Jump to content

Search the Community

Showing results for tags 'process'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 20 results

  1. I got infected with a bunch of malware pushing me to ssoextension. Malwarebytes mostly successfully removed it from all of my browsers and other places. However, one particular process Malwarebytes keeps on block from access ssoextension.com (see attached log). I have not been able to delete the file VuurenWebTQM.exe because it is loaded as a process. When I kill the process, it immediately restarts itself. Malwarebytes scans don't find the process, nor does AdvCleaner (nor RKill). Meanwhile, every few minutes, the file attempts to phone home. Is there a way to point the scans at a particular process or file? Help? fileprob.txt
  2. I've done some research about G.exe, it seem that is a hidden window in the system that is not malicious at all. So here's my history: I had that for some time, the G window preventing windows from shutting down, I ran all kinds of cleaners and anti virusses, also Ran TRON script, turned down that I formated my PC and Started again with a clean boot. Some days later, I got It again, I don't know how I got it the First time, so I don't know what I did wrong. I read the thread bellow, It seems that the Guy responding had that issue too, but the windows are not malicious. https://forums.malwarebytes.com/topic/226720-gexe-removal/ I also have a question, can the G be stored in my Plug&Play devices(Razer Deathadder and a Xbox One Wireless reciever)? I would like to know If I can get rid of those windows, If possible, If not, as long as they aren't malicious I don't care about having them. If they are stored in my Plug&Play devices, can I get them fixed? Or do I have to buy new ones? Please consider helping. Thank you.
  3. I own many different macs for my whole family: - Macbook pro retina 2017 mid specs - Macbook 12" (2x) top specs - Macbook 13" 2015 top specs - Mabook pro retina 2018 top specs - etc. All of them run High Sierra 10.13.6. All of them run MWB 3.3.32 On all of them, the attached is a typical representation of CPU usage i get from "RTProtectionDaemon". ?As you can see, on a 9h 12m uptime, Malware Bytes was pegging the CPU at 94%!!!!!! ? This leads to: - slow macs regardless of CPU type, memory and ssd type. - a reduction in the lifespan of my components - a pissed off customer. I'd love to send the 'report' you asked in your FAQ but I can't find the button specified to generate it - I take your forum post refer to an older version of MWB? In any case, please help, or else it's back to a different Antimalware for me. Thank you.
  4. The title sums it up nicely, i cannot : resume or end or change in any way the process it prevents me from starting up the program hence i cannot uninstall or reinstall i used Mbam check and here are my results if that helps at all mb-check-results.txt mb-check-results.zip
  5. Malwarebytes in good company (https://www.virustotal.com/#/file/035877bf8ca678541a8142e65e7f4bccd8d903642aac93deedf0276561aa57f1/detection )detects and quarantines a commercial cots component from DataAccess corporation. Product info https://www.dataaccess.com/products/dataflex/features-243 Problem statement, The compiled web apps are triggering false positives by MalwareBytes which result in quarantine. The files are believed benign, system is clean room level pristine clean Latest rev of MalwareBytes and signatures and the vendor product DataFlex2017-19.0.33.4.Studio.exe www.malwarebytes.com -Log Details- Scan Date: 11/20/18 Scan Time: 5:55 PM Log File: 6b17659c-ed17-11e8-bfd2-d8cb8aefeb7e.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.482 Update Package Version: 1.0.7943 License: Premium -System Information- OS: Windows 10 (Build 17134.407) CPU: x64 File System: NTFS User: DESKTOP-U0ISPN2\backup -Scan Summary- Scan Type: Custom Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 1 Threats Detected: 5 Threats Quarantined: 0 Time Elapsed: 0 min, 11 sec -Scan Options- Memory: Disabled Startup: Disabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 2 MachineLearning/Anomalous.100%, C:\DATAFLEX 19.0 EXAMPLES\WEBORDER\PROGRAMS\WEBAPP.EXE, No Action By User, [0], [392687],1.0.7943 MachineLearning/Anomalous.100%, C:\DATAFLEX 19.0 EXAMPLES\WEBORDER\PROGRAMS\WEBAPP.EXE, No Action By User, [0], [392687],1.0.7943 Module: 2 MachineLearning/Anomalous.100%, C:\DATAFLEX 19.0 EXAMPLES\WEBORDER\PROGRAMS\WEBAPP.EXE, No Action By User, [0], [392687],1.0.7943 MachineLearning/Anomalous.100%, C:\DATAFLEX 19.0 EXAMPLES\WEBORDER\PROGRAMS\WEBAPP.EXE, No Action By User, [0], [392687],1.0.7943 Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 MachineLearning/Anomalous.100%, C:\DATAFLEX 19.0 EXAMPLES\WEBORDER\PROGRAMS\WEBAPP.EXE, No Action By User, [0], [392687],1.0.7943 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) WebApp.7z
  6. Hi, I am rather terrified. I was an idiot and installed malware on my computer. It is called scop.exe, and it will not let me close it down or delete it. Since it has shown up, I've been noticing clicking sounds every second. As if it is doing background stuff. in just fifteen minutes while I was scanning, it has imported 92 viruses. Various riskware, Trojans, and adware. Upon restarting to quorentine my computer no longer starts up properly. I have repaired startup through the repair disk and that worked, but only temporarily. If I restart, the same thing occurs again. No hardware is damaged. It doesn't show up as a virus by makwarebytes. And malwarebytes is the best, so I resorted to this. Attached are the processes. One is under wininit.exe the other is scop.exe, which relaunches every time I open a browser. firefox and chrome have been renamed to chrome334.exe and firefox334.exe these are running in safe mode and are just as bad i know I am not including a lot of data so please give me a list of what you need to know.
  7. Lately MBAM has become more obnoxious popping up nag boxes to upgrade. If I clicked "no" to this 14 days in a row, why would I will click "yes" on day 15? But putting that aside for a second, I was informed that a new version needs to be downloaded and installed. In other programs this happens seamlessly. In MBAM, I click 'agree and install', it attempts a fresh installation of the whole program, and immediately I get a long error about "could not overwrite mbam.exe"... now, I'm aware of what's happening, it doesn't have permission to shut down and overwrite the main MBAM process, which is currently running. I know enough about computers to deal with it. But a lot of people will just be confused, my parents or grandparents won't know what that error means or what do with it, so they won't upgrade. After being around 12 years, how do you not predict this obvious problem with the installation, and figure out a way to ensure it doesn't happen, instead of just leaving the user to click ok to a confusing error dialogue with no further hints? Maybe this is a lot of complaining to do for a free product, but if you want any hope of getting money from me, I have to know the program will not be intrusive, and that updates will go 100% smoothly, otherwise it's worth what I'm currently paying.
  8. Recently my computer has been infected through I'm sure something I have downloaded yet I was not fast enough to catch it and my computer is suffering. This seems to be a similar situation to a forum post I read up on to find out what is happening to my computer. I have a fairly high end computer in which I should not have any lag whatsoever no matter what application(s) I am running but as of late my computer struggles simply with google chrome. I checked out my task manager to see what process was taking up almost 100% of my CPU and RAM and it was "Windows Process Manager (32 bit)" and when I expand it its about 6 processes all under the same name and when I open details it is a process sbaeouh.exe that cannot be stopped no matter what and when I try to open file location I am denied access. Screenshots are attatched below as are my FRST and Addition txts. Please help! Thanks! -Jarrod FRST.txt Addition.txt
  9. I have a process called csrss.exe,is it a virus or not ? If yes,what I should do ?
  10. Hello guys, there's always a process that takes up 25% and it stays like that, until I decide to stop the process, once I do that another process starts taking up 25% (very badly phrased sorry) it's obviously a virus, I'd really appreciate any help. (I tried to scan the process' files yet no threats were detected so I dunno) Thanks !
  11. I wanted to add Virtualbox to web exclusions in order to allow the P2P app from guest OS to work fully, but even if I do this I still get the alerts. Virtualbox creates multiple processes of Virtualbox.exe complete with same path, only arguments are process specific. I think the web protection process exclusion feature was not designed to consider this scenario.
  12. I've been running mbae for a long while now and about a month ago it started notifying me of what process it was protecting whenever I launched said process. "Google Chrome now protected" and such when I opened chrome. These notifications come in the form of a popup speech bubble from the system tray. This is all fine and dandy but today it out of the blue told me that it was protecting internet explorer. Now this surprised me since ive not used internet explorer for over a year and that was when I downloaded google chrome after a full os reinstall and format. I checked the taskmanager and found iexplore.exe as a process which I terminated and started googling my problem. A few minutes later it once again notifyed me of protecting another instance of iexplore.exe and this time I didnt terminated the process but instead kept on researching and scanning with mbam. A few seconds later I checked back into the taskmanager and found that the iexplore.exe process was gone. I then waited for mbam to finish scanning which it did with no results and now im here writing this. What should I do? Nothing on my computer has changed since yesterday and this is the first time ive seen this. The only odd thing is that the online game TERA on steam wouldnt launch today either but this was solved by simply verifying my game cache so I think that was just a coincidence. Ive had TERA installed since last friday and this was the first instance of the TERA bug. Ive attached my mbae logs like instructed and I will respond to this thread with any updates on the problem. Any advice greatly appreciated! Malwarebytes Anti-Exploit.rar
  13. Hello, I really need help. After my dad used the pc, I found two programs: Yessearch and MPC cleaner. I immediately uninstalled them with Revo Uninstaller, but there is a system process (MPCProtectService.exe) locked, in fact I can't get rid of it neither using task manager nor with Unlocker... When I try to kill the process it displays me "access denied". I scanned multiple times the computer with Avast and Malwarebytes, but MPC cleaner seems good for both of them. Furthermore this virus/malware has a lot of .exe files in its folder, but every letter is showed like a square, as you can see in the attached file MPC2, so that I can't use any MPC's uninstaller. I attached the logs saved using FRST too. P.S.: I found another process, called "MPCTray.exe", but this is a user process. I can't kill it as well! Any help is appreciated MPC's home screenshot: MPC2.bmp FRST logs: Addition_06-01-2016_15-30-59.txt FRST_06-01-2016_15-30-59.txt
  14. Hello everyone, just a quick question. I usually use FRST to find any suspicious activity in my PC. Luckly, I never find anything. But today, something new happened. Some processes were marked with "Failed to access process", even if I'm in admin mode, I also found like 3 dllhost.exe running. Is that some kind of malware not letting me access Windows process (and also infecting them)? I will post both my .txt files (plus, I used Avast, MBAM and ESET Online scans - nothing infected). Thank you guys for helping me, and sorry for any problems caused. FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015 Ran by SERN (administrator) on IBM-5100 on 08-02-2015 01:44:16Running from C:\Users\SERN-ADM\DownloadsLoaded Profiles: SERN & SERN-ADM (Available profiles: SERN & SERN-ADM)Platform: Windows 8.1 Pro (X64) OS Language: Português (Brasil)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exeFailed to access process -> csrss.exeFailed to access process -> csrss.exeFailed to access process -> services.exe(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe() C:\Windows\System32\PnkBstrA.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3327.1030_x64__8wekyb3d8bbwe\onenoteim.exe(Microsoft Corporation) C:\Windows\System32\UserAccountBroker.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-31] (AVAST Software)HKLM\...\RunOnce: [LaunchWebURL] => C:\ProgramData\LaunchURL.bat [141 2014-12-13] ()HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\System32\rstrui.exe [271872 2014-09-24] (Microsoft Corporation)HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\6cb874d6-85a5-43b2-9e77-e0ebec44d9f8.exe /checkHKLM-x32\...\RunOnce: [{080B3DF2-8815-4E3E-AFBF-FA72E88B8A0E}] => cmd.exe /C start /D "C:\Users\SERN\AppData\Local\Temp" /B {080B3DF2-8815-4E3E-AFBF-FA72E88B8A0E}.exe -accepteula -accepteulaksn -activeimages -postbootShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-465716547-1104618823-2389287588-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehpHKU\S-1-5-21-465716547-1104618823-2389287588-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehpBHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabTcpip\Parameters: [DhcpNameServer] 201.6.2.137 201.6.2.67 192.168.0.1 FireFox:========FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-22] Chrome: =======CHR Profile: C:\Users\SERN\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Apresentações) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-24]CHR Extension: (Google Docs) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-24]CHR Extension: (Google Drive) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-24]CHR Extension: (YouTube) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-24]CHR Extension: (Pesquisa do Google) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-24]CHR Extension: (Planilhas do Google) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-24]CHR Extension: (Google Wallet) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-24]CHR Extension: (Gmail) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-24]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-22] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-22] (AVAST Software)R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-01-22] (AVAST Software)R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-12-15] ()R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-12-15] ()S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-22] ()R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-01-22] (AVAST Software)R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-22] (AVAST Software)R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-01-22] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-22] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-22] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-22] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-22] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-22] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-22] ()R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 01:25 - 2015-02-08 01:43 - 00024616 _____ () C:\Users\SERN-ADM\Downloads\Addition.txt2015-02-08 01:24 - 2015-02-08 01:44 - 00009908 _____ () C:\Users\SERN-ADM\Downloads\FRST.txt2015-02-08 01:23 - 2015-02-08 01:23 - 00000000 ____D () C:\Users\SERN-ADM\Downloads\FRST-OlderVersion2015-02-03 18:02 - 2015-02-03 18:02 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SERN-ADM\Downloads\mbam-setup-2.0.4.1028.exe2015-02-03 18:02 - 2015-02-03 18:02 - 00321848 _____ (Malwarebytes Corporation) C:\Users\SERN-ADM\Downloads\mbam-clean-2.1.1.1001.exe2015-02-02 19:59 - 2015-02-02 19:59 - 02347384 _____ (ESET) C:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe2015-02-01 15:22 - 2015-02-01 15:22 - 00000000 ____D () C:\Users\Todos os Usuários\ATI2015-02-01 15:22 - 2015-02-01 15:22 - 00000000 ____D () C:\ProgramData\ATI2015-01-22 18:45 - 2015-01-22 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit2015-01-22 18:45 - 2015-01-22 18:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit2015-01-22 18:44 - 2015-02-07 16:52 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-01-22 18:44 - 2015-01-22 18:44 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-01-22 18:44 - 2015-01-22 18:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-01-22 18:44 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2015-01-22 18:44 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2015-01-22 18:44 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2015-01-22 18:36 - 2015-01-22 18:36 - 00449936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys2015-01-22 18:36 - 2015-01-22 18:36 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys2015-01-22 18:36 - 2015-01-22 18:36 - 00001986 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk2015-01-22 18:36 - 2015-01-22 18:30 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe2015-01-22 18:33 - 2015-01-22 18:33 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\AVAST Software2015-01-22 18:31 - 2015-01-22 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software2015-01-22 18:31 - 2015-01-22 18:31 - 00000000 ____D () C:\AVAST Software2015-01-22 18:30 - 2015-02-08 01:26 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update2015-01-22 18:30 - 2015-01-22 18:31 - 00087912 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys2015-01-22 18:30 - 2015-01-22 18:30 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys2015-01-22 18:30 - 2015-01-22 18:30 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr2015-01-22 18:30 - 2015-01-22 18:30 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys2015-01-22 18:26 - 2015-01-22 18:27 - 00000000 ____D () C:\Users\Todos os Usuários\AVAST Software2015-01-22 18:26 - 2015-01-22 18:27 - 00000000 ____D () C:\ProgramData\AVAST Software2015-01-22 18:23 - 2015-01-22 18:27 - 00000000 ____D () C:\Program Files\AVAST Software2015-01-20 19:09 - 2014-04-15 21:35 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll2015-01-20 19:09 - 2014-04-15 21:34 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll2015-01-20 00:06 - 2015-02-07 16:48 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit2015-01-20 00:06 - 2015-02-07 16:48 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit2015-01-19 16:25 - 2015-01-19 16:25 - 00000000 __SHD () C:\Users\SERN-ADM\AppData\Local\EmieBrowserModeList2015-01-17 03:13 - 2015-01-17 03:13 - 00002805 _____ () C:\Users\SERN\Desktop\RKreport_SCN_01172015_031215.log2015-01-14 15:48 - 2014-12-19 04:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys2015-01-14 15:48 - 2014-12-12 00:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe2015-01-14 15:48 - 2014-12-11 22:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys2015-01-14 15:48 - 2014-12-08 23:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll2015-01-14 15:48 - 2014-12-08 17:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe2015-01-14 15:48 - 2014-12-08 17:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe2015-01-14 15:48 - 2014-12-06 01:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll2015-01-14 15:48 - 2014-12-05 23:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll2015-01-14 15:48 - 2014-12-05 23:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll2015-01-14 15:48 - 2014-10-29 02:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe2015-01-14 15:48 - 2014-10-29 02:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe2015-01-14 15:48 - 2014-10-29 01:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll2015-01-14 15:48 - 2014-10-29 01:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll2015-01-14 15:48 - 2014-10-29 01:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll2015-01-14 15:48 - 2014-10-29 01:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe2015-01-14 15:48 - 2014-10-29 01:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe2015-01-14 15:48 - 2014-10-29 01:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe2015-01-14 15:48 - 2014-10-29 01:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll2015-01-14 15:48 - 2014-10-29 01:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll2015-01-14 15:48 - 2014-10-29 01:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll2015-01-14 15:48 - 2014-10-29 00:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll2015-01-14 15:48 - 2014-10-28 23:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll2015-01-14 15:48 - 2014-10-28 23:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll2015-01-14 15:48 - 2014-10-28 23:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll2015-01-14 15:48 - 2014-10-28 23:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll2015-01-10 12:19 - 2015-02-03 14:05 - 00000000 ____D () C:\Users\SERN\AppData\Local\CrashDumps2015-01-10 12:17 - 2015-01-10 12:17 - 00000000 ____D () C:\gravity ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-08 01:44 - 2014-12-18 02:29 - 00000000 ____D () C:\FRST2015-02-08 01:41 - 2013-08-22 12:46 - 00301818 _____ () C:\WINDOWS\setupact.log2015-02-08 01:41 - 2013-08-22 12:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2015-02-08 01:40 - 2014-10-24 03:02 - 00000000 ____D () C:\Program Files (x86)\Steam2015-02-08 01:40 - 2014-10-24 02:18 - 02089439 _____ () C:\WINDOWS\WindowsUpdate.log2015-02-08 01:40 - 2013-08-22 11:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2015-02-08 01:25 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2015-02-08 01:23 - 2014-12-18 02:14 - 02132992 _____ (Farbar) C:\Users\SERN-ADM\Downloads\FRST64.exe2015-02-08 01:22 - 2014-11-04 01:02 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{23CBD818-4DC2-46F3-9F3F-9A3E033F9062}2015-02-08 01:21 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\sru2015-02-07 17:34 - 2014-10-24 03:16 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-465716547-1104618823-2389287588-10052015-02-05 17:29 - 2012-07-26 05:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2015-02-05 17:11 - 2014-10-24 02:49 - 00004066 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA2015-02-05 17:11 - 2014-10-24 02:49 - 00003830 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore2015-02-05 17:11 - 2014-10-24 02:49 - 00001094 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-02-05 17:11 - 2014-10-24 02:49 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-02-04 18:34 - 2014-10-24 11:39 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Skype2015-02-04 16:51 - 2014-12-12 21:57 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Local\CrashDumps2015-02-03 17:31 - 2014-09-24 06:09 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2015-02-03 17:31 - 2014-09-24 06:09 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2015-01-23 08:46 - 2014-11-03 15:41 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys2015-01-23 07:49 - 2014-12-13 15:58 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Raptr2015-01-22 19:00 - 2014-10-24 03:10 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Local\Google2015-01-22 18:56 - 2014-09-24 00:30 - 00833766 _____ () C:\WINDOWS\PFRO.log2015-01-21 09:57 - 2014-10-24 03:10 - 00000000 ____D () C:\Users\SERN-ADM2015-01-20 16:01 - 2014-11-03 15:41 - 00000000 ____D () C:\Users\Todos os Usuários\RogueKiller2015-01-20 16:01 - 2014-11-03 15:41 - 00000000 ____D () C:\ProgramData\RogueKiller2015-01-20 16:01 - 2014-10-24 03:08 - 00000000 ___RD () C:\Program Files (x86)\Skype2015-01-20 16:01 - 2014-10-24 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome2015-01-20 16:01 - 2014-09-24 06:06 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel2015-01-20 16:01 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Macromed2015-01-20 16:01 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed2015-01-20 16:01 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep2015-01-20 