Malwarebytes. Please run the following steps and post back the logs as an attachment when ready. STEP 01 If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes installed yet please download it from here and install it. Once installed then open Malwarebytes and select Scan and let it run. Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know in your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Attach or Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here. Please attach the Additions.txt log to your reply as well. Thanks

Hello @Jeysound123 The computer is having a few issues as shown in the logs. System errors: ============= Error: (07/14/2020 07:55:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Razer Synapse Service service terminated unexpectedly. It has done this 1 time(s). Error: (07/14/2020 07:55:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The NVIDIA LocalSystem Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 6000 milliseconds: Restart the service. Error: (07/14/2020 07:55:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The NVIDIA Telemetry Container service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. Error: (07/14/2020 07:55:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Razer Game Manager service terminated unexpectedly. It has done this 1 time(s). Error: (07/14/2020 07:55:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s). Error: (07/14/2020 07:55:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Error: (07/14/2020 07:55:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AdobeUpdateService service terminated unexpectedly. It has done this 1 time(s). Error: (07/14/2020 07:55:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Razer Central Service service terminated unexpectedly. It has done this 1 time(s). I don't see any signs of an obvious ongoing infection but we can run some generic cleanup and see if that helps or not. Please look at cleaning our Google Chrome first Once that is done, then please run the following fix. Please download the attached fixlist.txt file and save it to the Desktop or location where you ran FRST from. NOTE. It's important that both files, FRST or FRST64, and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. NOTE-1: This fix will run a scan to check that all Microsoft operating system files are valid and not corrupt and attempt to correct any invalid files. It will also run a disk check on the restart to ensure disk integrity. Depending on the speed of your computer this fix may take 30 minutes or more. NOTE-2: As part of this fix all temporary files will be removed. If you have any open web pages that have not been bookmarked please make sure you bookmark them now as all open applications will be automatically closed. Also, make sure you know the passwords for all websites as cookies will also be removed. The use of an external password manager is highly recommended instead of using your browser to store passwords. The following directories are emptied: Windows Temp Users Temp folders Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History Recently opened files cache Flash Player cache Java cache Steam HTML cache Explorer thumbnail and icon cache BITS transfer queue (qmgr*.dat files) Recycle Bin Important: items are permanently deleted. They are not moved to quarantine. If you have any questions or concerns please ask before running this fix. The system will be rebooted after the fix has run. fixlist.txt Thanks

Yes, you can send me a PM with the logs if you like

Hello @bettatek and I have moved your reply to it's own new topic. That last topic was replied to in 2018 and the product is vastly different now. Perhaps I'm not fully understanding your complaint. If the computer is asleep then nothing runs. Or do you mean it does not wake from sleep when scheduled? If that is the case then it's possible the current version isn't working. I have not personally tested it. I do know that we make a program call to wake the computer, but it's up to the computer to actually wake up. Programs have no control over that process beyond asking. I will report it though and see if QC can investigate In the mean time can you please provide us with some logs Upload Malwarebytes Support Tool logs offline Thank you

Thanks @tkmops Go ahead and shut down your computer tonight. Tomorrow when you turn it on please grab new FRST and ADDITIONS.TXT log files from FRST and we'll go from there to look at removing old software and cleaning up a bit. Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Thank you

Please try the following fix for the one log we tried to get before fixlist.txt Copy it to the same location as FRST64.EXE and then click the FIX button. Post back the new log

Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Please review the following for Tips to help protect from infection Thank you

Excellent. I'll go ahead then and close your topic. It will also provide a link with information to help keep your computer safe and improve privacy. No rush to do it all, maybe bookmark the site and review as you have time. Take care and have a great week

Sure, sounds good. I can rename at a late time

Topic was moved to False Positive forum for feedback from Research

Everything in looks good. There appears to be an update though for WinRAR -------------------------------- [ Arch ] --------------------------------- WinRAR 5.60 (64-bit) v.5.60.0 Warning! Download Update How is the computer running now? Are there still any signs of an infection or other issues I can assist you with before we close up here?

You should be able to leave Malwarebytes running. But if you like you can exit out of Malwarebytes via the Tray icon right click, exit. Then run the scan

SecurityCheck by glax24 I would like you to run a tool named SecurityCheck to inquire about the current-security-update status of some applications. Download SecurityCheck by glax24 from here https://tools.safezone.cc/glax24/SecurityCheck/SecurityCheck.exe and save the tool on the desktop. If Windows's SmartScreen block that with a message-window, then Click on the MORE INFO spot and over-ride that and allow it to proceed. This tool is safe. Smartscreen is overly sensitive. Right-click with your mouse on the Securitycheck.exe and select "Run as administrator" and reply YES to allow to run & go forward Wait for the scan to finish. It will open in a text file named SecurityType.txt. Close the file. Attach it with your next reply. You can find this file in a folder called SecurityCheck, C:\SecurityCheck\SecurityCheck.txt

No, please go ahead and run a scan with Windows Defender and let me know if it finds anything please.

Hello @Vip I'm checking to see if this is possibly a False Positive - I'll be back a bit later once I hear back from the team Thanks

Hello @Coco456 and Please run the following steps and post back the logs as an attachment when ready. STEP 01 If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button. If you don't have Malwarebytes installed yet please download it from here and install it. Once installed then open Malwarebytes and select Scan and let it run. Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply. If Malwarebytes won't run then please skip to the next step and let me know in your next reply. STEP 02 Please download AdwCleaner by Malwarebytes and save the file to your Desktop. Right-click on the program and select Run as Administrator to start the tool. Accept the Terms of use. Wait until the database is updated. Click Scan Now. When finished, please click Clean & Repair. Your PC should reboot now if any items were found. After reboot, a log file will be opened. Attach or Copy its content into your next reply. RESTART THE COMPUTER Before running Step 3 STEP 03 Please download the Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens, click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here. Please attach the Additions.txt log to your reply as well. Thanks

Okay, we'll be here. Cheers

Great, looks good. Please run Malwarebytes and check for updates in Settings, General or About Then run a new Threat Scan and post back the new log. Thanks

Can I get you to temporarily please change your default browser to either something like Firefox or Opera Let's have you run a secondary antivirus scanner as well to double-check and make sure there is not some type of threat we're missing. Then we'll go on from there to look at correcting the Operating System issues. Please download and run the following Kaspersky antivirus scanner to remove any found threats Kaspersky Virus Removal Tool Let me know if it finds anything or not Thanks

Don't need Rkill but thank you The tool will make a log on the Desktop (Fixlog.txt) or wherever you ran FRST from. Please attach or post it to your next reply I need FIXLOG.TXT please

Hello @tkmops Looking at your logs I can see that you have a very old installation of Windows and some very old software running that really shouldn't be running anymore. I would like to suggest that you allow me to help you clean up your computer some and I'm guessing it's probably also behind on Windows updates as some new ones also came out today. We can do via a new topic you create in this forum: https://forums.malwarebytes.com/forum/7-windows-malware-removal-help-support/ or if you like I can assist you via Private Messenger Thanks

Yeah, sadly @ShyWriter was probably one of the other few members with that Module. Really miss good old Steve. Hope he's doing well

Please give me some time to research this issue with SCEP certificate error