Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows Antivirus somehow de-activated resulting in infection

Started by daba , Sep 25 2019 06:16 AM

infection antivirus de-activated

Page 4 of 10
2
3
4
5
6

Please log in to reply

#46
daba

Posted 07 October 2019 - 08:25 AM

Member

Topic Starter
Member
367 posts

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 07/10/2019 4:24:53 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'System' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'System' Date/Time: 07/10/2019 2:23:53 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} and APPID {15C20B67-12E7-4BB6-92BB-7AFF07997402} to the user DAVIDDELL2\David Jackson SID (S-1-5-21-2490165305-1638453623-257508744-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 07/10/2019 2:22:42 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

A corrected hardware error has occurred. Component: PCI Express Root Port Error Source: Advanced Error Reporting (PCI Express) Primary Bus:Device:Function: 0x0:0x1C:0x5 Secondary Bus:Device:Function: 0x0:0x0:0x0 Primary Device Name:PCI\VEN_8086&DEV_9D15&SUBSYS_08411028&REV_F1 Secondary Device Name:

Log: 'System' Date/Time: 07/10/2019 2:21:50 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 07/10/2019 2:21:50 PM

Type: Warning Category: 0

Event: 10016 Source: Microsoft-Windows-DistributedCOM

Log: 'System' Date/Time: 07/10/2019 2:21:49 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 07/10/2019 2:21:47 PM

Type: Warning Category: 7

Event: 37 Source: Microsoft-Windows-Kernel-Processor-Power

The speed of processor 7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.

Log: 'System' Date/Time: 07/10/2019 2:21:15 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 07/10/2019 2:21:06 PM

Type: Warning Category: 0

Event: 17 Source: Microsoft-Windows-WHEA-Logger

Log: 'System' Date/Time: 07/10/2019 2:20:39 PM

Type: Warning Category: 0

Event: 1 Source: rt640x64

Realtek PCIe GBE Family Controller is disconnected from network.

Log: 'System' Date/Time: 07/10/2019 2:20:35 PM

Type: Warning Category: 212

Event: 219 Source: Microsoft-Windows-Kernel-PnP

The driver \Driver\WudfRd failed to load for the device ACPI\INT3400\2&daba3ff&1.

#47
daba

Posted 07 October 2019 - 08:26 AM

Member

Topic Starter
Member
367 posts

Vino's Event Viewer v01c run on Windows 7 in English

Report run at 07/10/2019 4:25:49 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Critical Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Error Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 07/10/2019 2:22:09 PM

Type: Error Category: 0

Event: 8198 Source: Microsoft-Windows-Security-SPP

License Activation (slui.exe) failed with the following error code: hr=0xC004F074 Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Log: 'Application' Date/Time: 07/10/2019 2:21:39 PM

Type: Error Category: 0

Event: 8198 Source: Microsoft-Windows-Security-SPP

License Activation (slui.exe) failed with the following error code: hr=0x8007139F Command-line arguments: RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

'Application' Log - Warning Type

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log: 'Application' Date/Time: 07/10/2019 2:21:55 PM

Type: Warning Category: 0

Event: 8233 Source: Microsoft-Windows-Security-SPP

The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=UserLogon(1)

Log: 'Application' Date/Time: 07/10/2019 2:21:32 PM

Type: Warning Category: 0

Event: 8233 Source: Microsoft-Windows-Security-SPP

The rules engine reported a failed VL activation attempt. Reason:0xC004F074 AppId = 0ff1ce15-a989-479d-af46-f275c6370663, SkuId = d450596f-894d-49e0-966a-fd39ed4c4c64 Trigger=NetworkAvailable

#48
daba

Posted 07 October 2019 - 08:27 AM

Member

Topic Starter
Member
367 posts

When I ran that Clearing operation there was a warning message:

A connected hardware error has occurred.

Component: PCI Express root port

WHEA-Logger

#49
RKinner

Posted 07 October 2019 - 10:05 AM

Malware Expert

Expert
24,625 posts

The error is from the chipset.

Instead of Extract All choose the chipset option. Any of them will work but the last one is less messy. Guess they have changed it since I last extracted a zip.

