Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer keeps flashing screen and super heating


  • This topic is locked This topic is locked
15 replies to this topic

#1 Mollag

Mollag

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 07 November 2015 - 11:59 AM

Sometimes my screen just flash and hide some letters and firefox stop responding, computer over heating without any "heavy" programs running.

 

LOGS:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Caio (administrator) on BARÃO (07-11-2015 12:46:36)
Running from C:\Users\Caio\Desktop
Loaded Profiles: Caio (Available Profiles: Caio & Convidado)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: Português (Brasil)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(Mega Limited) C:\Users\Caio\AppData\Local\MEGAsync\MEGAsync.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(GAS Tecnologia LTDA) C:\Program Files\Diebold\Warsaw\core.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\GbpSv.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13213840 2012-10-26] (Realtek Semiconductor)
HKLM\...\Run: [Diebold - Warsaw] => C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-19] (GAS Tecnologia LTDA)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-25] (Avast Software s.r.o.)
Winlogon\Notify\ GbPluginBb: C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-08-19] (Banco do Brasil)
HKU\S-1-5-21-1689685332-202345006-199689843-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8461224 2015-09-16] (Piriform Ltd)
HKU\S-1-5-21-1689685332-202345006-199689843-1000\...\MountPoints2: {2ccb3fc2-5040-11e4-b76d-902b34ff3d61} - G:\SETUP.EXE
HKU\S-1-5-21-1689685332-202345006-199689843-1000\...\MountPoints2: {d8b1e860-6750-11e4-81ed-026cdb1d2e89} - F:\LGAutoRun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-07-29] (Microsoft Corporation)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll [1896320 2015-08-19] (Banco do Brasil)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Caio\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Caio\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Caio\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-24] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Caio\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Caio\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Caio\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\Users\Caio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2015-11-07]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Caio\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.100.100.10 8.8.8.8 192.168.5.1
Tcpip\..\Interfaces\{5AF5D1DC-1DF7-4675-8969-4A9C51D15003}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{6987105F-0214-41B5-83F0-E8D3CDA6FE2E}: [DhcpNameServer] 200.23.183.254 200.23.180.46
Tcpip\..\Interfaces\{E683E080-5DE1-45CB-B6B7-BCE59F460C90}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{FDB8F074-0A48-4B4D-AAE8-7BC122EBAE51}: [DhcpNameServer] 192.100.100.10 8.8.8.8 192.168.5.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-1689685332-202345006-199689843-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-24] (Avast Software s.r.o.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-24] (Avast Software s.r.o.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\Program Files (x86)\GbPlugin\gbieh.dll [2015-08-19] (Banco do Brasil)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1689685332-202345006-199689843-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash4/cabs/swflash.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Caio\AppData\Roaming\Mozilla\Firefox\Profiles\1uul1p4t.default
FF Homepage: hxxps://www.google.com.br/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Caio\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-12-23] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-18] (Google Inc.)
FF Extension: Adblock Plus - C:\Users\Caio\AppData\Roaming\Mozilla\Firefox\Profiles\1uul1p4t.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-06-24] [not signed]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Caio\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Free Slots) - C:\Users\Caio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gncgkjfgbkncmgekiidabkngldhokoio [2014-12-12] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Avast Online Security) - C:\Users\Caio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-28]
CHR Extension: (Facebook - Delete All Messages) - C:\Users\Caio\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgiidlnejdlfoacoeleopkljhbckmlko [2015-09-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Caio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-28]
CHR Extension: (Pagamentos da Chrome Web Store) - C:\Users\Caio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-23]
CHR Extension: (clickit) - C:\ProgramData\honhnicaeaclhjepfnakiiemcgdcfgbk\ []
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-12]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-24] (Avast Software s.r.o.)
R2 GbpSv; C:\Program Files (x86)\GbPlugin\GbpSv.exe [587576 2015-08-19] (GAS Tecnologia)
S3 ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-07] (Electronic Arts)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187072 2015-03-10] ()
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [129168 2015-03-12] (Razer Inc.)
R2 Warsaw Technology; C:\Program Files\Diebold\Warsaw\core.exe [858424 2015-06-19] (GAS Tecnologia LTDA)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2; C:\Program Files (x86)\GIGABYTE\ET6\amd64\AODDriver2.sys [57512 2012-09-24] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-24] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-24] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-10-10] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 gbpddfac; C:\Windows\System32\drivers\gbpddfac64.sys [28888 2015-11-07] (GAS Tecnologia)
