Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows Antivirus somehow de-activated resulting in infection

infection antivirus de-activated

  • Please log in to reply

#46
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 07/10/2019 4:24:53 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 07/10/2019 2:23:53 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}  and APPID  {15C20B67-12E7-4BB6-92BB-7AFF07997402}  to the user DAVIDDELL2\David Jackson SID (S-1-5-21-2490165305-1638453623-257508744-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 07/10/2019 2:22:42 PM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred.  Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express)  Primary Bus:Device:Function: 0x0:0x1C:0x5 Secondary Bus:Device:Function: 0x0:0x0:0x0 Primary Device Name:PCI\VEN_8086&DEV_9D15&SUBSYS_08411028&REV_F1 Secondary Device Name:
 
Log: 'System' Date/Time: 07/10/2019 2:21:50 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 07/10/2019 2:21:50 PM
Type: Warning Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Log: 'System' Date/Time: 07/10/2019 2:21:49 PM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred.  Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express)  Primary Bus:Device:Function: 0x0:0x1C:0x5 Secondary Bus:Device:Function: 0x0:0x0:0x0 Primary Device Name:PCI\VEN_8086&DEV_9D15&SUBSYS_08411028&REV_F1 Secondary Device Name:
 
Log: 'System' Date/Time: 07/10/2019 2:21:47 PM
Type: Warning Category: 7
Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power
The speed of processor 7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
 
Log: 'System' Date/Time: 07/10/2019 2:21:15 PM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred.  Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express)  Primary Bus:Device:Function: 0x0:0x1C:0x5 Secondary Bus:Device:Function: 0x0:0x0:0x0 Primary Device Name:PCI\VEN_8086&DEV_9D15&SUBSYS_08411028&REV_F1 Secondary Device Name:
 
Log: 'System' Date/Time: 07/10/2019 2:21:06 PM
Type: Warning Category: 0
Event: 17 Source: Microsoft-Windows-WHEA-Logger
A corrected hardware error has occurred.  Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express)  Primary Bus:Device:Function: 0x0:0x1C:0x5 Secondary Bus:Device:Function: 0x0:0x0:0x0 Primary Device Name:PCI\VEN_8086&DEV_9D15&SUBSYS_08411028&REV_F1 Secondary Device Name:
 
Log: 'System' Date/Time: 07/10/2019 2:20:39 PM
Type: Warning Category: 0
Event: 1 Source: rt640x64
Realtek PCIe GBE Family Controller is disconnected from network.
 
Log: 'System' Date/Time: 07/10/2019 2:20:35 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device ACPI\INT3400\2&daba3ff&1.

  • 0

Advertisements


#47
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 07/10/2019 4:25:49 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/10/2019 2:22:09 PM
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Log: 'Application' Date/Time: 07/10/2019 2:21:39 PM
Type: Error Category: 0
Event: 8198 Source: Microsoft-Windows-Security-SPP
License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 07/10/2019 2:21:55 PM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=UserLogon(1)
 
Log: 'Application' Date/Time: 07/10/2019 2:21:32 PM
Type: Warning Category: 0
Event: 8233 Source: Microsoft-Windows-Security-SPP
The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=NetworkAvailable

  • 0

#48
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

When I ran that Clearing operation there was a warning message:

 

A connected hardware error has occurred.

Component: PCI Express root port

WHEA-Logger


  • 0

#49
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,950 posts
  • MVP

The error is from the chipset. 

 

Instead of Extract All choose the chipset option.  Any of them will work but the last one is less messy.  Guess they have changed it since I last extracted a zip.

 

Can you close Skype?  It's causing a lot of faults and may be why RuntimeBroker is running so high.


  • 0

#50
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Thank you for your help and support. I have closed Skype. I have installed the chipset. There is an immediate improvement: the desktop icons all opened at once, youtube windows all open no blanks; however, when I opened a newspaper there were blanks. Perhaps when I upgrade my RAM once back in London in a couple of weeks that will sort that out. Generally, it's faster. Thank you very much indeed.


