Gian

Hi, I've just did all the steps (in safe mode it found two av and I uninstalled both). But it didn't work. after the reboot egui.exe didn't start alone, just manually.

Problem still unsolved. No one??

Under Applications and Services Logs > Microsoft I found those: - System - Provider [ Name] Microsoft-Windows-Application-Experience [ Guid] {EEF54E71-0661-422D-9A98-82FD4940B820} EventID 500 Version 0 Level 4 Task 0 Opcode 0 Keywords 0x1000000000000000 - TimeCreated [ SystemTime] 2013-06-13T20:10:52.488132300Z EventRecordID 3948 Correlation - Execution [ ProcessID] 4392 [ ThreadID] 4556 Channel Microsoft-Windows-Application-Experience/Program-Telemetry Computer Giancarlo-PC - Security [ UserID] S-1-5-21-3457655566-41676810-2050159195-1000 - UserData - CompatibilityFixEvent ProcessId 4392 StartTime 2013-06-13T20:10:52.347732000Z FixID {F5AC3378-B8E4-4F9B-AA9A-D839E5B1EF06} Flags 0x20102 ExePath C:\Program Files\ESET\ESET Smart Security\egui.exe FixName RunAsAdmin -------------------------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------------------------------------------- - System - Provider [ Name] Microsoft-Windows-Application-Experience [ Guid] {EEF54E71-0661-422D-9A98-82FD4940B820} EventID 500 Version 0 Level 4 Task 0 Opcode 0 Keywords 0x1000000000000000 - TimeCreated [ SystemTime] 2013-06-12T19:51:04.591167000Z EventRecordID 3944 Correlation - Execution [ ProcessID] 5668 [ ThreadID] 3280 Channel Microsoft-Windows-Application-Experience/Program-Telemetry Computer Giancarlo-PC - Security [ UserID] S-1-5-21-3457655566-41676810-2050159195-1000 - UserData - CompatibilityFixEvent ProcessId 5668 StartTime 2013-06-12T19:51:04.431165600Z FixID {F5AC3378-B8E4-4F9B-AA9A-D839E5B1EF06} Flags 0x20102 ExePath C:\Program Files\ESET\ESET Smart Security\egui.exe FixName RunAsAdmin ----------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------------------------------------------------------------------------- - System - Provider [ Name] Microsoft-Windows-Application-Experience [ Guid] {EEF54E71-0661-422D-9A98-82FD4940B820} EventID 500 Version 0 Level 4 Task 0 Opcode 0 Keywords 0x1000000000000000 - TimeCreated [ SystemTime] 2013-06-11T18:50:09.170124800Z EventRecordID 3927 Correlation - Execution [ ProcessID] 3124 [ ThreadID] 3556 Channel Microsoft-Windows-Application-Experience/Program-Telemetry Computer Giancarlo-PC - Security [ UserID] S-1-5-21-3457655566-41676810-2050159195-1000 - UserData - CompatibilityFixEvent ProcessId 3124 StartTime 2013-06-11T18:50:08.514923600Z FixID {F5AC3378-B8E4-4F9B-AA9A-D839E5B1EF06} Flags 0x20102 ExePath C:\Program Files\ESET\ESET Smart Security\egui.exe FixName RunAsAdmin ----------------------------------------------------------------------------------------------------------------------------------------------------------------- ----------------------------------------------------------------------------------------------------------------------------------------------------------------- - System - Provider [ Name] Microsoft-Windows-Application-Experience [ Guid] {EEF54E71-0661-422D-9A98-82FD4940B820} EventID 500 Version 0 Level 4 Task 0 Opcode 0 Keywords 0x1000000000000000 - TimeCreated [ SystemTime] 2012-02-08T17:15:31.566382100Z EventRecordID 3924 Correlation - Execution [ ProcessID] 3260 [ ThreadID] 4704 Channel Microsoft-Windows-Application-Experience/Program-Telemetry Computer Giancarlo-PC - Security [ UserID] S-1-5-21-3457655566-41676810-2050159195-1000 - UserData - CompatibilityFixEvent ProcessId 3260 StartTime 2012-02-08T17:15:31.467376500Z FixID {F5AC3378-B8E4-4F9B-AA9A-D839E5B1EF06} Flags 0x20102 ExePath C:\Program Files\ESET\ESET Smart Security\egui.exe FixName RunAsAdmin ------------------------------------------------------------------------------------------------------------------------------------------------------------ ------------------------------------------------------------------------------------------------------------------------------------------------------------ - System - Provider [ Name] Microsoft-Windows-Application-Experience [ Guid] {EEF54E71-0661-422D-9A98-82FD4940B820} EventID 500 Version 0 Level 4 Task 0 Opcode 0 Keywords 0x1000000000000000 - TimeCreated [ SystemTime] 2011-12-19T22:34:28.952085700Z EventRecordID 3767 Correlation - Execution [ ProcessID] 444 [ ThreadID] 2428 Channel Microsoft-Windows-Application-Experience/Program-Telemetry Computer Giancarlo-PC - Security [ UserID] S-1-5-21-3457655566-41676810-2050159195-1000 - UserData - CompatibilityFixEvent ProcessId 444 StartTime 2011-12-19T22:34:28.756074500Z FixID {F5AC3378-B8E4-4F9B-AA9A-D839E5B1EF06} Flags 0x20102 ExePath C:\Program Files\ESET\ESET Smart Security\egui.exe FixName RunAsAdmin ------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------- - System - Provider [ Name] Microsoft-Windows-Diagnostics-Performance [ Guid] {CFC18EC0-96B1-4EBA-961B-622CAEE05B0A} EventID 201 Version 1 Level 3 Task 4007 Opcode 41 Keywords 0x8000000000010000 - TimeCreated [ SystemTime] 2011-12-15T08:09:32.068373300Z EventRecordID 4758 - Correlation [ ActivityID] {00000000-48C4-0000-641E-136200BBCC01} - Execution [ ProcessID] 1488 [ ThreadID] 1520 Channel Microsoft-Windows-Diagnostics-Performance/Operational Computer Giancarlo-PC - Security [ UserID] S-1-5-19 - EventData StartTime 2011-12-15T01:46:56.041482900Z NameLength 9 Name egui.exe FriendlyNameLength 9 FriendlyName ESET GUI VersionLength 10 Version 4.2.71.2 TotalTime 2522 DegradationTime 2111 PathLength 51 Path C:\Program Files\ESET\ESET Smart Security\egui.exe ProductNameLength 20 ProductName ESET Smart Security CompanyNameLength 5 CompanyNameESET _____________________________________________________________________________________________________ ------------------------------------------------------------------------------------------------------------------------------------------------------------------

