Jump to content

Search the Community

Showing results for tags 'frst'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. My pc is infected and I can't run MalwareBytes due to the "Windows cannot access the specified device, path or file" error. After searching around, I found the common solution to run FRST. I'm attaching the FRST.txt and Addition.txt files and request the fixlist.txt file. Thank you. FRST.txt Addition.txt
  2. Hi, Yesterday my sister used computer and was installing some stuff. Today i saw some problems with PC, randomly showing pop ups on screen. I knew it must be some malware, Wanted to download Malwarebytes, but my browser stucked, had to close by force :) from another PC downloaded this antyvirus and install, but stucked again i know it's this virus fault. In task manager I see 32-Bit Setup Launcher. I can't get rid out this virus, please check those logs and tell me what should i do. FRST.txt Addition.txt
  3. Hi, Im new to w7. I come from Linux but I had to change to win7 because my son likes to have it. Since few days when I switch the PC it showed only the backgrownd picture. Not a single explorer element. In sec mode I delited the cover picture. It is showing blue screen. Mouspointer intact. When i right click i can attach gadjets, make new applicaton. But when i try to open something it does it in the backgrownd ( i see this because when I open later in security mode i see for instance that firefox was opening the pages i tried to open) Im very unfamiliar with windows. Please help my 11 ears old son to have a clen pc Im very grateful ! Thank you! here are some tests Addition.txt FRST.txt nativelog.txt
  4. Hey, i would really appreciate some help as i have gotten my laptop infected with virus. The problem startes as i downloaded something from the internet and everything went nuts. From there i started the computer in safe mode and did a scan with malwarebytes. I thought the problem was solved as i found a lot of malware, but when i restarted the computer i still had some problems. These problems being internet explorer always starts by itself showing me some random starter-page, malwarebytes always freezes as i try to open it - task manager says it has status "shut off", and even trying to search for malwarebytes or anything else antivirus related on the internet automaticly freezes the browser (applies to any browser), but only if i search for these things. From here i have tried plenty of virus scans in safe mode, and it always finds something but it never solves any problem. I was hoping for a quick answer as i am out of things to do. I downloaded FRST and did a scan some hours ago, files are attached. Note that i did some virus scans and such in the meanwhile, so if its neccessary that the log files are as recent as possible ill probly do another scan with FRST if you wish so. Addition.txt FRST.txt
  5. This is really bad. I've used a conversion program called Super in the past and needed to convert some video files. When I ran it from desktop, it said it would no longer run and stated I needed the free upgrade (with option to buy an ad-free version). I downloaded the free update, installed it, and life has been a pain ever since. CPU usage really high. Task manager shows offending process(es), but no name for it. Anonymizer also appears in the task list. Running Malwarebytes and quarantining, rebooting doesn't help because the problem reappears. Running Microsoft's Malicious Software Removal Tool doesn't get rid of it either. I downloaded FRST64 and that won't complete running! If I run it immediately after the Windows login screen it starts scanning but then disappears as said unknown process apparently loads and kills it. If I try to start it again (right click, run as administrator OR just double click), the FRST window flashes on the screen for a nanosecond and disappears. It seems the malware is killing it. Same happens for adwcleaner 7.1.0.0.: a window flashes on the screen for a moment (presumbably loading) and then nothing. FRST generated a FRST.txt file (no additions.txt file) - I'm attaching it as "FRSTdesktop.txt" I created a recovery drive on another Win 10 Pro computer, and copied frst64 to it. I then rebooted the infected computer into the recovery environment and ran frst64. It doesn't have the option box for Addition.txt. I'm attaching what it did produce as FRSTrecoverydrive.txt. I'm also attaching the Malwarebytes files. It shows, among other things, Adware.Vitruvian.PrxySvrRST, HKU\S-1-5-21-1831771387-2475998928-3974900432-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Removal Failed, [12819], [-1],0.0.0 This infection is really bad. If you can fix this one, I think you should be entered into the Antivirus Hall of Fame! Thanks! Mark P.S. I also noticed some unwanted files were added to the desktop. Screen shot attached showing these files from 04-27-18 Malwarebytes summary.txt Malwarebytes.txt FRSTdesktop.txt FRSTrecoverydrive.txt AdwCleaner[S00].txt AdwCleaner[C00].txt Malwarebytes log after reboot.txt
  6. Identical to this thread: Only, I noticed when mine went sour... immediately following the last "Windows Update". Here are my files: mb-check-results.zip FWIW, I am running paid versions of MBAM on all my PCs; this is my first forray into these forums. Thanks, in advance.