  • 0

#51
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,950 posts
  • MVP

The blanks may be where ads were.  If you have an ad-blocker try turning it off for the page and then reloading the page.


  • 0

#52
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Thank you but no, in this case they are clearly the particular article's missing accompanying photos. They do load as you scroll the page, but sporadically and slowly.


  • 0

#53
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,950 posts
  • MVP

Can you do a new Latency Mon scan and show me the summary?

 

Also let's do a minitoolbox:

 

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
 


  • 0

#54
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts
Snip5.PNG MiniToolBox by Farbar  Version: 17-06-2016
Ran by David Jackson (administrator) on 07-10-2019 at 21:44:45
Running from "C:\Users\David Jackson\Desktop"
Microsoft Windows 10 Home  (X64)
Model: Vostro 3478 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Qualcomm QCA9377 802.11ac Wireless Adapter = Wi-Fi (Connected)
Astrill SSL VPN Adapter = Astrill SSL VPN (Media disconnected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Astrill SSL VPN" forwarding=enabled advertise=enabled metric=1 nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DavidDell2
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Astrill SSL VPN:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Astrill SSL VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-2B-A2-BB-21
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 54-48-10-DA-BF-64
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 12:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #3
   Physical Address. . . . . . . . . : DA-9C-67-3C-B0-59
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 13:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #4
   Physical Address. . . . . . . . . : EA-9C-67-3C-B0-59
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Qualcomm QCA9377 802.11ac Wireless Adapter
   Physical Address. . . . . . . . . : D8-9C-67-3C-B0-59
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4dbb:bf4:ae02:3fc4%15(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.88.249(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, October 7, 2019 7:43:47 PM
   Lease Expires . . . . . . . . . . : Monday, October 7, 2019 9:53:46 PM
   Default Gateway . . . . . . . . . : 192.168.88.1
   DHCP Server . . . . . . . . . . . : 192.168.88.1
   DHCPv6 IAID . . . . . . . . . . . : 249076839
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-23-58-CA-31-54-48-10-DA-BF-64
   DNS Servers . . . . . . . . . . . : 192.168.88.1
                                       192.168.1.1
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Bluetooth Network Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : D8-9C-67-3C-B0-5A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  router.lan
Address:  192.168.88.1
 
Name:    google.com
Addresses:  2a00:1450:4002:802::200e
  172.217.21.78
 
 
Pinging google.com [172.217.21.78] with 32 bytes of data:
Reply from 172.217.21.78: bytes=32 time=60ms TTL=53
Reply from 172.217.21.78: bytes=32 time=56ms TTL=53
 
Ping statistics for 172.217.21.78:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 56ms, Maximum = 60ms, Average = 58ms
Server:  router.lan
Address:  192.168.88.1
 
Name:    yahoo.com
Addresses:  2001:4998:58:1836::10
  2001:4998:c:1023::5
  2001:4998:58:1836::11
  2001:4998:c:1023::4
  2001:4998:44:41d::4
  2001:4998:44:41d::3
  98.137.246.7
  72.30.35.10
  98.138.219.231
  72.30.35.9
  98.137.246.8
  98.138.219.232
 
 
Pinging yahoo.com [72.30.35.10] with 32 bytes of data:
Reply from 72.30.35.10: bytes=32 time=167ms TTL=50
Reply from 72.30.35.10: bytes=32 time=166ms TTL=50
 