R3 GBPRCM; C:\Program Files (x86)\GbPlugin\gbprcm64.sys [29912 2015-08-12] (GAS Tecnologia)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-01-24] ()
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-03-10] (Razer, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2015-03-12] ()
R3 Warsaw_PP; C:\Program Files (x86)\GbPlugin\wsftprp64.sys [24792 2015-08-12] (GAS Tecnologia LTDA)
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-07 12:46 - 2015-11-07 12:46 - 00015517 _____ C:\Users\Caio\Desktop\FRST.txt
2015-11-07 12:38 - 2014-02-16 12:23 - 00060640 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2015-11-07 12:37 - 2015-11-07 12:37 - 00000000 ____D C:\AMD
2015-11-07 12:31 - 2015-11-07 12:32 - 02198528 _____ (Farbar) C:\Users\Caio\Desktop\FRST64.exe
2015-11-07 12:23 - 2015-11-07 12:24 - 02265784 _____ (Sony Mobile Communications ) C:\Users\Caio\Downloads\DriverEasy+Pro+4.9.6+Keyg_10924_i81500694_il345.exe
2015-11-07 11:59 - 2015-11-07 12:45 - 00000404 _____ C:\Windows\Tasks\DriverEasy Scheduled Scan.job
2015-11-07 11:59 - 2015-11-07 11:59 - 00003806 _____ C:\Windows\System32\Tasks\DriverEasy Scheduled Scan
2015-11-07 11:59 - 2015-11-07 11:59 - 00000967 _____ C:\Users\Public\Desktop\DriverEasy.lnk
2015-11-07 11:59 - 2015-11-07 11:59 - 00000000 ____D C:\Users\Caio\AppData\Roaming\Easeware
2015-11-07 11:59 - 2015-11-07 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverEasy
2015-11-07 11:59 - 2015-11-07 11:59 - 00000000 ____D C:\Program Files\Easeware
2015-11-07 11:57 - 2015-11-07 11:58 - 03574768 _____ (Easeware ) C:\Users\Caio\Downloads\DriverEasy_Setup.exe
2015-11-07 11:56 - 2015-11-07 11:56 - 00000000 ___RD C:\Users\Caio\Desktop\Documents\MEGA
2015-11-07 11:54 - 2015-11-07 11:54 - 00001011 _____ C:\Users\Caio\Desktop\MEGAsync.lnk
2015-11-07 11:54 - 2015-11-07 11:54 - 00000000 ____D C:\Users\Caio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2015-11-07 11:54 - 2015-11-07 11:54 - 00000000 ____D C:\Users\Caio\AppData\Local\Mega Limited
2015-11-07 11:53 - 2015-11-07 11:54 - 00000000 ____D C:\Users\Caio\AppData\Local\MEGAsync
2015-11-07 11:45 - 2015-11-07 11:53 - 09989712 _____ (MEGA Limited) C:\Users\Caio\Downloads\MEGAsyncSetup.exe
2015-11-06 17:29 - 2015-11-06 17:29 - 00000000 ____D C:\Users\Caio\Desktop\Tardsplaya
2015-11-06 17:18 - 2015-11-06 17:29 - 10580340 _____ C:\Users\Caio\Downloads\tardsplaya_1.0.0.5.7z
2015-10-17 08:08 - 2015-10-17 08:08 - 00000364 _____ C:\Windows\PFRO.log
2015-10-15 18:03 - 2015-11-07 12:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-10 12:09 - 2015-10-10 12:09 - 00065120 _____ C:\Users\Caio\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-10 09:05 - 2015-10-10 09:05 - 00298608 _____ C:\Windows\system32\FNTCACHE.DAT
2015-10-09 18:27 - 2015-11-07 12:45 - 00004432 _____ C:\Windows\setupact.log
2015-10-09 18:27 - 2015-10-09 18:27 - 00000000 _____ C:\Windows\setuperr.log
2015-10-09 14:38 - 2015-10-09 14:38 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-09 14:37 - 2015-10-09 14:37 - 06678784 _____ (Piriform Ltd) C:\Users\Caio\Downloads\ccsetup510pro.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-07 12:46 - 2015-05-03 15:16 - 00000000 ____D C:\FRST
2015-11-07 12:45 - 2015-09-30 18:15 - 00028888 _____ (GAS Tecnologia) C:\Windows\system32\Drivers\gbpddfac64.sys
2015-11-07 12:45 - 2015-09-30 18:15 - 00000000 ____D C:\Program Files (x86)\GbPlugin
2015-11-07 12:45 - 2014-11-12 12:44 - 00001066 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-07 12:45 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-07 12:44 - 2014-10-09 22:55 - 01223683 _____ C:\Windows\WindowsUpdate.log
2015-11-07 12:38 - 2014-10-09 23:56 - 00000000 ____D C:\Program Files\AMD
2015-11-07 12:26 - 2014-11-12 12:44 - 00001070 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-07 12:01 - 2014-10-12 02:33 - 00000902 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-07 11:45 - 2014-11-25 19:46 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2015-11-07 11:45 - 2014-11-07 02:24 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2015-11-07 11:44 - 2014-11-07 01:53 - 00000000 ____D C:\Users\Caio\AppData\Local\Battle.net
2015-11-07 11:44 - 2014-11-07 01:53 - 00000000 ____D C:\Program Files (x86)\Battle.net
2015-11-07 11:44 - 2009-07-14 00:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-07 11:44 - 2009-07-14 00:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-07 11:41 - 2009-07-29 12:08 - 00705070 _____ C:\Windows\system32\prfh0416.dat
2015-11-07 11:41 - 2009-07-29 12:08 - 00146910 _____ C:\Windows\system32\prfc0416.dat
2015-11-07 11:41 - 2009-07-14 01:13 - 01633534 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-07 11:37 - 2015-03-12 01:44 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-11-07 11:36 - 2015-09-30 18:15 - 00000000 ____D C:\Users\Todos os Usuários\GbPlugin
2015-11-07 11:36 - 2015-09-30 18:15 - 00000000 ____D C:\ProgramData\GbPlugin
2015-11-07 01:50 - 2014-10-12 14:49 - 00000000 ____D C:\Users\Caio\AppData\Roaming\Skype
2015-11-06 22:17 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2015-10-17 10:01 - 2014-10-12 02:33 - 00003840 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-10-17 10:01 - 2014-10-11 22:12 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-17 10:01 - 2014-10-11 22:12 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-17 08:08 - 2014-10-10 00:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-14 20:07 - 2014-11-12 14:51 - 00000000 ____D C:\Users\Caio\AppData\Local\CrashDumps
2015-10-09 14:39 - 2014-12-13 11:58 - 00000000 ____D C:\Program Files\CCleaner
2015-10-09 14:39 - 2014-10-26 00:24 - 00000000 ____D C:\Windows\Minidump