  7. I bought the Malwarebytes PRO and I cant install it, and I tried the many Chameleons but the most common response I am receiving is Download failed. FRST.txt
  8. Hi I need help with this virus, I already ran a scan on a flash drive in Recovery mode. My current system is WIndows 10 pro 64-bit. I can't open any programs such as adwcleaner or mbar. FRST.txt
  9. I have downloaded Malwarebytes to try to get rid of a Trojan I recently got, but it wasn't working, so I put it in chameleon mode only to get the message that the master config file couldn't be copied. I downloaded FRST and got my files, but don't know where to go from here. Addition_09-08-2017 01.53.20.txt FRST_09-08-2017 01.53.20.txt
  10. I am on a different laptop so i dont harm my infected computer any further.... I REALLY REALLY need help. I asked microsoft guy and he wont help me because i have to pay $150 for his service. Anyway... I HAVE DONE EVERYTHING I COULD FIND TO HELP... i have ran MULTIPLE DIFFERENT SCANS in safe mode not in safe mode everything windows defender offline optimization things thinking maybe its just a ruined file... anyway NOTHING CAN BE FOUND however i have hella SVC.exe on my tsk manager SO I KNOW its a virus... what can i do???? i dont watch porn i dont download anything.... i literally ONLY run WoW and now it cant even do that..... the laptop is 4 years old and it was working fine till about 4 months ago.... i cant even restore to factory settings it says an error has ocurred and nothing has been changed... SOMEONE PLEASE PLEASE HELP ME!!!! I forgot to mention what its doing.... the thinking symbol on the mouse blinks every half second it runs VERY VERY slowly and it over heats like no other.... I REALLY NEED HELP
  11. Please help? I can't open Malwarebytes, and have tried using the chameleon to do so. I've tried to figure it out myself but I am not doing something right. I know I have these problem files: Service Found: Dataup Service Found: windowsmanagementservice Service Found: NetUtils2016 Service Found: drmkpro64 Service Found: dataup I have attached the logs from FRST. Addition.txt FRST.txt
  12. Hello, I have been affected by some malware. I wet through the forum and performed the following steps: 1. Installed and ran Malwarebytes. I cleaned the vulnerabilities that were identified. 2. Ran Adware cleaner. I cleaned the vulnerabilities that were identified. 3. Ran the Junkware removal tool JRT. No vulnerabilities were detected on that instance. 4. Ran Farbar recovery scan tool (FRST). I am not sure how to analyze the text file to create a fixlist. I need some help on that front. The file however shows some entries that look very suspicious. I have attached all the log files from the that afore mentioned steps that were taken in the order they have been listed. Please help. Thanks. FRST.txt JRT.txt AdwCleaner[C2].txt Malwarebytes scan 10th june 2017.txt Addition.txt
  13. I keep getting outbound website request blocked via Malware Bytes usually all of port 57925. Did some research into a couple of the addresses, seem like ISPS aside from " vurnary.net ". Very suspicious as I have no weird software installed besides Windows and Steam really, use Tixati torrent client for downloading media files but no executables have been used. Attached FRST.txt, Shortcut.txt, and Addition.txt from FBAR. Also attached screen clippings of 3 example addresses from malware bytes all within close time proximity from each other to 3 seperate addresses. ( 2 Russia, 1 India ) Thank you! -FleebJuice FRST.txt Shortcut.txt Addition.txt
  14. Hey guys, sorry about necro-ing this thread but I do have the exact same issue as EniNeu A scan with GMER reveals this as well : Service C:\WINDOWS\system32\drivers\WdBoot.sys (*** hidden *** ) [BOOT] WdBoot <-- ROOTKIT !!! Service C:\WINDOWS\system32\drivers\WdFilter.sys (*** hidden *** ) [BOOT] WdFilter <-- ROOTKIT !!! Service C:\Program Files (x86)\Windows Defender\MsMpEng.exe (*** hidden ***) [AUTO] WinDefend <-- ROOTKIT !!! I am wondering if I should attempt deletion through GMER or if there is a better way. Just in case this might be a false positive I've attached a log of the complete scan. Thank you in advance CHRONOS gmer scan 03.05.17.log