15:56 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\registration2015-01-19 01:51 - 2012-07-26 06:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports2015-01-14 16:53 - 2014-10-24 00:23 - 00000000 ____D () C:\WINDOWS\system32\MRT2015-01-14 16:50 - 2014-10-24 00:23 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2015-01-13 19:46 - 2014-10-24 03:08 - 00000000 ____D () C:\Users\Todos os Usuários\Skype2015-01-13 19:46 - 2014-10-24 03:08 - 00000000 ____D () C:\ProgramData\Skype ==================== Files in the root of some directories ======= 2014-12-13 15:56 - 2014-12-13 15:56 - 0000141 _____ () C:\ProgramData\LaunchURL.bat Files to move or delete:====================C:\ProgramData\LaunchURL.batC:\Users\Todos os Usuários\LaunchURL.bat Some content of TEMP:====================C:\Users\SERN\AppData\Local\Temp\dllnt_dump.dllC:\Users\SERN\AppData\Local\Temp\raptrpatch.exeC:\Users\SERN\AppData\Local\Temp\raptr_stub.exeC:\Users\SERN\AppData\Local\Temp\{080B3DF2-8815-4E3E-AFBF-FA72E88B8A0E}.exeC:\Users\SERN-ADM\AppData\Local\Temp\sonarinst.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-02-02 07:40 ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-02-2015Ran by SERN at 2015-02-08 01:44:44Running from C:\Users\SERN-ADM\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)Call of Duty (HKLM-x32\...\Steam App 2620) (Version: - Infinity Ward)Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)Cherry Tree High Comedy Club (HKLM-x32\...\Steam App 214610) (Version: - 773)Cherry Tree High I! My! Girls! (HKLM-x32\...\Steam App 333220) (Version: - 773)ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenGuncraft (HKLM-x32\...\Steam App 241720) (Version: - Exato Games Studio)If My Heart Had Wings (HKLM-x32\...\Steam App 326480) (Version: - Moenovel)Insurgency (HKLM-x32\...\Steam App 222880) (Version: - New World Interactive)Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version: - Hanako Games)Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)Malwarebytes Anti-Malware versão 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)Raptr (HKLM-x32\...\Raptr) (Version: - )Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)The Cat Lady (HKLM-x32\...\Steam App 253110) (Version: - Harvester Games)The Way of Life (HKLM-x32\...\Steam App 310370) (Version: - Fabio Ferrara) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 31-01-2015 13:25:08 Windows Update05-02-2015 17:28:56 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 11:25 - 2013-08-22 11:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2B54D8B7-D3F3-4FA3-8029-07DF4167F499} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)Task: {76FE62CE-2517-4080-B3F6-8C84B58FF389} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)Task: {A3B75793-9A21-4609-87DA-DEA35A5D8F1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)Task: {D761FDD7-50FB-4F61-AB43-2B6E1FEDB482} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-22] (AVAST Software)Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll2014-12-15 01:43 - 2014-12-15 01:43 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe2015-02-07 16:48 - 2015-02-07 16:48 - 02912768 _____ () C:\Program Files\AVAST Software\Avast\defs\15020701\algo.dll2015-01-22 18:30 - 2015-01-22 18:30 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\22792473.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\22792473.sys => ""="Driver" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Registry Areas ===================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-465716547-1104618823-2389287588-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpgHKU\S-1-5-21-465716547-1104618823-2389287588-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= Administrador (S-1-5-21-465716547-1104618823-2389287588-500 - Administrator - Disabled)Convidado (S-1-5-21-465716547-1104618823-2389287588-501 - Limited - Disabled)SERN (S-1-5-21-465716547-1104618823-2389287588-1001 - Administrator - Enabled) => C:\Users\SERNSERN-ADM (S-1-5-21-465716547-1104618823-2389287588-1005 - Limited - Enabled) => C:\Users\SERN-ADM ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (02/07/2015 05:36:15 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/07/2015 05:35:03 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/06/2015 09:48:35 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/06/2015 09:48:31 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 11:56:40 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 11:56:36 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 05:29:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema.. Details:AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP. System Error:Acesso negado.. Error: (02/05/2015 04:35:33 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 04:22:51 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. Error: (02/05/2015 04:22:46 PM) (Source: SideBySide) (EventID: 78) (User: )Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.Os componentes conflitantes são:Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest. System errors:=============Error: (02/08/2015 01:41:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (02/08/2015 01:40:34 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (02/08/2015 01:21:30 AM) (Source: atapi) (EventID: 11) (User: )Description: O driver detectou um erro de controlador em \Device\Ide\IdePort0. Error: (02/07/2015 07:41:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (02/07/2015 04:46:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (02/06/2015 09:47:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (02/06/2015 07:40:52 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (02/06/2015 06:48:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: %%3 Error: (02/06/2015 04:50:08 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Error: (02/06/2015 07:05:57 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível Microsoft Office Sessions:=========================Error: (02/07/2015 05:36:15 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/07/2015 05:35:03 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/06/2015 09:48:35 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (02/06/2015 09:48:31 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (02/05/2015 11:56:40 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (02/05/2015 11:56:36 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (02/05/2015 05:29:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )Description: Details:AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP. System Error:Acesso negado. Error: (02/05/2015 04:35:33 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (02/05/2015 04:22:51 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe Error: (02/05/2015 04:22:46 PM) (Source: SideBySide) (EventID: 78) (User: )Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu.exe CodeIntegrity Errors:=================================== Date: 2015-01-22 18:33:43.515 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD Phenom II X6 1090T ProcessorPercentage of memory in use: 12%Total physical RAM: 8189.55 MBAvailable physical RAM: 7133.35 MBTotal Pagefile: 9469.55 MBAvailable Pagefile: 8373.91 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.17 GB) (Free:851.38 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7068220E)Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  15. Hi, after I ran malwarebytes and found Trojan.Agent I ran RogueKiller and found this. RKreport.txt
  16. Hello! I've gone and followed this guide here: https://forums.malwarebytes.org/index.php?/topic/119858-available-assistance-for-possibly-infected-computers/ Like the title says, i'm getting annoying pop-op messages about outgoing and ingoing IP's getting blocked. It's mostly the same IP's. I've tried to track down the location of the IP's, and i've tracked one down to Egypt in Africa.... I have no idea what info it wants to send over there. If someone could help me getting rid of these pop-ups or something, then i would be very thankful. OS: Windows 8.1 Addition.txt FRST.txt
  17. Hello im trying to clean my mothers pc and every time i clean it with malwarebytes it seems liek the SVCHOST.exe keeps building in size and multiplying maybe im just paranoid but it seems fishy and is effecting performance a bit Thanks
  18. I've been using Malwarebytes for several years. I'm pleased with it... Every 4.5 minutes a process starts up on the background and runs for about 5-10 seconds. When it does so, it changes the cursor position when I'm is a list, MS Word, and other areas. It took me a long time to find the process that has been doing this for a long long time. It is a Malwarebytes background process of some sort. Is there way to find out for sure and change the delay? It's quite disrupting. Please help.
  19. On the following thread: http://forums.malwarebytes.org/index.php?showtopic=113700 This was mentioned: I visited this link and read down to the bottom, but found nowhere you can block IP addresses from a specific process (such as Utorrent). I can only see where I can turn off the IP blocker entirely. Is there any way I can block a specific process from the IP blocker ("Website Blocking")? I tried entering the process and its folder both into the ignore list of the Malwarebytes client, but it seems that list is only for the scanner and protection module, and not the IP blocker. Thanks for your time.
  20. Hello I am about to install Win 8 in my Dell xps 8300 using the iso fie for $40.00. I currently have Win 7 Home premium x 64. I ran the advisor and was told I would not get, or lose; 1-secure boot 2-avisynyh 3-Win Live Essentials 4-DVD 5-ATI and ATI manager My few questions were; 1-should I do a clean install or an upgrade 2-should I remove all partitions or, if not, which should I keep 3-can I, or shoud I, attempt to retrieve the apps/programs I lose by updating drivers 4-if this fails, can I use an Acronis image to retrieve my last Win 7 image as I will only use one license per one pc. I wrote in this format so it would be easy to respond the same way, ie, 1.2.3 etc Thank you very much for your help Peter
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.