==================== Files in the root of some directories =======

2014-11-01 14:11 - 2014-11-01 14:11 - 0285478 ____H () C:\Program Files\569084471418571142779919224811710121830587.ico
2014-11-01 14:11 - 2014-11-01 14:11 - 0285478 ____H () C:\Program Files (x86)\44873372144719116123611015199532141106218.ico
2014-11-29 01:52 - 2010-07-01 21:24 - 0035048 _____ () C:\Users\Caio\AppData\Roaming\UserOrb.bmp
2015-07-03 20:46 - 2015-07-03 20:46 - 0007626 _____ () C:\Users\Caio\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Caio\AppData\Local\Temp\DriverEasy Pro 4.9.6 Keyg__10924_i1735401032_il1466482.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-11-06 13:18

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 09 November 2015 - 11:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.


start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.101\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll => No File
CHR Extension: (Free Slots) - C:\Users\Caio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gncgkjfgbkncmgekiidabkngldhokoio [2014-12-12] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Avast Online Security) - C:\Users\Caio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-28]
CHR Extension: (clickit) - C:\ProgramData\honhnicaeaclhjepfnakiiemcgdcfgbk\ []
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-12]
R4 WinDivert1.1; C:\Program Files\Diebold\Warsaw\WinDivert64.sys [38104 2015-04-01] (Basil)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
AlternateDataStreams: C:\Program Files (x86)\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Windows\System32:47DC9EF3_Bb.gbp
AlternateDataStreams: C:\Windows\system32\Drivers\gbpddfac64.sys:X5ZN8aGvT4
C:\Users\Caio\AppData\Local\Google\Chrome\User Data\Default\Extensions\gncgkjfgbkncmgekiidabkngldhokoio
C:\Program Files\Diebold\Warsaw\WinDivert64.sys

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

CHR dev: Chrome dev build detected! <======= ATTENTION

Your copy of Chrome has been compromised

Unless you did this yourself, malware has changed your Chrome version into the Development Build. Among other things this allows malware to install any extension it wants.

Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

===

Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

Before you do Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

If you want to save your passwords as well see here: http://www.intowindows.com/how-to-backup-saved-passwords-in-google-chrome-browser/

Re-install Chrome and the Bookmarks.

<<<>>>

How is the computer running now?

#3 Mollag

Mollag
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 10 November 2015 - 10:46 AM

sendind fixlog, i did uninstall chrome after deleting all data

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 11 November 2015 - 07:52 AM

Any remaining issues with this computer?

#5 Mollag

Mollag
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 02 December 2015 - 05:26 AM

it still freezing sometimes, Firefox just stop working or crash and close,



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 02 December 2015 - 10:33 AM

See if this will help regaining Firefox.

Remove Firefox using the instructions one this page.
https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer

Before proceeding save your Bookmarks.
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Install the latest version of the application.

You can then import them to the new version of Firefox.

Firefox Password manager -
Remember, delete and change saved passwords in Firefox
https://support.mozilla.org/en-US/kb/password-manager-remember-delete-change-passwords
<<<>>>

#7 Mollag

Mollag
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 04 December 2015 - 05:26 AM

i have another question, what should i do to improve my computer to stop the overheat and sometimes he just stop. Should i run another scan or use another malware/virus removal method ?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 04 December 2015 - 09:52 AM

Heat can be caused by many things.

Hardware problems inclucing RAM
Wrong version of divers.
Not having the latest Windows updates.

Start with this "Hardware and Devices troubleshooter".
http://windows.microsoft.com/en-ca/windows7/open-the-hardware-and-devices-troubleshooter

===

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • List last 10 Event Viewer log
  • List Devices (problems only)
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Post the log and let me know if you have found anything.

p.s.
If the over heating continues I suggest your backup all your important files.
Heat can damage your computer severely.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 10 December 2015 - 09:41 AM

Are you still with me?

#10 Mollag

Mollag
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 11 December 2015 - 08:51 AM

the logs from mini toolbox

Attached Files

  • Attached File  MTB.txt   12.25KB   0 downloads


#11 Mollag

Mollag
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 11 December 2015 - 08:53 AM

MiniToolBox by Farbar  Version: 02-11-2015
Ran by Caio (administrator) on 11-12-2015 at 09:50:17
Running from "C:\Users\Caio\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X64)
Model: GA-78LMT-S2 Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/08/2015 09:11:15 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: rsclient.exe, versão: 1.0.0.2, carimbo de hora: 0x48d312b1
Nome do módulo de falhas: gbieh.dll, versão: 4.15.0.15, carimbo de hora: 0x5601b694
Código de exceção: 0xc0000005
Deslocamento com falha: 0x00161501
Identificação do processo com falha: 0x1490
Hora de início do aplicativo com falha: 0xrsclient.exe0
Caminho do aplicativo com falha: rsclient.exe1
FCaminho do módulo de falhas: rsclient.exe2
Identificação do Relatório: rsclient.exe3

Error: (12/06/2015 01:01:35 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: winsat.exe, versão: 6.1.7601.17514, carimbo de hora: 0x4ce798fc
Nome do módulo de falhas: atiuxp64.dll, versão: 8.14.1.6489, carimbo de hora: 0x564be7cd
Código de exceção: 0xc0000005
Deslocamento com falha: 0x000000000000aa66
Identificação do processo com falha: 0x13a0
Hora de início do aplicativo com falha: 0xwinsat.exe0
Caminho do aplicativo com falha: winsat.exe1
FCaminho do módulo de falhas: winsat.exe2
Identificação do Relatório: winsat.exe3

Error: (12/05/2015 04:35:04 PM) (Source: Application Hang) (User: )
Description: O programa rsclient.exe versão 1.0.0.2 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: 168c

Hora de Início: 01d12f9c609cf39f

Hora de Término: 21

Caminho do Aplicativo: C:\Users\Caio\Downloads\rsclient.exe

Id do Relatório: a85c491c-9b8f-11e5-b464-902b34ff3d61

Error: (12/05/2015 09:09:59 AM) (Source: Application Hang) (User: )
Description: O programa Explorer.EXE versão 6.1.7601.17514 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: 74c

Hora de Início: 01d12f5b50b76422

Hora de Término: 0

Caminho do Aplicativo: C:\Windows\Explorer.EXE

Id do Relatório: 37e65434-9b51-11e5-9cc0-902b34ff3d61

Error: (12/05/2015 09:04:35 AM) (Source: Application Hang) (User: )
Description: O programa Hearthstone.exe versão 4.1.0.10956 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: 100c