Ping statistics for 72.30.35.10:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 166ms, Maximum = 167ms, Average = 166ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  8...00 ff 2b a2 bb 21 ......Astrill SSL VPN Adapter
 13...54 48 10 da bf 64 ......Realtek PCIe GBE Family Controller
 10...da 9c 67 3c b0 59 ......Microsoft Wi-Fi Direct Virtual Adapter #3
  4...ea 9c 67 3c b0 59 ......Microsoft Wi-Fi Direct Virtual Adapter #4
 15...d8 9c 67 3c b0 59 ......Qualcomm QCA9377 802.11ac Wireless Adapter
  6...d8 9c 67 3c b0 5a ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.88.1   192.168.88.249     50
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
     192.168.88.0    255.255.255.0         On-link    192.168.88.249    306
   192.168.88.249  255.255.255.255         On-link    192.168.88.249    306
   192.168.88.255  255.255.255.255         On-link    192.168.88.249    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link    192.168.88.249    306
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link    192.168.88.249    306
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
 15    306 fe80::/64                On-link
 15    306 fe80::4dbb:bf4:ae02:3fc4/128
                                    On-link
  1    331 ff00::/8                 On-link
 15    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\NLAapi.dll [70144] (Microsoft Corporation)
Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86528] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86528] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\NLAapi.dll [93184] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)
x64-Catalog9 14 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/07/2019 08:50:54 PM) (Source: ESENT) (User: )
Description: svchost (6332,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (10/07/2019 08:19:35 PM) (Source: ESENT) (User: )
Description: svchost (644,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (10/07/2019 08:12:02 PM) (Source: ESENT) (User: )
Description: svchost (3848,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (10/07/2019 08:00:47 PM) (Source: ESENT) (User: )
Description: svchost (3452,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (10/07/2019 07:45:50 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F074
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (10/07/2019 07:44:26 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007139F
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (10/07/2019 07:42:19 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (10/07/2019 07:42:19 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
Error: (10/07/2019 07:42:19 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (10/07/2019 07:42:19 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (10/07/2019 08:50:54 PM) (Source: ESENT)(User: )
Description: svchost6332,R,98TILEREPOSITORYS-1-5-18: C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log-1023 (0xfffffc01)
 
Error: (10/07/2019 08:19:35 PM) (Source: ESENT)(User: )
Description: svchost644,R,98TILEREPOSITORYS-1-5-18: C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log-1023 (0xfffffc01)
 
Error: (10/07/2019 08:12:02 PM) (Source: ESENT)(User: )
Description: svchost3848,R,98TILEREPOSITORYS-1-5-18: C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log-1023 (0xfffffc01)
 
Error: (10/07/2019 08:00:47 PM) (Source: ESENT)(User: )
Description: svchost3452,R,98TILEREPOSITORYS-1-5-18: C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log-1023 (0xfffffc01)
 
Error: (10/07/2019 07:45:50 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (10/07/2019 07:44:26 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007139FRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (10/07/2019 07:42:19 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007045b, A system shutdown is in progress.
 
Error: (10/07/2019 07:42:19 PM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x8007045b, A system shutdown is in progress.
 
Error: (10/07/2019 07:42:19 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x8007045b, A system shutdown is in progress.
 
Error: (10/07/2019 07:42:19 PM) (Source: VSS)(User: )
Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x8007045b, A system shutdown is in progress.
 
 
CodeIntegrity Errors:
===================================
  Date: 2019-10-07 19:45:06.499
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2019-10-07 19:45:06.487
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2019-10-07 19:45:06.475
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2019-10-07 19:45:06.462
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2019-10-07 19:45:06.447
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2019-10-07 19:45:06.435
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2019-10-07 19:45:06.422
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2019-10-07 19:45:06.404
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2019-10-07 19:44:05.635
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
 
  Date: 2019-10-07 19:44:05.436
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
 