  15. Okay, I think this is probably my first post on the forums, so I apologize for being a noob and doing whatever annoying things noobs do before they get a clue. That said, I am pretty positive I have a rootkit. It's a quiet and crafty sort; from the beginning there were no obvious signs of infection, there wasn't any slowing or memory leaking, no unusual traffic noted. I felt like something was off, but I couldn't pinpoint what until I got the first warning message from MBAM (see Exploit Blocking below). Now I notice that all my desktop icons are rearranged and suddenly there is a bit of dead space at the bottom where I can no longer move any icons, though that's kind of the least of my worries. Please see all the notes below and txt files (assuming I can figure out how to attach them!). I believe the initial infection came from a popup/pop under (can't recall which, sorry!) at http://www (dot) nowvideo (dot) sx/video/11bb079eff255 while using Chrome. Yes, I run AdBlock Plus, Ghostery, and have all my many browsers configured to block popups, and I never have any issues on any other sites, but this one managed to get around all that. I threw everything I could think of at this but I really just feel like I'm chasing it from one corner to another. Any help would be thoroughly appreciated. MBAM: * Initial error message that an exploit was blocked in Powershell (see txt file) * Scans Clean - All Scans * Starts up as normal, except Web Protection is shut off * On first load, Web Protection can be re-enabled * At some point, Web Protection with return to off, and Exploit Protection goes with it * Exploit Protection can be re-enabled, but it will switch off again * On attempting to re-enable Web Protection, it will forever say "Starting..." until next reboot ~~~ MBAR: * Scans clean ~~~ Avast: * Scans clean ~~~ TrendMicro Housecall: * Scans clean ~~~ GMER: * Initially found the following: Service C:\WINDOWS\system32\drivers\WdBoot.sys (*** hidden *** ) [BOOT] WdBoot <-- ROOTKIT !!! Service C:\WINDOWS\system32\drivers\WdFilter.sys (*** hidden *** ) [BOOT] WdFilter <-- ROOTKIT !!! Service C:\Program Files (x86)\Windows Defender\MsMpEng.exe (*** hidden ***) [AUTO] WinDefend <-- ROOTKIT !!! * Attempted deletion (through GMER) of all three, but WdBoot failed. ~~~ aswMBR: * Ran after GMER. The service below popped up, but aswMBR was unable to fix the issue (see full log). 23:05:02.343 Service WdBoot C:\WINDOWS\system32\drivers\WdBoot.sys **LOCKED** * Subsequent attempts to run aswMBR result in BSOD for the reason "Page fault in non-paged area" and then forced restart. ~~~ JRT: * Nothing to report ~~~ HitmanPro: * Found buckets of cookies in all browsers, including Internet Explorer and Edge which I NEVER use. All cookies were deleted. This was the initial confirmation something was up. ~~~ rKill: * A couple of issues popped up, nothing glaring... See txt. ~~~ ADW Cleaner: * No issues found ~~~ FRST: * See txt ~~~ RootKitRemover (McAffee): * Scanned Clean hijackthis 2-14-17.log MBAM - Exploit Blocked.txt Rkill 2-13-17.txt aswMBR 2-14-17.txt FRST 2-14-17.txt GMER Full 2-15-17.log GMER Pert 2-15-17.txt
  16. Hi everyone, so iv tried all kinds of software to remove a virus but it seems to always come back after just a few hours. Can anyone help me? Addition.txt FRST.txt
  17. I have been sent here from another Forum by Ron Lewis and asked to post both FRST and Addition Log Reports which you will find attached. Thank you in advance for your assistance. FRST.txt Addition.txt
  18. - Yesterday my PC started to run slowly. These pop ups started to appear: http://www.imgur.com/8OB4vfn,BBTDNmb http://www.imgur.com/dkdit0K - I was unable to turn off the PC through the start menu or do other functions shcuh as starting the task manager. - I started in safemode with networking, ran malwarebytes and was able to remove various trojans and other threats that referred to 'cryptowall'. http://www.imgur.com/cGdTNBS,bBiAt7X,LmaJPTi,u9gHdZV,9aWmeHO(image of scan results). - However, now when i start my PC this pop up appears again, http://m.imgur.com/dkdit0K, accept it says it has failed to load rather than succeeded, does this mean that the malware is still partially present? if so how would I go about solving this. - An entire secondary user account, all of program data, and a lot of appdata/local has been encrypted, would getting what i need on to an external harddrive and then doing a clean re-install be a viable option. -Thank you for your help.