Hora de Início: 01d12f5c77cd26fd

Hora de Término: 27

Caminho do Aplicativo: C:\Program Files (x86)\Hearthstone\Hearthstone.exe

Id do Relatório: 79e45358-9b50-11e5-9cc0-902b34ff3d61

Error: (12/01/2015 03:01:02 PM) (Source: RazerGameScanner) (User: )
Description: Serviço não pode ser iniciado. O processo do serviço não pôde se conectar ao controlador do serviço

Error: (11/30/2015 12:50:22 PM) (Source: Application Hang) (User: )
Description: O programa Hearthstone.exe versão 4.0.0.10833 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: 1140

Hora de Início: 01d12b8f12d9b974

Hora de Término: 7

Caminho do Aplicativo: C:\Program Files (x86)\Hearthstone\Hearthstone.exe

Id do Relatório: 6c5b1071-9782-11e5-843f-902b34ff3d61

Error: (11/27/2015 09:31:26 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: JagexLauncher.exe, versão: 0.0.0.0, carimbo de hora: 0x55142e3e
Nome do módulo de falhas: Flash32_19_0_0_226.ocx_unloaded, versão: 0.0.0.0, carimbo de hora: 0x561f2c93
Código de exceção: 0xc0000005
Deslocamento com falha: 0x5741a4f6
Identificação do processo com falha: 0x494
Hora de início do aplicativo com falha: 0xJagexLauncher.exe0
Caminho do aplicativo com falha: JagexLauncher.exe1
FCaminho do módulo de falhas: JagexLauncher.exe2
Identificação do Relatório: JagexLauncher.exe3

Error: (11/27/2015 09:27:24 AM) (Source: Application Hang) (User: )
Description: O programa Au_.exe versão 0.0.0.0 parou de interagir com o Windows e foi fechado. Para ver se há mais informações disponíveis sobre o problema, verifique o histórico de problemas no painel de controle da Central de Ações.

ID de Processo: b8c

Hora de Início: 01d129115b6460ee

Hora de Término: 2

Caminho do Aplicativo: C:\Users\Caio\AppData\Local\Temp\~nsu.tmp\Au_.exe

Id do Relatório:

Error: (11/21/2015 11:26:04 AM) (Source: Application Error) (User: )
Description: Nome de aplicativo com falha: TESV.exe, versão: 1.9.32.0, carimbo de hora: 0x51437ce5
Nome do módulo de falhas: ltc_game32-105427.dll, versão: 1.0.0.1, carimbo de hora: 0x56454617
Código de exceção: 0xc0000409
Deslocamento com falha: 0x0012d2a2
Identificação do processo com falha: 0x11ac
Hora de início do aplicativo com falha: 0xTESV.exe0
Caminho do aplicativo com falha: TESV.exe1
FCaminho do módulo de falhas: TESV.exe2
Identificação do Relatório: TESV.exe3


System errors:
=============
Error: (12/11/2015 09:30:51 AM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
%%2

Error: (12/11/2015 09:28:34 AM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
%%2

Error: (12/11/2015 09:28:27 AM) (Source: Service Control Manager) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
gbpddreg

Error: (12/10/2015 09:22:14 AM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
%%2

Error: (12/10/2015 09:19:45 AM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
%%2

Error: (12/10/2015 09:19:39 AM) (Source: Service Control Manager) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
gbpddreg

Error: (12/09/2015 07:55:13 AM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
%%2

Error: (12/09/2015 07:54:26 AM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
%%2

Error: (12/09/2015 07:54:18 AM) (Source: Service Control Manager) (User: )
Description: Falha ao carregar o(s) seguinte(s) driver(s) de início do sistema ou de inicialização:
gbpddreg

Error: (12/08/2015 08:03:11 AM) (Source: Service Control Manager) (User: )
Description: Não foi possível iniciar o serviço Gbpddreg svc devido ao seguinte erro:
%%2


Microsoft Office Sessions:
=========================
Error: (12/08/2015 09:11:15 AM) (Source: Application Error)(User: )
Description: rsclient.exe1.0.0.248d312b1gbieh.dll4.15.0.155601b694c000000500161501149001d131b9e7bc61dfC:\Users\Caio\Desktop\rsclient.exeC:\Program Files (x86)\GbPlugin\gbieh.dll29165ac1-9dad-11e5-8a99-902b34ff3d61