- System - Provider [ Name] Microsoft-Windows-Security-Auditing [ Guid] {54849625-5478-4994-A5BA-3E3B0328C30D} EventID 4907 Version 0 Level 0 Task 13568 Opcode 0 Keywords 0x8020000000000000 - TimeCreated [ SystemTime] 2013-06-18T03:15:05.906671600Z EventRecordID 43252 Correlation - Execution [ ProcessID] 656 [ ThreadID] 676 Channel Security Computer Giancarlo-PC Security - EventData SubjectUserSid S-1-5-21-3457655566-41676810-2050159195-1000 SubjectUserName Giancarlo SubjectDomainName Giancarlo-PC SubjectLogonId 0x1aa8e ObjectServer Security ObjectType File ObjectName C:\Program Files\ESET\ESET Smart Security\egui.exe HandleId 0x304 OldSd NewSd S:ARAI(AU;IDSA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-21-3457655566-41676810-2050159195-1000) ProcessId 0x2d4 ProcessName C:\Windows\System32\dllhost.exe

In the Event Viewer > Windows registry > System, I didn't found nothing. In Custom Views I found this: - System - Provider [ Name] Microsoft-Windows-Security-Auditing [ Guid] {54849625-5478-4994-A5BA-3E3B0328C30D} EventID 4907 Version 0 Level 0 Task 13568 Opcode 0 Keywords 0x8020000000000000 - TimeCreated [ SystemTime] 2013-06-18T03:18:15.120494000Z EventRecordID 43366 Correlation - Execution [ ProcessID] 656 [ ThreadID] 676 Channel Security Computer Giancarlo-PC Security - EventData SubjectUserSid S-1-5-21-3457655566-41676810-2050159195-1000 SubjectUserName Giancarlo SubjectDomainName Giancarlo-PC SubjectLogonId 0x1aa8e ObjectServer Security ObjectType File ObjectName C:\Program Files\ESET\ESET Smart Security\egui.exe HandleId 0x304 OldSd S:AI(AU;IDSA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-21-3457655566-41676810-2050159195-1000) NewSd S:ARAI(AU;IDSA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;S-1-5-21-3457655566-41676810-2050159195-1000)(AU;IDSA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD) ProcessId 0x1da0 ProcessName C:\Windows\System32\dllhost.exe

Just uninstall Spybot and Malwarebytes, nothing changed. In register editor I can see that in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run there is the value; egui REG_SZ "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

Of course it is not running on Task manager. I will try to uninstall spybot and malwarebytes, but I always had both before and never had problems, and they are not set to start with windows, I just manually start them whem I want to perform an extra scan. I have no ZoneAlarm installed.

P.s.: since this topic wasn't appearing after I created it, I recreated the topic with a short description, and that topic appeared. Now that it's not there anymore, for the person who asked if I can manually star egui.exe the answer is yes. Sorry for the double post!