  19. Hello i just read a post that was closed about memory leakage and crashing computers because of extremely high resources usage. I have paid for a 2 year subscription to the pro version for real time protection. This is the best security software on the planet but it is freezing my machine and the process manager shows 2 Malwarebytes processes that are way above all the rest (even when not scanning or updating). The only thing I have changed to my knowledge is in the advanced settings, I put a check-mark in the box "Reduce priority of scans to improve multitasking" but the computer bogs down badly and even worse when Malwarebytes is scanning or updating. In the previous post I read they were directed to download 2 apps run tests and post results (see attached scan results). Pls advise... 1. FRST.txt 2. Addition.txt 3. CheckResults.txt
  20. # AdwCleaner v5.016 - Creato file registro eventi 01/11/2015 in 23:50:53 # Aggiornato 01/11/2015 da Xplode # Database : 2015-11-01.2 [server] # Sistema operativo : Windows 7 Home Premium Service Pack 1 (x86) # Nome utente : Gakutenou - FROSTIE # In esecuzione da : C:\Documents\Downloads\adwcleaner_5.016.exe # Opzione : Analisi # Supporto : http://toolslib.net/forum ***** [ Servizi ] ***** ***** [ Cartelle ] ***** ***** [ File ] ***** ***** [ DLLs ] ***** ***** [ Collegamenti ] ***** ***** [ Attività pianificate ] ***** ***** [ Registry ] ***** Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{04F3C4CF-8DCD-4D80-92B5-6A016E316869} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{07202B0D-149C-4568-90DF-ACC2B4057809} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0722A2AC-4CF8-4310-AFEE-F87AA9BE10AA} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11F09AFE-75AD-4E52-AB43-E09E9351CE17} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{13B58989-8D66-4F69-922F-B608C38397C1} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1631550F-191D-4826-B069-D9439253D926} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{19BA983C-1D6E-4373-8675-C4371D0440AA} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1A1B64F9-2033-49BF-A3B9-0FE0F1953BDC} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1A6DC111-B030-4C3E-BE65-299284128B91} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1D74E9DD-8987-448B-B2CB-67FFF2B8A932} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1E905554-CF1D-4C5B-9085-A74F8E76A042} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1ED65C88-1259-484B-A9FA-6731E0D15743} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{291A109C-1B6A-4E04-8538-DF15E9F599C3} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{293A63F7-C3B6-423A-9845-901AC0A7EE6E} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2D891923-34B7-4186-9B47-752624535DC1} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3475D2C4-BBD1-4255-A70D-4125A4D30956} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{397CFDD8-762F-44D4-9517-E3969F89639E} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3A6BE320-DC9B-4D24-A6E8-621B81544F4B} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3C490BF5-4244-4310-B4A7-3361F288DAC5} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{41069220-F72A-40EA-A8F3-BCD5E1FBC8F0} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{416AE1CB-7257-484A-B912-AEBC7FDAD4CE} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{42C7C39F-3128-4A17-BDB7-91C46032B5B9} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{467013BB-D67E-45BE-A7D7-C29E3CCA8AAD} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A0BA746-D4D6-41A6-81EF-413E52B5F8D6} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AD44D3E-7316-4251-B754-9B10EC96AF92} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4AE33511-8993-448C-8BA7-69E252D69207} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4F383657-A595-4DF9-9AB3-FF69312BE9CC} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{547395D9-934A-CED6-B851-F238C86079E5} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{558B5DEA-A789-4BDE-A83F-2046EE1F64ED} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5617ECA9-488D-4BA2-8562-9710B9AB78D2} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{57F9FEF0-6EAE-4030-A68A-30FDC38B1B13} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{586D895F-13B4-4202-8C5D-F075F2505676} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5911488E-9D1E-40EC-8CBB-06B231CC153F} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{59802B67-952A-45A2-A5D4-054417ED4A2C} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5BE1ED16-E6DD-4C4E-A596-6CFD5EE7C1EE} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5DE59E4B-12D4-4BF0-B3C0-B1E8730DC70B} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6704E2EA-6213-4D17-BB3D-4AE9E3609536} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6D301CB8-19E8-4EA1-A648-63E43F577CD0} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6E13D095-45C3-4271-9475-F3B48227DD9F} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6FACFC3D-5C5E-4A12-828F-5F9CBA84CF17} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{703740C1-0F1A-4CEC-A4DF-D78DB0158477} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{70C6E9DE-F30E-4A40-8A6F-9572C2328320} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{759EE566-C608-434F-A186-DDB68BB1C724} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7A66EB91-F7D3-4DE2-8CA9-12C12AF3D5F2} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7DA17D5A-5718-4130-A605-FC316C827836} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7FF99715-3016-4381-84CE-E4E4C9673020} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8270927A-FB8B-4647-8E21-C9459BB2610D} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{82EA3E77-7BD2-4744-A8F2-670770767EC5} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{84395E42-9FF9-4B85-9264-B1762D069593} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{856E12B5-22D7-4E22-9ACA-EA9A008DD65B} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{91C1AE56-D2C9-4017-8BF1-75EA182CEB38} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{963B125B-8B21-49A2-A3A8-E37092276531} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9D717F81-9148-4F12-8568-69135F087DB0} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9E09CCCC-5C2B-4E45-8BF7-401B9181BFF2} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A0E8BC7D-6959-40B6-8E05-204D9768AD6E} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A5877FA8-A875-41DB-AEF5-B1124CEF74B6} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A7543596-01C2-4323-B1C9-BF0FCC7833DE} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A83C3565-302C-4BF8-B000-6B6F1811D892} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AA74D58F-ACD0-450D-A85E-6C04B171C044} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AB720781-0670-4E46-B82E-376AEF228F25} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{ACC01A56-70E3-472E-9C4F-83B1DA817DD8} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{ADE1FF98-B82B-4954-B447-0E513C675441} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B1DF652F-3A33-4F9F-B809-59870C4E9027} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B278D9F8-0FA9-465E-9938-0C392605D8E3} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B6EF6C45-5E8D-4C3B-B580-A5073261A381} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B7D3F515-9DBD-4C56-A743-89D5C0927443} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{B939CF93-F2CB-443D-956C-DC523D85C9DB} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{BFF6582B-F558-4964-B4C7-10BFBA9B8790} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C0A13BA0-B498-46EE-8DE0-B66FEC9FB86E} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C23B756A-BD9F-4CA6-ADED-17AB8CCF3E8B} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C4BF6897-41A2-454B-AC3B-437F30BEA671} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CBF53489-AD8D-4637-965A-413861EEC7CF} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CC01FC6C-2319-A88B-FCF7-416288B4E61A} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CD5B3EA2-522A-45B2-84A4-FCBEF03E8237} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF23C8EF-82FA-4524-9B69-952794B18314} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D281251E-9D68-4B62-B751-64DFE15FCD6A} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DA742A73-CFA7-4DE2-BF28-1FC51CF214BC} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DB536AF2-E422-402D-B7FD-887297F1A198} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DE4E75D3-60AA-4F02-A0E4-C8A40576574C} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{DFEFCDEE-CF1A-4FC8-89AF-189327213627} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2E7733E-F86C-4A47-BEF1-7A6268831EE1} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2E94F8D-4323-4943-A269-2E9EF6280434} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E8DAAA30-6CAA-4B58-9603-8E54238219E2} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EA4AF226-01C2-442D-B204-7B55EFD072F1} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EB4A577D-BCAD-4B1C-8AF2-9A74B8DD3431} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F4FE8DB4-7FC9-4C50-A25D-033A02D36298} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F52C6F92-7033-438F-BE30-20C87E2D9978} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F9E44926-2497-46F3-8A25-928136AC079E} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF6439F4-B6D5-41A9-97B6-69D650D265FD} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11111111-1111-1111-1111-110011431152} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AE48C704-8876-4EB2-9227-6CA5382694C5} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D3626E66-B13B-C628-ACDF-BDABCFA265E1} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E99D4D0C-EB54-46AF-B62A-3AA1F31D53E5} Chiave Trovato : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4D367733-AFF9-4943-9757-D37DAD8F33EB} ***** [ Browser web ] ***** ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [14178 byte] ########## (Subsequent scans turned up clean - MBAM Chameleon and JRT scans resulted clean)
  21. Hello, I am in great need of somebody to help me with my maleware removal process. I have followed instruction from other threads but need somebody experienced to write me a fixlist.txt from my logs. I have dl'ed adwcleaner and frst.exe. I have the scan logs, which I will post subsequent to this, but I do not know if the information will change by the time I receive feedback because several people may use this computer by the time I get a reply. Thanks for any help provided!
  22. I turned on the computer this morning only to find out that it is informing me that my Product Key is invalid, yet I had this computer for 5 years and this never happened. Attached are the logs the FRST came up with. I also installed Malwarebytes and scanned before I use the FRST scan. How do I return my product key to normal? FRST_21-03-2015_13-25-31.txt Addition_21-03-2015_13-25-31.txt
  23. Hello everyone, just a quick question. I usually use FRST to find any suspicious activity in my PC. Luckly, I never find anything. But today, something new happened. Some processes were marked with "Failed to access process", even if I'm in admin mode, I also found like 3 dllhost.exe running. Is that some kind of malware not letting me access Windows process (and also infecting them)? I will post both my .txt files (plus, I used Avast, MBAM and ESET Online scans - nothing infected). Thank you guys for helping me, and sorry for any problems caused. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015 Ran by SERN (administrator) on IBM-5100 on 08-02-2015 01:44:16Running from C:\Users\SERN-ADM\DownloadsLoaded Profiles: SERN & SERN-ADM (Available profiles: SERN & SERN-ADM)Platform: Windows 8.1 Pro (X64) OS Language: Português (Brasil)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exeFailed to access process -> csrss.exeFailed to access process -> csrss.exeFailed to access process -> services.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe() C:\Windows\System32\PnkBstrA.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3327.1030_x64__8wekyb3d8bbwe\onenoteim.exe(Microsoft Corporation) C:\Windows\System32\UserAccountBroker.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-31] (AVAST Software)HKLM\...\RunOnce: [LaunchWebURL] => C:\ProgramData\LaunchURL.bat [141 2014-12-13] ()HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\System32\rstrui.exe [271872 2014-09-24] (Microsoft Corporation)HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\6cb874d6-85a5-43b2-9e77-e0ebec44d9f8.exe /checkHKLM-x32\...\RunOnce: [{080B3DF2-8815-4E3E-AFBF-FA72E88B8A0E}] => cmd.exe /C start /D "C:\Users\SERN\AppData\Local\Temp" /B {080B3DF2-8815-4E3E-AFBF-FA72E88B8A0E}.exe -accepteula -accepteulaksn -activeimages -postbootShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-465716547-1104618823-2389287588-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehpHKU\S-1-5-21-465716547-1104618823-2389287588-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehpBHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabTcpip\Parameters: [DhcpNameServer] 201.6.2.137 201.6.2.67 192.168.0.1 FireFox:========FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-22] Chrome: =======CHR Profile: C:\Users\SERN\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Apresentações) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-24]CHR Extension: (Google Docs) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-24]CHR Extension: (Google Drive) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-24]CHR Extension: (YouTube) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-24]CHR Extension: (Pesquisa do Google) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-24]CHR Extension: (Planilhas do Google) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-24]CHR Extension: (Google Wallet) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-24]CHR Extension: (Gmail) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-24]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-22] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-22] (AVAST Software)R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-01-22] (AVAST Software)R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-12-15] ()R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-12-15] ()S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-22] ()R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-01-22] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-22] (AVAST Software)R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-01-22] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-22] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-22] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-22] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-22] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-22] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-22] ()R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 01:25 - 2015-02-08 01:43 - 00024616 _____ () C:\Users\SERN-ADM\Downloads\Addition.txt2015-02-08 01:24 - 2015-02-08 01:44 - 00009908 _____ () C:\Users\SERN-ADM\Downloads\FRST.txt2015-02-08 01:23 - 2015-02-08 01:23 - 00000000 ____D () C:\Users\SERN-ADM\Downloads\FRST-OlderVersion2015-02-03 18:02 - 2015-02-03 18:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SERN-ADM\Downloads\mbam-setup-2.0.4.1028.exe2015-02-03 18:02 - 2015-02-03 18:02 - 00321848 _____ (Malwarebytes Corporation) C:\Users\SERN-ADM\Downloads\mbam-clean-2.1.1.1001.exe2015-02-02 19:59 - 2015-02-02 19:59 - 02347384 _____ (ESET) C:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe2015-02-01 15:22 - 2015-02-01 15:22 - 00000000 ____D () C:\Users\Todos os Usuários\ATI2015-02-01 15:22 - 2015-02-01 15:22 - 00000000 ____D () C:\ProgramData\ATI2015-01-22 18:45 - 2015-01-22 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit2015-01-22 18:45 - 2015-01-22 18:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit2015-01-22 18:44 - 2015-02-07 16:52 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-01-22 18:44 - 2015-01-22 18:44 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-01-22 18:44 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-01-22 18:44 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2015-01-22 18:44 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2015-01-22 18:36 - 2015-01-22 18:36 - 00449936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys2015-01-22 18:36 - 2015-01-22 18:36 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys2015-01-22 18:36 - 2015-01-22 18:36 - 00001986 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk2015-01-22 18:36 - 2015-01-22 18:30 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe2015-01-22 18:33 - 2015-01-22 18:33 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\AVAST Software2015-01-22 18:31 - 2015-01-22 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2015-01-22 18:31 - 2015-01-22 18:31 - 00000000 ____D () C:\AVAST Software2015-01-22 18:30 - 2015-02-08 01:26 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update2015-01-22 18:30 - 2015-01-22 18:31 - 00087912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys2015-01-22 18:30 - 2015-01-22 18:30 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr2015-01-22 18:30 - 2015-01-22 18:30 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys2015-01-22 18:26 - 2015-01-22 18:27 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software2015-01-22 18:26 - 2015-01-22 18:27 - 00000000 ____D () C:\ProgramData\AVAST Software2015-01-22 18:23 - 2015-01-22 18:27 - 00000000 ____D () C:\Program Files\AVAST Software2015-01-20 19:09 - 2014-04-15 21:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll2015-01-20 19:09 - 2014-04-15 21:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll2015-01-20 00:06 - 2015-02-07 16:48 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit2015-01-20 00:06 - 2015-02-07 16:48 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit2015-01-19 16:25 - 2015-01-19 16:25 - 00000000 __SHD () C:\Users\SERN-ADM\AppData\Local\EmieBrowserModeList2015-01-17 03:13 - 2015-01-17 03:13 - 00002805 _____ () C:\Users\SERN\Desktop\RKreport_SCN_01172015_031215.log2015-01-14 15:48 - 2014-12-19 04:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys2015-01-14 15:48 - 2014-12-12 00:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe2015-01-14 15:48 - 2014-12-11 22:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys2015-01-14 15:48 - 2014-12-08 23:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe2015-01-14 15:48 - 2014-12-08 17:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe2015-01-14 15:48 - 2014-12-06 01:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll2015-01-14 15:48 - 2014-12-05 23:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll2015-01-14 15:48 - 2014-12-05 23:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll2015-01-14 15:48 - 2014-10-29 02:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe2015-01-14 15:48 - 2014-10-29 02:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe2015-01-14 15:48 - 2014-10-29 01:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll2015-01-14 15:48 - 2014-10-29 01:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll2015-01-14 15:48 - 2014-10-29 01:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll2015-01-14 15:48 - 2014-10-29 01:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe2015-01-14 15:48 - 2014-10-29 01:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe2015-01-14 15:48 - 2014-10-29 01:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe2015-01-14 15:48 - 2014-10-29 01:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll2015-01-14 15:48 - 2014-10-29 01:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll2015-01-14 15:48 - 2014-10-29 01:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll2015-01-14 15:48 - 2014-10-29 00:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll2015-01-14 15:48 - 2014-10-28 23:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll2015-01-14 15:48 - 2014-10-28 23:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll2015-01-14 15:48 - 2014-10-28 23:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2015-01-14 15:48 - 2014-10-28 23:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll2015-01-10 12:19 - 2015-02-03 14:05 - 00000000 ____D () C:\Users\SERN\AppData\Local\CrashDumps2015-01-10 12:17 - 2015-01-10 12:17 - 00000000 ____D () C:\gravity ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 01:44 - 2014-12-18 02:29 - 00000000 ____D () C:\FRST2015-02-08 01:41 - 2013-08-22 12:46 - 00301818 _____ () C:\WINDOWS\setupact.log2015-02-08 01:41 - 2013-08-22 12:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-02-08 01:40 - 2014-10-24 03:02 - 00000000 ____D () C:\Program Files (x86)\Steam2015-02-08 01:40 - 2014-10-24 02:18 - 02089439 _____ () C:\WINDOWS\WindowsUpdate.log2015-02-08 01:40 - 2013-08-22 11:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2015-02-08 01:25 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-02-08 01:23 - 2014-12-18 02:14 - 02132992 _____ (Farbar) C:\Users\SERN-ADM\Downloads\FRST64.exe2015-02-08 01:22 - 2014-11-04 01:02 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{23CBD818-4DC2-46F3-9F3F-9A3E033F9062}2015-02-08 01:21 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-02-07 17:34 - 2014-10-24 03:16 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-465716547-1104618823-2389287588-10052015-02-05 17:29 - 2012-07-26 05:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-02-05 17:11 - 2014-10-24 02:49 - 00004066 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2015-02-05 17:11 - 2014-10-24 02:49 - 00003830 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2015-02-05 17:11 - 2014-10-24 02:49 - 00001094 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-02-05 17:11 - 2014-10-24 02:49 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-02-04 18:34 - 2014-10-24 11:39 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Skype2015-02-04 16:51 - 2014-12-12 21:57 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Local\CrashDumps2015-02-03 17:31 - 2014-09-24 06:09 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-02-03 17:31 - 2014-09-24 06:09 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2015-01-23 08:46 - 2014-11-03 15:41 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys2015-01-23 07:49 - 2014-12-13 15:58 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Raptr2015-01-22 19:00 - 2014-10-24 03:10 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Local\Google2015-01-22 18:56 - 2014-09-24 00:30 - 00833766 _____ () C:\WINDOWS\PFRO.log2015-01-21 09:57 - 2014-10-24 03:10 - 00000000 ____D () C:\Users\SERN-ADM2015-01-20 16:01 - 2014-11-03 15:41 - 00000000 ____D () C:\Users\Todos os Usuários\RogueKiller2015-01-20 16:01 - 2014-11-03 15:41 - 00000000 ____D () C:\ProgramData\RogueKiller2015-01-20 16:01 - 2014-10-24 03:08 - 00000000 ___RD () C:\Program Files (x86)\Skype2015-01-20 16:01 - 2014-10-24 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-01-20 16:01 - 2014-09-24 06:06 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel2015-01-20 16:01 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed2015-01-20 16:01 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed2015-01-20 16:01 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep2015-01-20 15:56 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\registration2015-01-19 01:51 - 2012-07-26 06:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2015-01-14 16:53 - 2014-10-24 00:23 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-01-14 16:50 - 2014-10-24 00:23 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-01-13 19:46 - 2014-10-24 03:08 - 00000000 ____D () C:\Users\Todos os Usuários\Skype2015-01-13 19:46 - 2014-10-24 03:08 - 00000000 ____D () C:\ProgramData\Skype ==================== Files in the root of some directories ======= 2014-12-13 15:56 - 2014-12-13 15:56 - 0000141 _____ () C:\ProgramData\LaunchURL.bat Files to move or delete:====================C:\ProgramData\LaunchURL.batC:\Users\Todos os Usuários\LaunchURL.bat Some content of TEMP:====================C:\Users\SERN\AppData\Local\Temp\dllnt_dump.dllC:\Users\SERN\AppData\Local\Temp\raptrpatch.exeC:\Users\SERN\AppData\Local\Temp\raptr_stub.exeC:\Users\SERN\AppData\Local\Temp\{080B3DF2-8815-4E3E-AFBF-FA72E88B8A0E}.exeC:\Users\SERN-ADM\AppData\Local\Temp\sonarinst.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-02 07:40 ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015Ran by SERN at 2015-02-08 01:44:44Running from C:\Users\SERN-ADM\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)Call of Duty (HKLM-x32\...\Steam App 2620) (Version: - Infinity Ward)Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)Cherry Tree High Comedy Club (HKLM-x32\...\Steam App 214610) (Version: - 773)Cherry Tree High I! My! Girls! (HKLM-x32\...\Steam App 333220) (Version: - 773)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenGuncraft (HKLM-x32\...\Steam App 241720) (Version: - Exato Games Studio)If My Heart Had Wings (HKLM-x32\...\Steam App 326480) (Version: - Moenovel)Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version: - Hanako Games)Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)Malwarebytes Anti-Malware versão 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)Raptr (HKLM-x32\...\Raptr) (Version: - )Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)The Cat Lady (HKLM-x32\...\Steam App 253110) (Version: - Harvester Games)The Way of Life (HKLM-x32\...\Steam App 310370) (Version: - Fabio Ferrara) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 31-01-2015 13:25:08 Windows Update05-02-2015 17:28:56 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 11:25 - 2013-08-22 11:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2B54D8B7-D3F3-4FA3-8029-07DF4167F499} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)Task: {76FE62CE-2517-4080-B3F6-8C84B58FF389} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)Task: {A3B75793-9A21-4609-87DA-DEA35A5D8F1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)Task: {D761FDD7-50FB-4F61-AB43-2B6E1FEDB482} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-22] (AVAST Software)Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll2014-12-15 01:43 - 2014-12-15 01:43 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe2015-02-07 16:48 - 2015-02-07 16:48 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020701\algo.dll2015-01-22 18:30 - 2015-01-22 18:30 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\22792473.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\22792473.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-465716547-1104618823-2389287588-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpgHKU\S-1-5-21-465716547-1104618823-2389287588-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrador (S-1-5-21-465716547-1104618823-2389287588-500 - Administrator - Disabled)Convidado (S-1-5-21-465716547-1104618823-2389287588-501 - Limited - Disabled)SERN (S-1-5-21-465716547-1104618823-2389287588-1001 - Administrator - Enabled) => C:\Users\SERNSERN-ADM (S-1-5-21-465716547-1104618823-2389287588-1005 - Limited - Enabled) => C:\Users\SERN-ADM ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (02/07/2015 05:36:15 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/07/2015 05:35:03 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/06/2015 09:48:35 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/06/2015 09:48:31 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 11:56:40 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 11:56:36 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 05:29:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details:AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP. System Error:Acesso negado.. Error: (02/05/2015 04:35:33 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 04:22:51 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 04:22:46 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. System errors:=============Error: (02/08/2015 01:41:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (02/08/2015 01:40:34 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (02/08/2015 01:21:30 AM) (Source: atapi) (EventID: 11) (User: )Description: O driver detectou um erro de controlador em \Device\Ide\IdePort0. Error: (02/07/2015 07:41:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (02/07/2015 04:46:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (02/06/2015 09:47:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (02/06/2015 07:40:52 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (02/06/2015 06:48:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (02/06/2015 04:50:08 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (02/06/2015 07:05:57 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Microsoft Office Sessions:=========================Error: (02/07/2015 05:36:15 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/07/2015 05:35:03 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/06/2015 09:48:35 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (02/06/2015 09:48:31 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (02/05/2015 11:56:40 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (02/05/2015 11:56:36 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (02/05/2015 05:29:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description: Details:AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP. System Error:Acesso negado. Error: (02/05/2015 04:35:33 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/05/2015 04:22:51 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (02/05/2015 04:22:46 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe CodeIntegrity Errors:=================================== Date: 2015-01-22 18:33:43.515 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Phenom II X6 1090T ProcessorPercentage of memory in use: 12%Total physical RAM: 8189.55 MBAvailable physical RAM: 7133.35 MBTotal Pagefile: 9469.55 MBAvailable Pagefile: 8373.91 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.17 GB) (Free:851.38 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7068220E)Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  24. Hey, a co-worker of mine likes to download all these little programs on her computer (coupon applications etc) and during the installation process she clicks every single button that pops up, agreeing to the installation of all sorts of adware and malware. This time around she accidentally installed youtube accelerator. After removing it with MBAM, her ability to access the internet on any browser has been compromised. I did a bit of research, downloaded FRST and ran it on the computer, I have attached the logs it left me with: If somebody that is comfortable with FRST could provide me with a fixlist.txt I would be sincerely appreciative. Thanks so much! Addition.txt FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.