Possibly infected

[Aya_Tachibana]

Hello everyone.

 

I was doing my malware scans on my PC:

 

- With MBAM - Nothing infected

- With Avast! - Nothing infected

 

Before using the ESET Online Scanner, I remember about a program called Rogue Killer (it's always mentioned here in the forums). So I downloaded and gave it a try.

 

I got the logs here, but strangely, it also highlited (in yellow) a certain registry (it was something called RunOnce). So I went to adlice to see the tutorial if I can find about it, and Adlice said that Rogue Killer can stop malicious .bat (like RunOnce)

 

I got scared because of that, but I know it can be a false positive. To be sure, I will post the Rogue Killer logs and the FRST logs. And I will do the ESET Online Scanner.

 

PS: Strangely, after downloading the FRST (to get the newest version) Avast and Windows blocked the program (something that never happenned to me).

 

Well guys, thank you a lot for helping me.

 

Rogue Killer logs

 

RogueKiller V10.1.2.0 (x64) [Jan  7 2015] por Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Site : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

 

Sistema Operacional : Windows 8.1 (6.3.9200 ) 64 bits version

Iniciou : Modo normal

Usuário : SERN [Administrador]

Modo : Escanear -- Data : 01/17/2015  03:12:20

 

¤¤¤ Processos : 0 ¤¤¤

 

¤¤¤ Registro : 9 ¤¤¤

[suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce | LaunchWebURL : C:\ProgramData\LaunchURL.bat  -> Encontrado

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 201.6.2.137 201.6.2.67 192.168.0.1  -> Encontrado

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 201.6.2.137 201.6.2.67 192.168.0.1  -> Encontrado

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AA244F03-A93F-406B-B71C-1A8DF76B00C7} | DhcpNameServer : 201.6.2.137 201.6.2.67 192.168.0.1  -> Encontrado

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{AA244F03-A93F-406B-B71C-1A8DF76B00C7} | DhcpNameServer : 201.6.2.137 201.6.2.67 192.168.0.1  -> Encontrado

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Encontrado

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Encontrado

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Encontrado

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Encontrado

 

¤¤¤ Tarefas : 0 ¤¤¤

 

¤¤¤ Arquivos : 0 ¤¤¤

 

¤¤¤ Arquivos de hosts : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Carregado) ¤¤¤

 

¤¤¤ Navegadores : 0 ¤¤¤

 

¤¤¤ Verificação da MBR : ¤¤¤

+++++ PhysicalDrive0: WDC WD10EZEX-00RKKA0 ATA Device +++++

--- User ---

[MBR] 26bef715d3d1d47510abde64a7f48fc6

[bSP] 00b1a9551d633cc633207c8abbbc5b28 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 953517 MB

User = LL1 ... OK

User = LL2 ... OK

 

 

============================================

 

RKreport_SCN_11032014_154710.log - RKreport_SCN_11032014_173049.log

 

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01

Ran by SERN-ADM (ATTENTION: The logged in user is not administrator) on IBM-5100 on 17-01-2015 03:29:39

Running from C:\Users\SERN-ADM\Downloads

Loaded Profiles: SERN-ADM (Available profiles: SERN & SERN-ADM)

Platform: Windows 8.1 Pro (X64) OS Language: Português (Brasil)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\SERN-ADM\Downloads\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)

HKLM\...\RunOnce: [LaunchWebURL] => C:\ProgramData\LaunchURL.bat [141 2014-12-13] ()

HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\6cb874d6-85a5-43b2-9e77-e0ebec44d9f8.exe [183232 2015-01-12] (AVAST Software)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-465716547-1104618823-2389287588-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

Tcpip\Parameters: [DhcpNameServer] 201.6.2.137 201.6.2.67 192.168.0.1

 

FireFox:

========

FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-10]

 

Chrome: 

=======

CHR Profile: C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Apresentações) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-24]

CHR Extension: (Google Docs) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-24]

CHR Extension: (Google Drive) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-24]

CHR Extension: (WOT) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-10-24]

CHR Extension: (YouTube) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-24]

CHR Extension: (Pesquisa do Google) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-24]

CHR Extension: (Planilhas do Google) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-24]

CHR Extension: (AdBlock) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-24]

CHR Extension: (Google Wallet) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-24]

CHR Extension: (Gmail) - C:\Users\SERN-ADM\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-24]

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-10]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-10]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-10] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-28] (AVAST Software)

S2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)

S2 lmhosts; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)

R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)

R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)

R2 nsi; C:\Windows\SysWOW64\svchost.exe [31552 2013-08-22] (Microsoft Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)

R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-12-15] ()

R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-12-15] ()

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-10] ()

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-28] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-10] (AVAST Software)

R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-12-28] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-10] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-10] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-10] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-10] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-10] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-10] ()

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)

R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)

R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-17] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]

S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-17 03:28 - 2015-01-17 03:28 - 02125824 _____ (Farbar) C:\Users\SERN-ADM\Downloads\FRST64 (1).exe

2015-01-17 03:13 - 2015-01-17 03:13 - 00002805 _____ () C:\Users\SERN-ADM\Downloads\RKreport_SCN_01172015_031215.log

2015-01-17 03:06 - 2015-01-17 03:07 - 18467928 _____ () C:\Users\SERN-ADM\Downloads\RogueKillerX64.exe

2015-01-14 15:48 - 2014-12-19 04:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys

2015-01-14 15:48 - 2014-12-12 00:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe

2015-01-14 15:48 - 2014-12-11 22:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys

2015-01-14 15:48 - 2014-12-08 23:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2015-01-14 15:48 - 2014-12-08 17:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2015-01-14 15:48 - 2014-12-08 17:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2015-01-14 15:48 - 2014-12-08 17:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2015-01-14 15:48 - 2014-12-08 17:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

2015-01-14 15:48 - 2014-12-08 17:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

2015-01-14 15:48 - 2014-12-08 17:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll

2015-01-14 15:48 - 2014-12-08 17:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe

2015-01-14 15:48 - 2014-12-08 17:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe

2015-01-14 15:48 - 2014-12-06 01:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll

2015-01-14 15:48 - 2014-12-05 23:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll

2015-01-14 15:48 - 2014-12-05 23:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2015-01-14 15:48 - 2014-10-29 02:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

2015-01-14 15:48 - 2014-10-29 02:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

2015-01-14 15:48 - 2014-10-29 01:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2015-01-14 15:48 - 2014-10-29 01:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2015-01-14 15:48 - 2014-10-29 01:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2015-01-14 15:48 - 2014-10-29 01:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2015-01-14 15:48 - 2014-10-29 01:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

2015-01-14 15:48 - 2014-10-29 01:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

2015-01-14 15:48 - 2014-10-29 01:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll

2015-01-14 15:48 - 2014-10-29 01:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2015-01-14 15:48 - 2014-10-29 01:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll

2015-01-14 15:48 - 2014-10-29 00:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll

2015-01-14 15:48 - 2014-10-28 23:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll

2015-01-14 15:48 - 2014-10-28 23:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll

2015-01-14 15:48 - 2014-10-28 23:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2015-01-14 15:48 - 2014-10-28 23:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

2015-01-13 03:58 - 2015-01-17 03:27 - 00000000 ____D () C:\Users\SERN-ADM\Downloads\FRST-OlderVersion

2015-01-12 00:46 - 2015-01-17 01:10 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-01-12 00:46 - 2015-01-12 00:46 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-12 00:46 - 2015-01-12 00:46 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes

2015-01-12 00:46 - 2015-01-12 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-12 00:46 - 2015-01-12 00:46 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-12 00:46 - 2015-01-12 00:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-12 00:46 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-01-12 00:46 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-01-12 00:46 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-01-12 00:43 - 2015-01-12 00:43 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SERN-ADM\Downloads\mbam-setup-2.0.4.1028 (2).exe

2015-01-12 00:42 - 2015-01-12 00:42 - 00321848 _____ (Malwarebytes Corporation) C:\Users\SERN-ADM\Downloads\mbam-clean-2.1.1.1001 (3).exe

2015-01-10 14:00 - 2015-01-10 14:01 - 02347384 _____ (ESET) C:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (1).exe

2015-01-10 12:17 - 2015-01-10 12:17 - 00000000 ____D () C:\gravity

2015-01-04 12:23 - 2015-01-04 12:23 - 00001549 _____ () C:\Users\SERN-ADM\Downloads\transcript (1).txt

2015-01-03 17:54 - 2015-01-03 17:54 - 00001021 _____ () C:\Users\SERN-ADM\Downloads\transcript.txt

2014-12-29 12:40 - 2014-12-29 12:40 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\RenPy

2014-12-28 15:45 - 2014-12-28 15:45 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SERN-ADM\Downloads\mbam-setup-2.0.4.1028 (1).exe

2014-12-28 15:44 - 2014-12-28 15:44 - 00321848 _____ (Malwarebytes Corporation) C:\Users\SERN-ADM\Downloads\mbam-clean-2.1.1.1001 (2).exe

2014-12-28 15:24 - 2014-12-28 15:24 - 00001986 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk

2014-12-28 15:23 - 2014-12-28 15:23 - 00449936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys

2014-12-28 15:23 - 2014-12-28 15:23 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys

2014-12-28 15:23 - 2014-12-10 23:22 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2014-12-23 18:57 - 2014-12-23 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-12-23 18:57 - 2014-12-23 18:57 - 00000000 ____D () C:\Program Files (x86)\Origin Games

2014-12-19 14:11 - 2014-12-19 14:11 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-12-18 02:30 - 2015-01-14 15:03 - 00024018 _____ () C:\Users\SERN-ADM\Downloads\Addition.txt

2014-12-18 02:29 - 2015-01-17 03:29 - 00010168 _____ () C:\Users\SERN-ADM\Downloads\FRST.txt

2014-12-18 02:29 - 2015-01-17 03:29 - 00000000 ____D () C:\FRST

2014-12-18 02:14 - 2015-01-17 03:27 - 02125824 _____ (Farbar) C:\Users\SERN-ADM\Downloads\FRST64.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-17 03:28 - 2014-12-12 21:57 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Local\CrashDumps

2015-01-17 03:27 - 2014-10-24 02:18 - 01375501 _____ () C:\WINDOWS\WindowsUpdate.log

2015-01-17 03:16 - 2014-12-13 15:58 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Raptr

2015-01-17 03:15 - 2014-10-24 02:49 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-17 03:15 - 2013-08-22 12:46 - 00295812 _____ () C:\WINDOWS\setupact.log

2015-01-17 03:15 - 2013-08-22 12:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-01-17 03:08 - 2014-11-03 15:41 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys

2015-01-17 03:02 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-01-17 01:03 - 2014-10-24 03:02 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-01-14 16:53 - 2014-10-24 00:23 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-01-14 16:53 - 2012-07-26 05:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-01-14 16:50 - 2014-10-24 00:23 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-01-14 00:22 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-01-13 21:51 - 2014-10-24 11:39 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Skype

2015-01-13 19:46 - 2014-10-24 03:08 - 00000000 ___RD () C:\Program Files (x86)\Skype

2015-01-13 19:46 - 2014-10-24 03:08 - 00000000 ____D () C:\Users\Todos os Usuários\Skype

2015-01-13 19:46 - 2014-10-24 03:08 - 00000000 ____D () C:\ProgramData\Skype

2015-01-12 00:47 - 2014-09-24 00:30 - 00424538 _____ () C:\WINDOWS\PFRO.log

2015-01-05 22:08 - 2014-09-24 06:09 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-01-05 22:08 - 2014-09-24 06:09 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-28 18:01 - 2012-07-26 06:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

2014-12-28 15:49 - 2014-10-24 02:20 - 00000000 ____D () C:\Users\SERN

2014-12-28 15:24 - 2014-12-10 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2014-12-24 00:33 - 2014-10-24 03:10 - 00000000 ____D () C:\Users\SERN-ADM

2014-12-23 19:43 - 2014-12-11 15:36 - 00000000 ____D () C:\Users\Todos os Usuários\Origin

2014-12-23 19:43 - 2014-12-11 15:36 - 00000000 ____D () C:\ProgramData\Origin

2014-12-23 18:57 - 2014-12-11 15:36 - 00000000 ____D () C:\Users\Todos os Usuários\Electronic Arts

2014-12-23 18:57 - 2014-12-11 15:36 - 00000000 ____D () C:\ProgramData\Electronic Arts

2014-12-23 18:55 - 2014-12-11 15:36 - 00000000 ____D () C:\Program Files (x86)\Origin

2014-12-19 01:34 - 2014-12-15 01:21 - 00215416 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe

2014-12-19 01:34 - 2014-12-15 01:21 - 00214392 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0

 

==================== Files in the root of some directories =======

2014-12-13 15:56 - 2014-12-13 15:56 - 0000141 _____ () C:\ProgramData\LaunchURL.bat

 

Files to move or delete:

====================

C:\ProgramData\LaunchURL.bat

C:\Users\Todos os Usuários\LaunchURL.bat

 

 

Some content of TEMP:

====================

C:\Users\SERN-ADM\AppData\Local\Temp\sonarinst.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

==================== End Of Log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01

Ran by SERN-ADM at 2015-01-17 03:30:02

Running from C:\Users\SERN-ADM\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)

Call of Duty (HKLM-x32\...\Steam App 2620) (Version:  - Infinity Ward)

Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)

Cherry Tree High Comedy Club (HKLM-x32\...\Steam App 214610) (Version:  - 773)

Cherry Tree High I! My! Girls! (HKLM-x32\...\Steam App 333220) (Version:  - 773)

Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)

Dino D-Day (HKLM-x32\...\Steam App 70000) (Version:  - 800 North and Digital Ranch)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

If My Heart Had Wings (HKLM-x32\...\Steam App 326480) (Version:  - Moenovel)

Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)

Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)

Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version:  - Hanako Games)

Malwarebytes Anti-Malware versão 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)

PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)

PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

Ragnarok Online 2 (HKLM-x32\...\Steam App 231060) (Version:  - Gravity, Inc.)

Raptr (HKLM-x32\...\Raptr) (Version:  - )

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Sunrider Academy Demo (HKLM-x32\...\Steam App 340740) (Version:  - Love in Space)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)

The Cat Lady (HKLM-x32\...\Steam App 253110) (Version:  - Harvester Games)

The Way of Life (HKLM-x32\...\Steam App 310370) (Version:  - Fabio Ferrara)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

Check "winmgmt" service or repair WMI.

 

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 11:25 - 2013-08-22 11:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => ?

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => ?

 

==================== Loaded Modules (whitelisted) =============

 

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrador (S-1-5-21-465716547-1104618823-2389287588-500 - Administrator - Disabled)

Convidado (S-1-5-21-465716547-1104618823-2389287588-501 - Limited - Disabled)

SERN (S-1-5-21-465716547-1104618823-2389287588-1001 - Administrator - Enabled) => C:\Users\SERN

SERN-ADM (S-1-5-21-465716547-1104618823-2389287588-1005 - Limited - Enabled) => C:\Users\SERN-ADM

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/17/2015 03:28:22 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nome do aplicativo com falha: Explorer.EXE, versão: 6.3.9600.17284, carimbo de data/hora: 0x53f816dc

Nome do módulo com falha: DUI70.dll, versão: 6.3.9600.17031, carimbo de data/hora: 0x53086a1c

Código de exceção: 0xc0000005

Deslocamento da falha: 0x000000000007aa6e

ID do processo com falha: 0x858

Hora de início do aplicativo com falha: 0xExplorer.EXE0

Caminho do aplicativo com falha: Explorer.EXE1

Caminho do módulo com falha: Explorer.EXE2

ID do Relatório: Explorer.EXE3

Nome completo do pacote com falha: Explorer.EXE4

ID do aplicativo relativo ao pacote com falha: Explorer.EXE5

 

Error: (01/17/2015 03:01:10 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Error: (01/17/2015 03:01:05 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Error: (01/17/2015 01:13:00 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Error: (01/17/2015 01:11:58 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Error: (01/16/2015 07:52:55 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Error: (01/16/2015 07:26:04 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Error: (01/16/2015 07:25:26 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Error: (01/16/2015 06:48:17 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Error: (01/16/2015 01:10:24 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

 

System errors:

=============

Error: (01/17/2015 03:15:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: 

%%3

 

Error: (01/17/2015 02:59:14 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: 

%%3

 

Error: (01/17/2015 02:56:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: 

%%3

 

Error: (01/17/2015 01:10:25 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)

Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível

 

Error: (01/16/2015 11:37:04 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço MBAMScheduler.

 

Error: (01/16/2015 11:36:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Tempo limite esgotado (30000 milissegundos) ao aguardar a resposta de uma transação do serviço MBAMScheduler.

 

Error: (01/16/2015 10:58:02 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)

Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível

 

Error: (01/16/2015 06:11:57 PM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)

Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível

 

Error: (01/16/2015 03:30:35 AM) (Source: DCOM) (EventID: 10016) (User: AUTORIDADE NT)

Description: específico do aplicativoLocalAtivação{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}AUTORIDADE NTSISTEMAS-1-5-18LocalHost (Usando LRPC)Não DisponívelNão Disponível

 

Error: (01/16/2015 03:26:21 AM) (Source: DCOM) (EventID: 10016) (User: IBM-5100)

Description: específico do aplicativoLocalIniciar{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}IBM-5100SERN-ADMS-1-5-21-465716547-1104618823-2389287588-1005LocalHost (Usando LRPC)Não DisponívelNão Disponível

 

 

Microsoft Office Sessions:

=========================

Error: (01/17/2015 03:28:22 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Explorer.EXE6.3.9600.1728453f816dcDUI70.dll6.3.9600.1703153086a1cc0000005000000000007aa6e85801d03214a2d44cfdC:\WINDOWS\Explorer.EXEC:\WINDOWS\SYSTEM32\DUI70.dlla66da2dc-9e09-11e4-beb5-1c6f65ae635e

 

Error: (01/17/2015 03:01:10 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (1).exe

 

Error: (01/17/2015 03:01:05 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (1).exe

 

Error: (01/17/2015 01:13:00 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

 

Error: (01/17/2015 01:11:58 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

 

Error: (01/16/2015 07:52:55 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

 

Error: (01/16/2015 07:26:04 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

 

Error: (01/16/2015 07:25:26 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

 

Error: (01/16/2015 06:48:17 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

 

Error: (01/16/2015 01:10:24 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (1).exe

 

 

==================== Memory info =========================== 

 

Processor: AMD Phenom II X6 1090T Processor

Percentage of memory in use: 21%

Total physical RAM: 8189.55 MB

Available physical RAM: 6415.64 MB

Total Pagefile: 9469.55 MB

Available Pagefile: 7425.39 MB

Total Virtual: 131072 MB

Available Virtual: 131071.83 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.17 GB) (Free:822.11 GB) NTFS

 

==================== MBR & Partition Table ==================

 

==================== End Of Log ============================

[Aya_Tachibana]

It seems that I can't edit my post, so...

 

- I did the ESET Online Scanner - nothing found.

- I also forgot to say that MBAM and Avast scans were full scans (also, MBAM scan was in Admin Mode).

[LiquidTension]

Hello Aya, 
 
C:\ProgramData\LaunchURL.bat is legitimate, and nothing to be concerned by.
 

PS: Strangely, after downloading the FRST (to get the newest version) Avast and Windows blocked the program (something that never happenned to me).

This is nothing to be concerned by either. The detection is a false-positive. 
 
Your logs are clean.
However, you ran FRST from a non-administrator profile. I would like you to run FRST from an administrator profile (SERN), and attach the two logs generated.

 

Thank you.

[Aya_Tachibana]

LiquidTension, here is the logs (and sorry for the delay)

Addition.txt

FRST.txt

[LiquidTension]

Hi Aya, 

 

No issues there. The logs are OK. 

 

Do you have any other concerns?

[Aya_Tachibana]

Hello again, and sorry for the delay.

 

First of all, thank you for helping me.

 

I have some questions about the security of my PC, not really related to MBAM, but related to prevention.

 

- I have a router at home (my parents uses for their laptops, TV and cellphopnes, while I use it for my PC only), do I have to be worried about receiving infections from other devices at home?

- How about the internet browser, how easy is to get an infection (example, viewing images at google search, or watching videos at youtube).

 

Thank you, and sorry if I should have created a new thread.

[Aya_Tachibana]

Sorry for the double post, but I forgot to mention.

 

- I'm using both Avast Internet Security and Malwarebytes AntiMalware.

- I'm also using a non-admin account, so everytime that I have to install something, I have to write my password.

- I do scan my PC every few days, because I'm a little paranoid.

[LiquidTension]

Hello Aya, 
 

- I have a router at home (my parents uses for their laptops, TV and cellphopnes, while I use it for my PC only), do I have to be worried about receiving infections from other devices at home?

It is possible. The best method to reduce the risk of this happening is to educate the other users of your home network on how to practice safe hex and Internet usage. 
 
Generally speaking, the following are the most common infection vectors:

• Browsing the Internet without an active Anti-Virus and Firewall. 
• Leaving vulnerable Internet-facing software unpatched/outdated (Windows, Adobe software, Java, etc). 
• Participating in the usage of P2P filesharing.
• Participating in the usage of cracked/warez software. 
• Aimlessly clicking unknown links/email attachments. 
• Rushing through the installation of new software without reading each page. 
• Inserting USB drives or other removal media that you do not own. 
• Social engineering. 
• Visiting a compromised website. 
• Malvertisments/compromised ad services delivering malicious ads. 
   

Have you changed the default password for the router?
 
Please read: Malware Silently Alters Wireless Router Settings
Consult Router Passwords to find out what default username and password for your brand of router and make a note of that for future reference. Alternatively, your may find the username/password written on the base of your router. If neither options are applicable, please contact the manufacturer of your router.

• In order to get to the router's server, type http:\\192.168.1.1 in the address bar and click Enter. You should see the log in window.
• Fill in the password you have already found and you will get the configuration page.
• Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard.
• If you do not have a setup wizard you have to fill in the log in password your ISP has initially given to you. You can also call your ISP if you don't have your initial password.
• Don't forget to change the routers default password and set a stronger, more complex password. Note down the password and keep it somewhere for future reference.
• Devices connected to your router will have to reconnect using the changed password. 
   

- How about the internet browser, how easy is to get an infection (example, viewing images at google search, or watching videos at youtube).

It depends on the sites you visit. You may wish to read the following articles, which discuss how you can stay safe.

• Answers to common security questions - Best Practices by quietman7, MVP
• How Malware Spreads - How did I get infected? by quietman7, MVP
• Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
• How to Prevent Malware by miekiemoes, MVP
   

Regarding Google images - anything is possible. Google has many protections in place to combat known issues, but we can't rule out unknown issues. 
I wouldn't be too concerned though. 
 
Consider installing the following browser extensions:

•  AdBlock
•  NoScript (Firefox only)
•  Web of Trust (WOT)
•  VTzilla (Firefox only)
   

- I'm using both Avast Internet Security and Malwarebytes AntiMalware.

Good setup. 
 

- I do scan my PC every few days, because I'm a little paranoid.

It's better to be paranoid that ignorant. You should be fine running an MBAM Threat Scan an AV scan once a week, but ultimately it comes down to what you're most comfortable with. 
 
Most infections can be avoided if you practice safe hex and Internet usage. Watch what you click and keep your programmes up-to-date. The risk of infection can also be reduced by installing some of the programmes below.

• CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. 
•  Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
•  Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
•  Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you. 
•  Secunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
•  SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
•  Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs. 

[Aya_Tachibana]

Hello again.

 

I would like to ask a few things, and also answering some of your questions:

 

- Yes, I changed the default password of the router.

- I'm already using WOT and adBlock (through I'm using another adblock)

- I will get the MBAE and probably , Sandboxie (Avast sandbox doesn't work with Chrome).

 

- Now, I would like to ask few questions:

 

1 - The link (users.telenet.be), WOT commentters said that there are many malware on that website, is that true? (I just visited the link you posted, nothing more).

2 -  Everytime that I scan my PC (both Avast and MBAM) I disconnect my PC from the internet. 

 

This happened right now, I just turned on my PC now, and I got strange sympthoms:

 

- Both Avast and MBAM weren't opening from start

- There was a program open, when I just turned on my PC, called Wrapped RunOnce.

- I thought it was Windws problem, So I restarted it, but it continued to happen.

 

I fixed it by connecting to the internet (both Avast and MBAM returned and Wrapped RunOnce disappeared. Is that normal? Should I be concerned?

 

Thank you again.

[Aya_Tachibana]

Ok, sorry for the double post, but...

 

I restarted my PC just to be sure if my PC was OK, but I was wrong.

 

Now, every time that I start the user,

- There's always the Wrapper Run Once (32 bits)

- Both Avast and MBAM must be started manually (and MBAM doesn't start at all)

- When clicking in Configurations from Charms Bar, nothing happens.

- When clicking in Connections (left side of the Windows clock), it says no connection (even if I'm connected)

- Windows turn off button doesn't work, I have to turn off mannually.

- When clicking My documents, there's only 2 icons (Favorites and My computer), which windows says that it's empty (it also looks like that Windows is searching for it).

 

Ok, now I know that I must be concerned

[LiquidTension]

Hi Aya, 
 
What did you do to your computer prior to these issues appearing? 
 
Lets see if we can restore the machine back to an earlier date. 
 
 System Restore
 
Using the relevant instructions for your Operating System, please restore your PC to a time before these issues started occurring.

• Windows 8: Restoring your PC to an earlier point in time
• Windows 7: Windows 7 System Restore
• Windows Vista: Turn back time on your PC using System Restore
• Windows XP: How to use System Restore to restore Windows XP to a previous state

[Aya_Tachibana]

Hello.

 

What I did before those things happening is just a scam from Malwarebytes and from Avast.

 

Strangely, Avast turned back to free and Malwarebytes, everytime that I turn it on, it says to me to start the free trial, and that I never made a scan on my PC (I always do a scan with that).

 

Well, I can do a restore to 7 days ago, should I do it?

[Aya_Tachibana]

Sorry, double post again.

 

It seems that Avast is extremly bugged, it says that it's the free version, but in some parts it says that it's the Internet Security version.

Also, another thing that I did before was visiting the websites you showed me.

[LiquidTension]

Hi Aya,

The four links provided are perfectly safe. Three belong to BleepingComputer.com, and one belongs to the Director of Research here at Malwarebytes.

Telenet provides domain names for purchase. The WOT comments you read are for all sites under this domain, not the site I linked.

I don't know what has caused all these issues you've mentioned. It seems very strange.

If you choose to restore back 7 days, any software or system modifications you've made within the last 7 days will be reversed. Your personal files will be untouched.

However, before performing a restore, best practice is to backup your personal files to a USB drive or similar.

[Aya_Tachibana]

Ok, I will do the restore, wish me luck

[Aya_Tachibana]

Done the restauration.

 

But, I still have the same problems. That Wrapper Run Once still appear. Avast is less bugged, but still have some problems (your license of SecureLine expires in -1600 days).

Malwarebytes still not working properly, etc.

 

No idea what happened, maybe someone hacked me (since I'm paranoid, this is an option)? Or maybe Windows bugged at some time and, well, it's bugged.

[LiquidTension]

Hi Aya, 
 

No idea what happened, maybe someone hacked me (since I'm paranoid, this is an option)?

Unlikely. 
I have no idea what caused this, but I doubt it's malware-related. 
 
Other than running a scan with avast! & MBAM, and visiting the recommended reading material sites I provided, can you think of anything else you did? Perhaps software updated? Did avast! or MBAM detect anything? 
 

That Wrapper Run Once still appear.

Please take a screenshot and post in your next reply. Instructions on how to take a screenshot can be found in this article. Upload the image to Imgur.com and paste the URL in your next reply. 
 

Avast is less bugged, but still have some problems (your license of SecureLine expires in -1600 days).
Malwarebytes still not working properly, etc.

Have you got your avast! and MBAM license information to hand? We may end up uninstalling and reinstalling the software. 
 
 Farbar Recovery Scan Tool (FRST) Scan

• Please download Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
• Right-Click FRST64.exe and select  Run as administrator to run the programme.
• Click Yes to the disclaimer.
• Ensure the Addition.txt box is checked.
• Click the Scan button and let the programme run.
• Upon completion, click OK, then OK on the Addition.txt pop up screen.
• Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 

[Aya_Tachibana]

Hello LiquidTension.

 

As far as I know, I only did the scans and visited those websites. Only before the scan I updated both MBAM and Avast! (just a simple update, not really something big).

I have Avast info in hands, so that's not a problem. While MBAM I was using in trial, so not a real problem).

 

Here is the link to the image - http://imgur.com/lEoYxq2

(Also, is Imgur safe? There were so many pictures in the front page).

 

Also, the logs:

 

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015

Ran by SERN (administrator) on IBM-5100 on 20-01-2015 17:32:31

Running from C:\Users\SERN-ADM\Downloads

Loaded Profiles: SERN & SERN-ADM (Available profiles: SERN & SERN-ADM)

Platform: Windows 8.1 Pro (X64) OS Language: Português (Brasil)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe

() C:\Windows\System32\PnkBstrA.exe

(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe

(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-09] (AVAST Software)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)

HKLM\...\RunOnce: [LaunchWebURL] => C:\ProgramData\LaunchURL.bat [141 2014-12-13] ()

HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\System32\rstrui.exe [271872 2014-09-24] (Microsoft Corporation)

HKLM-x32\...\RunOnce: [20150107] => C:\Program Files\AVAST Software\Avast\setup\emupdate\6cb874d6-85a5-43b2-9e77-e0ebec44d9f8.exe [183232 2015-01-12] (AVAST Software)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKU\S-1-5-21-465716547-1104618823-2389287588-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp

HKU\S-1-5-21-465716547-1104618823-2389287588-1005\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pt-br/?ocid=iehp

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

Tcpip\Parameters: [DhcpNameServer] 201.6.2.137 201.6.2.67 192.168.0.1

 

FireFox:

========

FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll (EA Digital Illusions CE AB)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-10]

 

Chrome: 

=======

CHR Profile: C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Apresentações) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-24]

CHR Extension: (Google Docs) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-24]

CHR Extension: (Google Drive) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-24]

CHR Extension: (YouTube) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-24]

CHR Extension: (Pesquisa do Google) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-24]

CHR Extension: (Planilhas do Google) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-24]

CHR Extension: (Avast Online Security) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-20]

CHR Extension: (Google Wallet) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-24]

CHR Extension: (Gmail) - C:\Users\SERN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-24]

CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2014-12-10]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-10]

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-10] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-28] (AVAST Software)

R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)

S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-19] (Electronic Arts)

R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2014-12-15] ()

R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-12-15] ()

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-22] (Advanced Micro Devices, Inc.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-10] ()

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-12-28] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-10] (AVAST Software)

R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-12-28] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-10] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-10] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-10] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-10] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-10] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-10] ()

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [223232 2014-06-21] (Advanced Micro Devices)

R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)

R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2014-12-10] ()

R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-19] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)

S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]

S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-20 00:14 - 2015-01-20 00:15 - 00000083 _____ () C:\Users\SERN-ADM\Desktop\Novo Documento de Texto.txt

2015-01-20 00:06 - 2015-01-20 16:04 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes Anti-Exploit

2015-01-20 00:06 - 2015-01-20 16:04 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit

2015-01-20 00:06 - 2015-01-20 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit

2015-01-20 00:06 - 2015-01-20 16:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit

2015-01-19 19:44 - 2015-01-19 19:44 - 02967032 _____ (Malwarebytes ) C:\Users\SERN-ADM\Downloads\mbae-setup-1.05.1.1016.exe

2015-01-19 16:25 - 2015-01-19 16:25 - 00000000 __SHD () C:\Users\SERN-ADM\AppData\Local\EmieBrowserModeList

2015-01-17 03:13 - 2015-01-17 03:13 - 00002805 _____ () C:\Users\SERN-ADM\Downloads\RKreport_SCN_01172015_031215.log

2015-01-17 03:13 - 2015-01-17 03:13 - 00002805 _____ () C:\Users\SERN\Desktop\RKreport_SCN_01172015_031215.log

2015-01-17 03:06 - 2015-01-17 03:07 - 18467928 _____ () C:\Users\SERN-ADM\Downloads\RogueKillerX64.exe

2015-01-14 15:48 - 2014-12-19 04:26 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys

2015-01-14 15:48 - 2014-12-12 00:04 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe

2015-01-14 15:48 - 2014-12-11 22:51 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys

2015-01-14 15:48 - 2014-12-08 23:50 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2015-01-14 15:48 - 2014-12-08 17:42 - 00535640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll

2015-01-14 15:48 - 2014-12-08 17:42 - 00531616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll

2015-01-14 15:48 - 2014-12-08 17:42 - 00448792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll

2015-01-14 15:48 - 2014-12-08 17:42 - 00413248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll

2015-01-14 15:48 - 2014-12-08 17:42 - 00372408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll

2015-01-14 15:48 - 2014-12-08 17:42 - 00108944 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll

2015-01-14 15:48 - 2014-12-08 17:42 - 00038264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe

2015-01-14 15:48 - 2014-12-08 17:42 - 00033584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe

2015-01-14 15:48 - 2014-12-06 01:17 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll

2015-01-14 15:48 - 2014-12-05 23:41 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll

2015-01-14 15:48 - 2014-12-05 23:35 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2015-01-14 15:48 - 2014-10-29 02:00 - 00465320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe

2015-01-14 15:48 - 2014-10-29 02:00 - 00139984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe

2015-01-14 15:48 - 2014-10-29 01:52 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2015-01-14 15:48 - 2014-10-29 01:52 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2015-01-14 15:48 - 2014-10-29 01:52 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2015-01-14 15:48 - 2014-10-29 01:52 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2015-01-14 15:48 - 2014-10-29 01:12 - 00413136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe

2015-01-14 15:48 - 2014-10-29 01:12 - 00136296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe

2015-01-14 15:48 - 2014-10-29 01:07 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll

2015-01-14 15:48 - 2014-10-29 01:07 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2015-01-14 15:48 - 2014-10-29 01:07 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll

2015-01-14 15:48 - 2014-10-29 00:44 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll

2015-01-14 15:48 - 2014-10-28 23:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werdiagcontroller.dll

2015-01-14 15:48 - 2014-10-28 23:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll

2015-01-14 15:48 - 2014-10-28 23:02 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2015-01-14 15:48 - 2014-10-28 23:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll

2015-01-13 03:58 - 2015-01-20 16:01 - 00000000 ____D () C:\Users\SERN-ADM\Downloads\FRST-OlderVersion

2015-01-12 00:46 - 2015-01-19 20:33 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-01-12 00:46 - 2015-01-12 00:46 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-01-12 00:46 - 2015-01-12 00:46 - 00000000 ____D () C:\Users\Todos os Usuários\Malwarebytes

2015-01-12 00:46 - 2015-01-12 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-01-12 00:46 - 2015-01-12 00:46 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-01-12 00:46 - 2015-01-12 00:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-01-12 00:46 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-01-12 00:46 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-01-12 00:46 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2015-01-12 00:43 - 2015-01-12 00:43 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SERN-ADM\Downloads\mbam-setup-2.0.4.1028 (2).exe

2015-01-12 00:42 - 2015-01-12 00:42 - 00321848 _____ (Malwarebytes Corporation) C:\Users\SERN-ADM\Downloads\mbam-clean-2.1.1.1001 (3).exe

2015-01-10 14:00 - 2015-01-10 14:01 - 02347384 _____ (ESET) C:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (1).exe

2015-01-10 12:19 - 2015-01-10 16:19 - 00000000 ____D () C:\Users\SERN\AppData\Local\CrashDumps

2015-01-10 12:17 - 2015-01-10 12:17 - 00000000 ____D () C:\gravity

2015-01-04 12:23 - 2015-01-04 12:23 - 00001549 _____ () C:\Users\SERN-ADM\Downloads\transcript (1).txt

2015-01-03 17:54 - 2015-01-03 17:54 - 00001021 _____ () C:\Users\SERN-ADM\Downloads\transcript.txt

2014-12-29 12:40 - 2014-12-29 12:40 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\RenPy

2014-12-28 15:45 - 2014-12-28 15:45 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\SERN-ADM\Downloads\mbam-setup-2.0.4.1028 (1).exe

2014-12-28 15:44 - 2014-12-28 15:44 - 00321848 _____ (Malwarebytes Corporation) C:\Users\SERN-ADM\Downloads\mbam-clean-2.1.1.1001 (2).exe

2014-12-28 15:24 - 2014-12-28 15:24 - 00001986 _____ () C:\Users\Public\Desktop\Avast Internet Security.lnk

2014-12-28 15:23 - 2014-12-28 15:23 - 00449936 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNdisFlt.sys

2014-12-28 15:23 - 2014-12-28 15:23 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys

2014-12-28 15:23 - 2014-12-10 23:22 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2014-12-23 18:57 - 2014-12-23 18:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2014-12-23 18:57 - 2014-12-23 18:57 - 00000000 ____D () C:\Program Files (x86)\Origin Games

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-01-20 17:32 - 2014-12-18 02:29 - 00010494 _____ () C:\Users\SERN-ADM\Downloads\FRST.txt

2015-01-20 17:32 - 2014-12-18 02:29 - 00000000 ____D () C:\FRST

2015-01-20 17:32 - 2014-12-13 15:58 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Raptr

2015-01-20 17:32 - 2014-10-24 02:18 - 01942676 _____ () C:\WINDOWS\WindowsUpdate.log

2015-01-20 17:31 - 2014-10-24 02:49 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-01-20 17:31 - 2013-08-22 12:46 - 00297737 _____ () C:\WINDOWS\setupact.log

2015-01-20 17:31 - 2013-08-22 12:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2015-01-20 17:28 - 2014-12-10 23:22 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update

2015-01-20 16:16 - 2014-10-24 03:16 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-465716547-1104618823-2389287588-1005

2015-01-20 16:01 - 2014-11-03 15:41 - 00000000 ____D () C:\Users\Todos os Usuários\RogueKiller

2015-01-20 16:01 - 2014-11-03 15:41 - 00000000 ____D () C:\ProgramData\RogueKiller

2015-01-20 16:01 - 2014-10-24 03:08 - 00000000 ___RD () C:\Program Files (x86)\Skype

2015-01-20 16:01 - 2014-10-24 03:02 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-01-20 16:01 - 2014-10-24 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-01-20 16:01 - 2014-09-24 06:06 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2015-01-20 16:01 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2015-01-20 16:01 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\system32\Macromed

2015-01-20 16:01 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep

2015-01-20 15:56 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\registration

2015-01-20 15:47 - 2014-11-04 01:02 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{23CBD818-4DC2-46F3-9F3F-9A3E033F9062}

2015-01-20 00:17 - 2014-10-24 03:10 - 00000000 ____D () C:\Users\SERN-ADM

2015-01-20 00:09 - 2014-12-18 02:30 - 00025924 _____ () C:\Users\SERN-ADM\Downloads\Addition.txt

2015-01-20 00:08 - 2014-12-18 02:14 - 02126848 _____ (Farbar) C:\Users\SERN-ADM\Downloads\FRST64.exe

2015-01-19 23:55 - 2013-08-22 13:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2015-01-19 23:45 - 2014-12-12 21:57 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Local\CrashDumps

2015-01-19 01:51 - 2012-07-26 06:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports

2015-01-18 01:27 - 2014-09-24 00:30 - 00426874 _____ () C:\WINDOWS\PFRO.log

2015-01-17 03:08 - 2014-11-03 15:41 - 00037624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys

2015-01-14 16:53 - 2014-10-24 00:23 - 00000000 ____D () C:\WINDOWS\system32\MRT

2015-01-14 16:53 - 2012-07-26 05:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2015-01-14 16:50 - 2014-10-24 00:23 - 113365784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-01-13 21:51 - 2014-10-24 11:39 - 00000000 ____D () C:\Users\SERN-ADM\AppData\Roaming\Skype

2015-01-13 19:46 - 2014-10-24 03:08 - 00000000 ____D () C:\Users\Todos os Usuários\Skype

2015-01-13 19:46 - 2014-10-24 03:08 - 00000000 ____D () C:\ProgramData\Skype

2015-01-13 16:11 - 2013-08-22 11:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2015-01-05 22:08 - 2014-09-24 06:09 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-01-05 22:08 - 2014-09-24 06:09 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-12-28 15:49 - 2014-10-24 02:20 - 00000000 ____D () C:\Users\SERN

2014-12-28 15:24 - 2014-12-10 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software

2014-12-23 19:43 - 2014-12-11 15:36 - 00000000 ____D () C:\Users\Todos os Usuários\Origin

2014-12-23 19:43 - 2014-12-11 15:36 - 00000000 ____D () C:\ProgramData\Origin

2014-12-23 18:57 - 2014-12-11 15:36 - 00000000 ____D () C:\Users\Todos os Usuários\Electronic Arts

2014-12-23 18:57 - 2014-12-11 15:36 - 00000000 ____D () C:\ProgramData\Electronic Arts

2014-12-23 18:55 - 2014-12-11 15:36 - 00000000 ____D () C:\Program Files (x86)\Origin

 

==================== Files in the root of some directories =======

2014-12-13 15:56 - 2014-12-13 15:56 - 0000141 _____ () C:\ProgramData\LaunchURL.bat

 

Files to move or delete:

====================

C:\ProgramData\LaunchURL.bat

C:\Users\Todos os Usuários\LaunchURL.bat

 

 

Some content of TEMP:

====================

C:\Users\SERN\AppData\Local\Temp\dllnt_dump.dll

C:\Users\SERN\AppData\Local\Temp\raptrpatch.exe

C:\Users\SERN\AppData\Local\Temp\raptr_stub.exe

C:\Users\SERN-ADM\AppData\Local\Temp\sonarinst.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-01-12 14:24

 

 

==================== End Of Log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015

Ran by SERN at 2015-01-20 17:33:14

Running from C:\Users\SERN-ADM\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)

Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)

Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)

Call of Duty (HKLM-x32\...\Steam App 2620) (Version:  - Infinity Ward)

Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)

Cherry Tree High Comedy Club (HKLM-x32\...\Steam App 214610) (Version:  - 773)

Cherry Tree High I! My! Girls! (HKLM-x32\...\Steam App 333220) (Version:  - 773)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

If My Heart Had Wings (HKLM-x32\...\Steam App 326480) (Version:  - Moenovel)

Insurgency (HKLM-x32\...\Steam App 222880) (Version:  - New World Interactive)

Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)

Long Live The Queen (HKLM-x32\...\Steam App 251990) (Version:  - Hanako Games)

Malwarebytes Anti-Exploit version 1.05.1.1016 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.05.1.1016 - Malwarebytes)

Malwarebytes Anti-Malware versão 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)

NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)

Origin (HKLM-x32\...\Origin) (Version: 9.5.2.2829 - Electronic Arts, Inc.)

PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)

PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)

Ragnarok Online 2 (HKLM-x32\...\Steam App 231060) (Version:  - Gravity, Inc.)

Raptr (HKLM-x32\...\Raptr) (Version:  - )

Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

Sunrider Academy Demo (HKLM-x32\...\Steam App 340740) (Version:  - Love in Space)

Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)

The Cat Lady (HKLM-x32\...\Steam App 253110) (Version:  - Harvester Games)

The Way of Life (HKLM-x32\...\Steam App 310370) (Version:  - Fabio Ferrara)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

 

==================== Restore Points  =========================

 

29-12-2014 18:58:43 Instalado Microsoft Visual C++ 2005 Redistributable

13-01-2015 09:23:58 Ponto de Verificação Agendado

20-01-2015 15:52:07 Operação de restauração

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 11:25 - 2013-08-22 11:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {1B1DB14D-75E3-4191-96F4-C82E8092372C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-10] (AVAST Software)

Task: {2B54D8B7-D3F3-4FA3-8029-07DF4167F499} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-01-14] (Microsoft Corporation)

Task: {76FE62CE-2517-4080-B3F6-8C84B58FF389} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)

Task: {A3B75793-9A21-4609-87DA-DEA35A5D8F1C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll

2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll

2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll

2014-12-15 01:43 - 2014-12-15 01:43 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe

2015-01-20 17:27 - 2015-01-20 17:27 - 02911744 _____ () C:\Program Files\AVAST Software\Avast\defs\15012001\algo.dll

2014-12-10 23:22 - 2014-12-10 23:22 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrador (S-1-5-21-465716547-1104618823-2389287588-500 - Administrator - Disabled)

Convidado (S-1-5-21-465716547-1104618823-2389287588-501 - Limited - Disabled)

SERN (S-1-5-21-465716547-1104618823-2389287588-1001 - Administrator - Enabled) => C:\Users\SERN

SERN-ADM (S-1-5-21-465716547-1104618823-2389287588-1005 - Limited - Enabled) => C:\Users\SERN-ADM

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/20/2015 03:52:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: Falha dos Serviços de Criptografia ao processar a chamada de OnIdentity() no Objeto de Gravador do Sistema..

 

 

Details:

AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP.

 

System Error:

Acesso negado.

.

 

Error: (01/20/2015 03:08:19 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: AUTORIDADE NT)

Description: There was an error with the Windows Location Provider database

 

Error: (01/19/2015 11:45:13 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Nome do aplicativo com falha: mbam.exe, versão: 1.0.1.711, carimbo de data/hora: 0x542b53ec

Nome do módulo com falha: KERNELBASE.dll, versão: 6.3.9600.17278, carimbo de data/hora: 0x53eeb4a3

Código de exceção: 0xc0000142

Deslocamento da falha: 0x00098f05

ID do processo com falha: 0x97c

Hora de início do aplicativo com falha: 0xmbam.exe0

Caminho do aplicativo com falha: mbam.exe1

Caminho do módulo com falha: mbam.exe2

ID do Relatório: mbam.exe3

Nome completo do pacote com falha: mbam.exe4

ID do aplicativo relativo ao pacote com falha: mbam.exe5

 

Error: (01/19/2015 02:16:25 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Error: (01/18/2015 01:30:37 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Error: (01/18/2015 01:30:33 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Error: (01/17/2015 04:03:28 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Error: (01/17/2015 04:02:46 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Error: (01/17/2015 03:37:12 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

Error: (01/17/2015 03:35:08 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Falha na geração de contexto de ativação para "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Erro no arquivo de manifesto ou de política "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2", na linha C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.

Uma versão de componente exigida pelo aplicativo está em conflito com outra versão de componente já ativa.

Os componentes conflitantes são:

Componente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.

Componente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

 

 

System errors:

=============

Error: (01/20/2015 05:32:09 PM) (Source: Service Control Manager) (EventID: 7022) (User: )

Description: Serviço Malwarebytes Anti-Exploit Service suspenso ao iniciar.

 

Error: (01/20/2015 05:31:42 PM) (Source: DCOM) (EventID: 10016) (User: IBM-5100)

Description: específico do aplicativoLocalIniciar{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}IBM-5100SERN-ADMS-1-5-21-465716547-1104618823-2389287588-1005LocalHost (Usando LRPC)Não DisponívelNão Disponível

 

Error: (01/20/2015 05:31:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: 

%%3

 

Error: (01/20/2015 05:30:57 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: O desligamento do sistema que ocorreu às 17:26:43 do dia ‎20/‎01/‎2015 não era esperado.

 

Error: (01/20/2015 05:27:33 PM) (Source: DCOM) (EventID: 10016) (User: IBM-5100)

Description: específico do aplicativoLocalIniciar{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}IBM-5100SERN-ADMS-1-5-21-465716547-1104618823-2389287588-1005LocalHost (Usando LRPC)Não DisponívelNão Disponível

 

Error: (01/20/2015 05:26:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: 

%%3

 

Error: (01/20/2015 05:26:43 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: O desligamento do sistema que ocorreu às 16:10:21 do dia ‎20/‎01/‎2015 não era esperado.

 

Error: (01/20/2015 04:18:21 PM) (Source: DCOM) (EventID: 10016) (User: IBM-5100)

Description: específico do aplicativoLocalIniciar{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}IBM-5100SERN-ADMS-1-5-21-465716547-1104618823-2389287588-1005LocalHost (Usando LRPC)Não DisponívelNão Disponível

 

Error: (01/20/2015 04:10:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Não foi possível iniciar o serviço AODDriver4.2.0 devido ao seguinte erro: 

%%3

 

Error: (01/20/2015 04:10:21 PM) (Source: EventLog) (EventID: 6008) (User: )

Description: O desligamento do sistema que ocorreu às 16:06:52 do dia ‎20/‎01/‎2015 não era esperado.

 

 

Microsoft Office Sessions:

=========================

Error: (01/20/2015 03:52:15 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )

Description: 

Details:

AddLegacyDriverFiles: Unable to back up image of binary Protocolo Microsoft LLDP.

 

System Error:

Acesso negado.

 

Error: (01/20/2015 03:08:19 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: AUTORIDADE NT)

Description: -2147024883

 

Error: (01/19/2015 11:45:13 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbam.exe1.0.1.711542b53ecKERNELBASE.dll6.3.9600.1727853eeb4a3c000014200098f0597c01d03452b721ee68C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeKERNELBASE.dllf99a577c-a045-11e4-bebd-1c6f65ae635e

 

Error: (01/19/2015 02:16:25 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

 

Error: (01/18/2015 01:30:37 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (1).exe

 

Error: (01/18/2015 01:30:33 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (1).exe

 

Error: (01/17/2015 04:03:28 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

 

Error: (01/17/2015 04:02:46 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

 

Error: (01/17/2015 03:37:12 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

 

Error: (01/17/2015 03:35:08 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\SERN-ADM\Downloads\esetsmartinstaller_enu (1).exe

 

 

==================== Memory info =========================== 

 

Processor: AMD Phenom II X6 1090T Processor

Percentage of memory in use: 13%

Total physical RAM: 8189.55 MB

Available physical RAM: 7097.71 MB

Total Pagefile: 9469.55 MB

Available Pagefile: 8120.12 MB

Total Virtual: 131072 MB

Available Virtual: 131071.83 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:931.17 GB) (Free:831.43 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7068220E)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

[Aya_Tachibana]

Double post - again.

 

Just discovered one thing: Wrapper Run Once always start with Windows. But If it does closes after a few seconds, Windows will behave normally (aparentely).

Otherwise, if it stays open, well, all those bugs (Avast not starting, Charms bar configuration button not working, etc) will happen.

[LiquidTension]

Hi Aya,

You can call me Adam instead if you wish.
 

Here is the link to the image - http://imgur.com/lEoYxq2
(Also, is Imgur safe? There were so many pictures in the front page).

Yes, Imgur is safe. 
 
Wrapper Run Once is legitimate. See here:
http://www.herdprotect.com/runonce.exe-f2bcab0d5c100f9bb03e2202ef20fab8503bc4ab.aspx

 

------------
 
Excluding the issues with avast! and MBAM, are you experiencing any other issues?

[Aya_Tachibana]

Hmmm, the  issues only come if the Wrapper Run Once doesn't exit by itself. Besides that, anything looks normal.

Should I do more scans, to be sure?

[Aya_Tachibana]

Double post - Reall strange, it's random when the Wrapper Run Once will  close alone or will stay. When it stays, there's lots of problems.

Maybe doing a system restore may help? Or maybe it's a hardware issue? (I tried to take a look into the HDD conection, but it seems to fine (coudn't clean it, though).

[LiquidTension]

Hi Aya, 
 
Please do the following, and let me know if the issue still occurs. 
 
 Clean Boot

• Press the Windows Key  + r on your keyboard at the same time. Type msconfig and click OK.
• If prompted for an administrator password or for confirmation, type the password, or provide confirmation.
• In the General tab, click Selective Startup.
• Remove the checkmark next to Load startup items.
• Click the Services tab.
• Place a checkmark next to Hide all Microsoft services.
• Click Disable all, followed by OK.
• When prompted, click Restart and boot normally into Windows.
• Check your computer startup performance.

[Aya_Tachibana]

Hi Adam.

 

Looks like it's ok now. Still, I can't disable Avast, but that's not a real problem.

 

Since the Wrapper Run Once problem is somewhat random, I will keep doing tests to see if it disappeared.

[Aya_Tachibana]

Double post.

 

Ok, it looks like it's back to normal, except MBAM.

 

Still, I'm really curious to know what exactly happened before.