 
=========================== Installed Programs ============================
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.255 - Adobe)
Anki (HKLM-x32\...\Anki) (Version: 2.1.13 - )
Astrill (HKLM\...\{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1) (Version:  - Astrill)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 77.0.69.132 - Brave Software Inc)
calibre (HKLM-x32\...\{ED468F84-6B55-4FFD-A0C2-3C2064696A88}) (Version: 3.40.1 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.62 - Piriform)
f.lux (HKCU\...\Flux) (Version:  - f.lux Software LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.1 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Intel Driver && Support Assistant (HKLM-x32\...\{C2BB0965-B84D-4689-A4B0-AA40250C5C4D}) (Version: 19.9.38.6 - Intel) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{262e9c1d-e509-4e2a-86e8-0abb312ac2e9}) (Version: 10.1.17765.8094 - Intel® Corporation) Hidden
Intel® Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)
Intel® Graphics Driver Software (HKLM-x32\...\{34b71f5b-fd06-4029-966e-c1d187ea90a7}) (Version: 3.11.1.0 - Intel) Hidden
Intel® Graphics Driver Software (HKLM-x32\...\{d7a872bf-e69e-4300-8537-086dc6abbf23}) (Version: 3.11.1.0 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7212 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{f4fb06ec-c4f2-465a-a239-9c8bd6fd7108}) (Version: 19.9.38.6 - Intel)
LatencyMon 6.71 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9326.0 - Waves Audio Ltd.) Hidden
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 19.152.0801.0008 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.2 - Mozilla)
Open-Shell (HKLM\...\{FD722BB1-4960-455F-89C6-EFAEB79527EF}) (Version: 4.4.131 - The Open-Shell Team)
Opera Stable 63.0.3368.107 (HKCU\...\Opera 63.0.3368.107) (Version: 63.0.3368.107 - Opera Software)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10454 - Qualcomm)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31231 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8339 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Skype version 8.41 (HKLM-x32\...\Skype_is1) (Version: 8.41 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1264 - SUPERAntiSpyware.com)
Update for Skype for Business 2016 (KB3127939) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{0E31A60F-4066-4FD8-AB36-4119E0FED3D9}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3127939) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{0E31A60F-4066-4FD8-AB36-4119E0FED3D9}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
VSDC Free Video Editor version 6.3.1.939 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.3.1.939 - Flash-Integro LLC)
Vulkan Run Time Libraries 1.0.68.0 (HKLM\...\VulkanRT1.0.68.0) (Version: 1.0.68.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.68.0 (HKLM\...\VulkanRT1.0.68.0-2) (Version: 1.0.68.0 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22514 - Microsoft Corporation)
WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)
WordWeb (HKLM-x32\...\WordWeb) (Version: 8 - WordWeb Software)
YTD Video Downloader 5.9.13 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.9.13 - GreenTree Applications SRL)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 69%
Total physical RAM: 3961.07 MB
Available physical RAM: 1204.43 MB
Total Virtual: 16249.07 MB
Available Virtual: 12309.32 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:100 GB) (Free:40.55 GB) NTFS
2 Drive d: () (Fixed) (Total:272 GB) (Free:237.8 GB) NTFS
3 Drive e: () (Fixed) (Total:272 GB) (Free:271.53 GB) NTFS
4 Drive f: () (Fixed) (Total:272.88 GB) (Free:265.96 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DAVIDDELL2
 
Administrator            David Jackson            DefaultAccount           
defaultuser0             Guest                    WDAGUtilityAccount       
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
06-10-2019 13:16:39 O&O ShutUp10
 
**** End of log ****
 

  • 0

#55
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,950 posts
  • MVP

Go back into Task Scheduler and see if the three tasks in Microsoft/Windows/Application Experience have gotten turned back on.  If they have try Deleting them instead of Disabling.


  • 0

Advertisements


#56
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Deleted.


  • 0

#57
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,950 posts
  • MVP

Reboot and let's see what Latency Mon says about the page faults.


  • 0

#58
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Thank you.Snip6.PNG


  • 0

#59
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,950 posts
  • MVP

Looks like it came back.  Did you reboot after deleting the tasks?  Look and see if they came back.


  • 0

#60
daba

daba

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 225 posts

Yes I did. They are not back. Don't know what you mean by 'it came back.' Sorry.


  • 0






Similar Topics


Also tagged with one or more of these keywords: infection, antivirus de-activated

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP