Jump to content
ncarter777

Malwarebytes failed to pick up threat that windows defender did

Recommended Posts

image.thumb.png.82c3cd33ac5c637a0e0bf1390f8d32ae.png

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/15/19
Scan Time: 9:08 AM
Log File: 0c400db0-d7d3-11e9-987a-04d4c458abc6.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.625
Update Package Version: 1.0.12487
License: Premium

-System Information-
OS: Windows 10 (Build 18362.356)
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Scheduler
Result: Completed
Objects Scanned: 278773
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 2 min, 19 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

Share this post


Link to post
Share on other sites

so windows defender will not remove the threat when I try it just pops right back up and pls disregard the first scan log I put up and refer to my most recent scan log I posted in .txt file

mbytes.txt

Share this post


Link to post
Share on other sites
Hello ncarter777 and welcome to Malwarebytes,

Upload a File to Virustotal

Go to http://www.virustotal.com/
 
  • Click the Choose file button
  • Navigate to the file C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.25\AsSysCtrlService.exe
  • Click the Scan it tab
  • If you get a message saying File has already been analyzed: click Reanalyze file now
  • Copy and paste the URL address back here please.

Thanks,

Kevin...

Edited by kevinf80
typing error

Share this post


Link to post
Share on other sites

Hello ncarter777,

The file in question is classed as legitimate by all of VirusTotal analysis engines, including Microsoft. Add that file as an exclusion to WD to stop the alerts...

https://support.microsoft.com/en-gb/help/4028485/windows-10-add-an-exclusion-to-windows-security

Is also worthwhile contacting MS support and make them aware of this False Positive...

https://support.microsoft.com/en-us/contactus/

Thank you,

Kevin

Share this post


Link to post
Share on other sites
Hello ncarter777,

Ok, if you believe your system is infected continue with the following:

If you do not have Malwarebytes installed do the following:

Download Malwarebytes version 3 from the following link:

https://www.malwarebytes.com/mwb-download/thankyou/

Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions....

When the install completes or Malwarebytes is already installed do the following:

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on....

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes quarantine any found entries...

To get the log from Malwarebytes do the following:
 
  • Click on the Report tab > from main interface.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have two options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…


Next,

Download AdwCleaner by Malwarebytes onto your Desktop.

Or from this Mirror
 
  • Right-click on AdwCleaner.exe and select user posted imageRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Quarantine button. This will kill all the active processes
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply


Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Let me see those logs in your reply...

Thank you,

Kevin....

Share this post


Link to post
Share on other sites

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build:    09-05-2019
# Database: 2019-09-18.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-21-2019
# Duration: 00:00:01
# OS:       Windows 10 Pro
# Cleaned:  5
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted       C:\Windows\System32\drivers\JitDriver.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\s.thebrighttag.com
Deleted       HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\thebrighttag.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [13002 octets] - [21/09/2019 23:33:39]
AdwCleaner[S00].txt - [2327 octets] - [21/09/2019 23:34:11]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Share this post


Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-09-2019 01
Ran by NatesPC (21-09-2019 23:44:45)
Running from C:\Users\trApwhore\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Windows 10 Pro Version 1903 18362.356 (X64) (2019-09-16 10:38:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2463636829-2393173763-3756376473-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-2463636829-2393173763-3756376473-503 - Limited - Enabled)
Guest (S-1-5-21-2463636829-2393173763-3756376473-501 - Limited - Enabled)
NatesPC (S-1-5-21-2463636829-2393173763-3756376473-1004 - Administrator - Enabled) => C:\Users\trApwhore
WDAGUtilityAccount (S-1-5-21-2463636829-2393173763-3756376473-504 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2463636829-2393173763-3756376473-1004\...\uTorrent) (Version: 3.5.5.45341 - BitTorrent Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.16 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{D8561EEF-2B90-4BDB-B197-16E96924E6AA}) (Version: 1.7.29.0115 - Advanced Micro Devices, Inc.) Hidden
AMD_Chipset_Drivers (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 1.7.29.0115 - Advanced Micro Devices, Inc.)
Apex Legends (HKLM-x32\...\{D7FBF176-382D-484E-863A-DFD1124A2A1C}) (Version: 1.0.2.0 - Electronic Arts, Inc.)
ASUS Aac_NBDT HAL (HKLM\...\{01D3B7AA-D078-4506-B460-60877FCDDBD6}) (Version: 2.3.4.0 - ASUSTek COMPUTER INC.) Hidden
ASUS Aac_NBDT HAL (HKLM-x32\...\{e8758547-b06a-4534-a291-d9062d2a6bf6}) (Version: 2.3.4.0 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Display Component (HKLM\...\{AFD1CF98-FE97-434C-A095-9F27C5BEA53C}) (Version: 1.1.23 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Display Component (HKLM-x32\...\{b8af8e27-5c72-412c-bab7-dc6430e70f1b}) (Version: 1.1.23 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA Extension Card HAL (HKLM\...\{2C39FF80-1BB2-42C5-A58D-DC90EFF048F6}) (Version: 1.0.16 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Extension Card HAL (HKLM-x32\...\{e46f527f-1e64-4554-abc1-115f3429c25c}) (Version: 1.0.16 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM\...\{A3C4120D-8096-4307-91A2-FFE37EBD5A3D}) (Version: 1.2.4 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Headset Component (HKLM-x32\...\{7f23d3ea-a821-4293-b7f7-34383bf06437}) (Version: 1.2.4 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM\...\{D800D836-DE15-4B00-8273-521F022CD837}) (Version: 1.0.50 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Motherboard HAL (HKLM-x32\...\{12b6811a-dcdb-43c1-b3e4-80aef31134c5}) (Version: 1.0.50 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Odd Component (HKLM\...\{B5E322FB-C191-463E-BDDD-4F22290EDFDB}) (Version: 1.0.8 - ASUSTeK COMPUTER INC.) Hidden
ASUS AURA Odd Component (HKLM-x32\...\{277875e0-972c-4705-b09c-ca5acf5b2f7c}) (Version: 1.0.8 - ASUSTeK COMPUTER INC.) Hidden
ASUS Aura SDK (HKLM\...\{CF8E6E00-9C03-4440-81C0-21FACB921A6B}) (Version: 3.03.38 - ASUSTek COMPUTER INC.) Hidden
ASUS AURA VGA Component (HKLM\...\{71BB96A6-EAC4-45AE-A17D-D3ED43FF1D14}) (Version: 0.0.2.0 - ASUSTek COMPUTER INC. ) Hidden
ASUS AURA VGA Component (HKLM-x32\...\{55c3ae30-56f9-48ea-a96d-1fad2739e1a2}) (Version: 0.0.2.0 - ASUSTek COMPUTER INC. ) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{3507c756-a80f-4b0e-8475-975d8b432176}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS GLCKIO2 Driver (HKLM-x32\...\{5960FD0F-BB3B-49AF-B175-F77DC91E995A}) (Version: 1.0.20 - ASUSTeK Computer Inc.) Hidden
ASUS Keyboard HAL (HKLM\...\{0FA0CDEE-5DC8-421E-A97D-C74FA6E66FC3}) (Version: 1.0.37 - ASUSTek COMPUTER INC.) Hidden
ASUS Keyboard HAL (HKLM-x32\...\{ae71a627-f426-4c18-afc9-b379b0e88f97}) (Version: 1.0.37 - ASUSTek COMPUTER INC.) Hidden
ASUS MB Peripheral Products (HKLM\...\{BFED9861-7D96-4528-89F1-B090ABBF11A7}) (Version: 1.0.30 - ASUSTeK Computer Inc.) Hidden
ASUS MB Peripheral Products (HKLM-x32\...\{a3a1beb0-9f5b-4b4e-8cfa-ef25842faf55}) (Version: 1.0.30 - ASUSTeK Computer Inc.) Hidden
ASUS Mouse HAL (HKLM\...\{1838F91B-D481-45AA-B92F-071C62D0A19A}) (Version: 1.0.39 - ASUSTek COMPUTER INC.) Hidden
ASUS Mouse HAL (HKLM-x32\...\{d25743f5-a12e-4fa8-a426-6ee9c7b2ef9c}) (Version: 1.0.39 - ASUSTek COMPUTER INC.) Hidden
ASUS MousePad HAL (HKLM\...\{723B40A4-5BF2-4DC6-834A-2ADF75F3CF7E}) (Version: 1.0.1.1 - ASUSTek COMPUTER INC.) Hidden
ASUS MousePad HAL (HKLM-x32\...\{3fb92594-5d14-44b6-aa83-5e9823daa7e8}) (Version: 1.0.1.1 - ASUSTek COMPUTER INC.) Hidden
AURA (HKLM-x32\...\{5899CD4F-8764-4303-A0D9-C60A62CFC24F}) (Version: 1.07.71 - ASUSTeK Computer Inc.)
AURA DRAM Component (HKLM\...\{3881F403-B6B7-4D2F-BDAC-7901EB677F52}) (Version: 1.0.30 - ASUS) Hidden
AURA DRAM Component (HKLM-x32\...\{e6f373bb-3881-463c-bd1a-3c948b067041}) (Version: 1.0.30 - ASUS) Hidden
AURA Service (HKLM-x32\...\{0E536061-3B55-4D45-BF58-0BDA261C94B0}) (Version: 3.03.56 - ASUSTeK Computer Inc.) Hidden
AURA Service (HKLM-x32\...\{fae81274-d8ce-4fcf-a8c8-2c1d949df742}) (Version: 3.03.56 - ASUSTeK Computer Inc.)
Balanced (HKLM-x32\...\{0EA45DD4-A825-420C-AFED-C659EFE3B84F}) (Version: 4.00.0000 - Advanced Micro Devices, Inc.) Hidden
Battlefield™ V (HKLM-x32\...\{e26b382f-e945-4f70-9318-121b683f1d61}) (Version: 1.0.61.51714 - Electronic Arts)
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.51.0 - Bethesda Softworks)
Corsair AURA DRAM Component (HKLM\...\{376E0869-A4F1-4DC7-A1FD-EBF3AFFEB832}) (Version: 1.0.12 - CORSAIR COMPONENTS INC.) Hidden
Corsair AURA DRAM Component (HKLM-x32\...\{7f2fddab-1f7d-4301-b534-6723e6315fe1}) (Version: 1.0.12 - CORSAIR COMPONENTS INC.) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.11.0.0940 - Disc Soft Ltd)
ENE IO Driver (HKLM-x32\...\{D0512FFD-6194-4D2E-967E-25B82A3322FF}) (Version: 2.0.8 - ENE TECHNOLOGY INC.) Hidden
ENE RGB HAL (HKLM\...\{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32\...\{de9f7705-d509-49a2-90f2-29a80ff3b785}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM\...\{1CD178C9-BB49-4E59-9DA6-3C152E2A9844}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32\...\{fe81cfd3-9db4-409d-b0f9-26707d1423c6}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32\...\{5B340CD5-07E3-41AA-9117-0A0EC863E454}) (Version: 1.1.220.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
GALAX GAMER RGB (HKLM\...\{06A16AA8-BBA7-4362-962E-16651962D87C}) (Version: 1.00.02 - Galaxy Microsystems Ltd.) Hidden
GALAX GAMER RGB (HKLM-x32\...\{1257fdeb-ffa3-4e17-9d4b-189075ea3656}) (Version: 1.00.02 - Galaxy Microsystems Ltd.)
Intel(R) Network Connections 24.2.0.0 (HKLM\...\PROSetDX) (Version: 24.2.0.0 - Intel)
Kingston AURA DRAM Component (HKLM\...\{6D2D2DAF-BFE4-45A6-BF40-8A9F7FF54F42}) (Version: 1.0.15 - KINGSTON COMPONENTS INC.) Hidden
Kingston AURA DRAM Component (HKLM-x32\...\{83d4c398-3b93-4ab0-95f0-6091b0a2f601}) (Version: 1.0.15 - KINGSTON COMPONENTS INC.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft OneDrive (HKLM-x32\...\OneDriveSetup.exe) (Version: 19.152.0801.0008 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{CA8A885F-E95B-3FC6-BB91-F4D9377C7686}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.11.25325 (HKLM-x32\...\{404c9c27-8377-4fd1-b607-7ca635db4e49}) (Version: 14.11.25325.0 - Microsoft Corporation)
Mozilla Firefox 69.0 (x64 en-US) (HKLM\...\Mozilla Firefox 69.0 (x64 en-US)) (Version: 69.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0 - Mozilla)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.0.118 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.0.118 - NVIDIA Corporation)
NVIDIA Graphics Driver 436.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 436.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{84AD2AF7-10C8-0395-66F9-FFAEB4C5DBF1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Patriot Viper RGB (HKLM\...\{E42E13B0-071E-49C1-B1CC-58198E82F302}) (Version: 1.00.06 - Patriot Memory) Hidden
Patriot Viper RGB (HKLM-x32\...\{72d8889e-2136-423e-b16f-aa8db820adad}) (Version: 1.00.06 - Patriot Memory)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8468 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

Packages:
=========
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_100.1.581.0_x64__v10z8vjag6ke6 [2019-09-03] (HP Inc.)
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe [2019-08-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-08-31] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\microsoft.advertising.xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-08-31] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.32.12463.0_x64__8wekyb3d8bbwe [2019-09-10] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.955.0_x64__56jybvy8sckqj [2019-08-31] (NVIDIA Corp.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{4410DC33-BC7C-496B-AA84-4AEA3EEE75F7}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{9AA2F32D-362A-42D9-9328-24A483E2CCC3}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{C5FF006E-2AE9-408C-B85B-2DFDD5449D9C}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2463636829-2393173763-3756376473-1004_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-08-31] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\dtshl64.dll [2019-08-31] (AVB Disc Soft, SIA -> Disc Soft Ltd)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_22f76d3b12d7bde2\nvshext.dll [2019-09-06] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-02-24] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1_S-1-5-21-2463636829-2393173763-3756376473-1004: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers4_S-1-5-21-2463636829-2393173763-3756376473-1004: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File
ContextMenuHandlers5_S-1-5-21-2463636829-2393173763-3756376473-1004: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\trApwhore\AppData\Local\Microsoft\OneDrive\19.152.0801.0008\amd64\FileSyncShell64.dll -> No File

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2019-08-31 03:02 - 2019-08-31 03:00 - 006065152 _____ () [File not signed] C:\Program Files (x86)\ASUS\AsusFanControlService\2.00.76\libprotobufd.dll
2019-06-19 09:43 - 2019-06-19 09:43 - 000207872 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\AacHal_x86.dll
2018-03-20 14:34 - 2018-03-20 14:34 - 000265728 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\SB_SMBUS_SDK.dll
2019-06-28 10:51 - 2019-06-28 10:51 - 000184832 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE_EHD_M2_HAL\AacHal_x86.dll
2018-09-20 09:39 - 2018-09-20 09:39 - 000156672 _____ () [File not signed] C:\Program Files\Galaxy\Aac_GALAX GAMER RGB\AacHal_x86.dll
2019-03-07 13:48 - 2019-03-07 13:48 - 000156672 _____ () [File not signed] C:\Program Files\Patriot\Aac_Patriot Viper RGB\AacHal_x86.dll
2019-05-06 16:07 - 2019-05-06 16:07 - 002831360 _____ (Apache Software Foundation) [File not signed] C:\Program Files (x86)\LightingService\log4cxx.dll
2018-09-20 09:08 - 2018-09-20 09:08 - 000053760 _____ (MS) [File not signed] C:\Program Files\Galaxy\Aac_GALAX GAMER RGB\MsIo32_Galax.dll
2019-03-07 13:35 - 2019-03-07 13:35 - 000053248 _____ (MS) [File not signed] C:\Program Files\Patriot\Aac_Patriot Viper RGB\MsIo32_Patriot.dll
2019-06-28 16:23 - 2019-06-28 16:23 - 000428544 _____ (TODO: <Company name>) [File not signed] C:\Program Files\ASUS\Aac_Keyboard\AacKbHal_x86.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-08-31 03:08 - 2019-08-31 03:06 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2463636829-2393173763-3756376473-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\trApwhore\OneDrive\Pictures\Wallpapers\STRIX_QHD_2560x1440_511.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

HKLM\...\StartupApproved\Run32: => "ASUS Ai Charger"
HKLM\...\StartupApproved\Run32: => "RamCache II "
HKU\S-1-5-21-2463636829-2393173763-3756376473-1004\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-2463636829-2393173763-3756376473-1004\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-2463636829-2393173763-3756376473-1004\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2463636829-2393173763-3756376473-1004\...\StartupApproved\Run: => "Speech Recognition"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{D3F3FF23-D571-4172-B5B3-C949DDEC11C2}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe (NVIDIA GameStream Server -> Respawn Entertainment) [File not signed]
FirewallRules: [UDP Query User{7B583567-7396-466B-8CF3-442B70B9256F}C:\program files (x86)\origin games\apex\r5apex.exe] => (Allow) C:\program files (x86)\origin games\apex\r5apex.exe (NVIDIA GameStream Server -> Respawn Entertainment) [File not signed]
FirewallRules: [TCP Query User{FCCD5A5C-0487-447F-8CFE-AB1F5416EFBD}A:\origin games\battlefield v\bfv.exe] => (Allow) A:\origin games\battlefield v\bfv.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [UDP Query User{D264691A-CB09-4B7C-A386-3CA2957AA235}A:\origin games\battlefield v\bfv.exe] => (Allow) A:\origin games\battlefield v\bfv.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [TCP Query User{045E6245-7BAB-4690-90D3-714F560C1855}C:\users\trapwhore\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\trapwhore\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{B8EE5E58-C980-4F1C-A100-948DBA931346}C:\users\trapwhore\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\trapwhore\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{F192E228-F589-4637-9722-FEF2D712F065}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{2FBC4329-88AB-4F6B-A617-354B041579C8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{3AA4D021-D62E-432A-9420-4A89446669A0}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{A9B86F91-44F6-4B61-ABD6-18CDFF490DCF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{1ED6BD15-FB91-4F7A-A604-DA676416C8F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed]
FirewallRules: [{194DBC21-B3A2-437F-BD84-1057B28A7608}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe (Psyonix, Inc) [File not signed]

==================== Restore Points =========================

16-09-2019 07:15:27 Windows Update
19-09-2019 09:10:49 Installed ASUS Ai Charger
21-09-2019 18:38:58 Asus Sonic Studio 3

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/21/2019 11:42:40 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {37e0a02d-9e53-4606-8749-764c14d1ddcd}

Error: (09/21/2019 06:41:14 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (09/21/2019 06:11:33 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.

Error: (09/21/2019 06:03:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Origin.exe, version: 10.5.47.29954, time stamp: 0x5d6ff09f
Faulting module name: libcurl.dll_unloaded, version: 7.59.0.0, time stamp: 0x5ab4389f
Exception code: 0xc0000005
Fault offset: 0x000350a4
Faulting process id: 0x22f8
Faulting application start time: 0x01d570e189c5d9e5
Faulting application path: C:\Program Files (x86)\Origin\Origin.exe
Faulting module path: libcurl.dll
Report Id: b42e8093-c4d3-4ca0-a648-070809b1354b
Faulting package full name: 
Faulting package-relative application ID:

Error: (09/21/2019 06:03:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Origin.exe, version: 10.5.47.29954, time stamp: 0x5d6ff09f
Faulting module name: MSVCR120.dll_unloaded, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc00001a5
Fault offset: 0x0001a0d5
Faulting process id: 0x22f8
Faulting application start time: 0x01d570e189c5d9e5
Faulting application path: C:\Program Files (x86)\Origin\Origin.exe
Faulting module path: MSVCR120.dll
Report Id: f0b5364d-a556-488d-a0b5-37cec11d2601
Faulting package full name: 
Faulting package-relative application ID:

Error: (09/16/2019 10:39:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HxOutlook.exe, version: 16.0.11901.20180, time stamp: 0x5d3c154a
Faulting module name: Office.UI.Xaml.Hx.Mail.dll, version: 16.0.11901.20184, time stamp: 0x5d3cc832
Exception code: 0xc0000005
Fault offset: 0x0000000000199dbd
Faulting process id: 0x18e0
Faulting application start time: 0x01d56cb44eb8264b
Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe\HxOutlook.exe
Faulting module path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Hx.Mail.dll
Report Id: 798320c5-8265-4f54-a79c-48c63a75eb52
Faulting package full name: microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: microsoft.windowslive.mail

Error: (09/16/2019 09:02:10 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: DESKTOP-484E7DC)
Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.

Error: (09/16/2019 04:15:04 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.


System errors:
=============
Error: (09/21/2019 11:35:07 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AppVClient service terminated with the following service-specific error: 
There is no MTS object context

Error: (09/21/2019 11:35:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The shpamsvc service terminated with the following error: 
Catastrophic failure

Error: (09/21/2019 11:35:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AsSysCtrlService service failed to start due to the following error: 
The system cannot find the file specified.

Error: (09/21/2019 11:35:06 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The UevAgentService service terminated with the following service-specific error: 
The storage control blocks were destroyed.

Error: (09/21/2019 11:34:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (09/21/2019 11:34:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Disc Soft Lite Bus Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/21/2019 11:34:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 6000 milliseconds: Restart the service.

Error: (09/21/2019 11:34:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LightingService service terminated unexpectedly.  It has done this 1 time(s).


Windows Defender:
===================================
Date: 2019-09-21 23:17:34.744
Description: 
Controlled Folder Access blocked C:\Program Files (x86)\RamCache II\Uninstall.exe from making changes to memory.
Detection time: 2019-09-22T06:17:34.743Z
Path: \Device\HarddiskVolume4
Process Name: C:\Program Files (x86)\RamCache II\Uninstall.exe
Security intelligence Version: 1.301.1974.0
Engine Version: 1.1.16300.1
Product Version: 4.18.1908.7

Date: 2019-09-21 22:44:42.803
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F89E9F86-1A6F-46E3-B873-1536D0778CBF}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2019-09-21 18:52:00.403
Description: 
C:\Program Files (x86)\Overwolf\0.134.0.26\OWCleanup.exe has been blocked from modifying %userprofile%\Desktop by Controlled Folder Access.
Detection time: 2019-09-22T01:52:00.402Z
Path: %userprofile%\Desktop
Process Name: C:\Program Files (x86)\Overwolf\0.134.0.26\OWCleanup.exe
Security intelligence Version: 1.301.1896.0
Engine Version: 1.1.16300.1
Product Version: 4.18.1908.7

Date: 2019-09-21 18:40:38.851
Description: 
C:\ProgramData\Caphyon\Advanced Installer\{CF8E6767-AF00-47A9-9F68-C583556BE3D9}\setup.exe has been blocked from modifying %common_desktop%\ by Controlled Folder Access.
Detection time: 2019-09-22T01:40:38.851Z
Path: %common_desktop%\
Process Name: C:\ProgramData\Caphyon\Advanced Installer\{CF8E6767-AF00-47A9-9F68-C583556BE3D9}\setup.exe
Security intelligence Version: 1.301.1896.0
Engine Version: 1.1.16300.1
Product Version: 4.18.1908.7

Date: 2019-09-21 18:36:57.580
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C747A59C-8A3F-4516-AD4D-3705E94E9813}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2019-09-16 18:16:15.749
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.301.1445.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16300.1
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

CodeIntegrity:
===================================

Date: 2019-09-21 23:41:34.619
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-09-21 23:38:08.023
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-09-21 23:36:50.455
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-09-21 23:36:49.345
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-09-21 23:36:38.391
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-09-21 23:36:37.789
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-09-21 23:36:34.599
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2019-09-21 23:36:34.312
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info =========================== 

BIOS: American Megatrends Inc. 2605 08/06/2019
Motherboard: ASUSTeK COMPUTER INC. ROG STRIX B450-F GAMING
Processor: AMD Ryzen 5 2600X Six-Core Processor 
Percentage of memory in use: 22%
Total physical RAM: 16314.71 MB
Available physical RAM: 12634.6 MB
Total Virtual: 18746.71 MB
Available Virtual: 13194.7 MB

==================== Drives ================================

Drive a: (HDD) (Fixed) (Total:465.76 GB) (Free:333.24 GB) NTFS
Drive 😄 () (Fixed) (Total:222.21 GB) (Free:29.12 GB) NTFS

\\?\Volume{ea8e6346-9ae7-4621-806d-355b06093f7b}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{0b4f2328-8e0a-4437-9aa8-58a298faf0e8}\ () (Fixed) (Total:0.81 GB) (Free:0.38 GB) NTFS
\\?\Volume{9488dfbb-5358-4c63-b60e-650e39efeb8d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 223.6 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: D2790CAD)

Partition: GPT.

==================== End of Addition.txt ============================

 

Share this post


Link to post
Share on other sites

Still need to see the log from Malwarebytes and primary log from FRST, frst.txt

Share this post


Link to post
Share on other sites

Hello  @ncarter777  

How are things ?   Are you still with us ?

We do need to see the log from Malwarebytes and primary log from FRST,   the FRST.txt

Share this post


Link to post
Share on other sites

Due to the lack of feedback, this topic is closed to prevent others from posting here.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this topic. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.