Error: (12/06/2015 01:01:35 AM) (Source: Application Error)(User: )
Description: winsat.exe6.1.7601.175144ce798fcatiuxp64.dll8.14.1.6489564be7cdc0000005000000000000aa6613a001d12fe2fa2b4baaC:\Windows\system32\winsat.exeC:\Windows\system32\atiuxp64.dll6c096968-9bd6-11e5-b464-902b34ff3d61

Error: (12/05/2015 04:35:04 PM) (Source: Application Hang)(User: )
Description: rsclient.exe1.0.0.2168c01d12f9c609cf39f21C:\Users\Caio\Downloads\rsclient.exea85c491c-9b8f-11e5-b464-902b34ff3d61

Error: (12/05/2015 09:09:59 AM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.1.7601.1751474c01d12f5b50b764220C:\Windows\Explorer.EXE37e65434-9b51-11e5-9cc0-902b34ff3d61

Error: (12/05/2015 09:04:35 AM) (Source: Application Hang)(User: )
Description: Hearthstone.exe4.1.0.10956100c01d12f5c77cd26fd27C:\Program Files (x86)\Hearthstone\Hearthstone.exe79e45358-9b50-11e5-9cc0-902b34ff3d61

Error: (12/01/2015 03:01:02 PM) (Source: RazerGameScanner)(User: )
Description: Serviço não pode ser iniciado. O processo do serviço não pôde se conectar ao controlador do serviço

Error: (11/30/2015 12:50:22 PM) (Source: Application Hang)(User: )
Description: Hearthstone.exe4.0.0.10833114001d12b8f12d9b9747C:\Program Files (x86)\Hearthstone\Hearthstone.exe6c5b1071-9782-11e5-843f-902b34ff3d61

Error: (11/27/2015 09:31:26 AM) (Source: Application Error)(User: )
Description: JagexLauncher.exe0.0.0.055142e3eFlash32_19_0_0_226.ocx_unloaded0.0.0.0561f2c93c00000055741a4f649401d129134fa3303dC:\Users\Caio\jagexcache\jagexlauncher\bin\JagexLauncher.exeFlash32_19_0_0_226.ocx27f18b3f-950b-11e5-b610-902b34ff3d61

Error: (11/27/2015 09:27:24 AM) (Source: Application Hang)(User: )
Description: Au_.exe0.0.0.0b8c01d129115b6460ee2C:\Users\Caio\AppData\Local\Temp\~nsu.tmp\Au_.exe

Error: (11/21/2015 11:26:04 AM) (Source: Application Error)(User: )
Description: TESV.exe1.9.32.051437ce5ltc_game32-105427.dll1.0.0.156454617c00004090012d2a211ac01d12470c8728a10C:\Program Files (x86)\The Elder Scrolls V Skyrim\TESV.exeC:\PROGRA~2\Raptr\ltc_game32-105427.dll2cfc9875-9064-11e5-8543-902b34ff3d61


CodeIntegrity Errors:
===================================
  Date: 2015-03-15 11:43:35.398
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 11:23:53.617
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 10:52:16.050
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 06:37:05.428
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 06:02:16.934
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-15 01:23:44.058
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-14 13:52:54.127
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-14 13:41:35.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-14 13:27:21.240
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-03-14 13:10:28.755
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\user32.dll because the set of per-page image hashes could not be found on the system.


========================= Devices: ================================


**** End of log ****
 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 11 December 2015 - 10:11 AM

I suspect that you have some driver issues.
Check to make sure you have the latest drivers.

Navigate to this page.
http://secunia.com/vulnerability_scanning/personal/

Download and install the Secunia PSI.

Run the application and updates all the programs/drivers that needs to be updated.

===
p.s.

Secunia will start looking for new updates every time you boot the system.
This is an overkill. When all is well you can remove it using the Control Panel > Programs and Features applet.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 17 December 2015 - 11:11 AM

Are you still with me?

#14 Mollag

Mollag
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:34 AM

Posted 22 December 2015 - 07:16 AM

that secunia psi just bleeped up my Windows, he wasnt starting and i had to reinstall it yesterday :/


lost so many things on HD but at least computer seems faster



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:34 AM

Posted 22 December 2015 - 11:22 AM

You may want to check the integrity of your hardware.

http://windows.microsoft.com/en-ca/windows7/open-the-hardware-and-devices-troubleshooter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users