Can you close Skype? It's causing a lot of faults and may be why RuntimeBroker is running so high.

#50
daba

Posted 07 October 2019 - 11:53 AM

Member

Topic Starter
Member
367 posts

Thank you for your help and support. I have closed Skype. I have installed the chipset. There is an immediate improvement: the desktop icons all opened at once, youtube windows all open no blanks; however, when I opened a newspaper there were blanks. Perhaps when I upgrade my RAM once back in London in a couple of weeks that will sort that out. Generally, it's faster. Thank you very much indeed.

#51
RKinner

Posted 07 October 2019 - 01:10 PM

Malware Expert

Expert
24,625 posts

The blanks may be where ads were. If you have an ad-blocker try turning it off for the page and then reloading the page.

#52
daba

Posted 07 October 2019 - 01:18 PM

Member

Topic Starter
Member
367 posts

Thank you but no, in this case they are clearly the particular article's missing accompanying photos. They do load as you scroll the page, but sporadically and slowly.

#53
RKinner

Posted 07 October 2019 - 01:39 PM

Malware Expert

Expert
24,625 posts

Can you do a new Latency Mon scan and show me the summary?

Also let's do a minitoolbox:

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

Flush DNS
Report IE Proxy Settings
~~Reset IE Proxy Settings~~
Report FF Proxy Settings
~~Reset FF Proxy Settings~~
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer Errors
List Installed Programs
List Devices
List Users, Partitions and Memory size.
List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

#54
daba

Posted 07 October 2019 - 01:46 PM

Member

Topic Starter
Member
367 posts

MiniToolBox by Farbar Version: 17-06-2016

Ran by David Jackson (administrator) on 07-10-2019 at 21:44:45

Running from "C:\Users\David Jackson\Desktop"

Microsoft Windows 10 Home (X64)

Model: Vostro 3478 Manufacturer: Dell Inc.

Boot Mode: Normal

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.

No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

========================= IP Configuration: ================================

Qualcomm QCA9377 802.11ac Wireless Adapter = Wi-Fi (Connected)

Astrill SSL VPN Adapter = Astrill SSL VPN (Media disconnected)

Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)

Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

reset

set global icmpredirects=enabled

set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Astrill SSL VPN" forwarding=enabled advertise=enabled metric=1 nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 4" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

set interface interface="Local Area Connection* 13" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled

popd

# End of IPv4 configuration

Windows IP Configuration

Host Name . . . . . . . . . . . . : DavidDell2

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Hybrid

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Astrill SSL VPN:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Astrill SSL VPN Adapter

Physical Address. . . . . . . . . : 00-FF-2B-A2-BB-21

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

Physical Address. . . . . . . . . : 54-48-10-DA-BF-64

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 12:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #3

Physical Address. . . . . . . . . : DA-9C-67-3C-B0-59

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #4

Physical Address. . . . . . . . . : EA-9C-67-3C-B0-59

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Qualcomm QCA9377 802.11ac Wireless Adapter

Physical Address. . . . . . . . . : D8-9C-67-3C-B0-59

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::4dbb:bf4:ae02:3fc4%15(Preferred)

IPv4 Address. . . . . . . . . . . : 192.168.88.249(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Monday, October 7, 2019 7:43:47 PM

Lease Expires . . . . . . . . . . : Monday, October 7, 2019 9:53:46 PM

Default Gateway . . . . . . . . . : 192.168.88.1

DHCP Server . . . . . . . . . . . : 192.168.88.1

DHCPv6 IAID . . . . . . . . . . . : 249076839

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-23-58-CA-31-54-48-10-DA-BF-64

DNS Servers . . . . . . . . . . . : 192.168.88.1

192.168.1.1

NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)

Physical Address. . . . . . . . . : D8-9C-67-3C-B0-5A

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Server: router.lan

Address: 192.168.88.1

Name: google.com

Addresses: 2a00:1450:4002:802::200e

172.217.21.78

Pinging google.com [172.217.21.78] with 32 bytes of data:

Reply from 172.217.21.78: bytes=32 time=60ms TTL=53

Reply from 172.217.21.78: bytes=32 time=56ms TTL=53

Ping statistics for 172.217.21.78:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 56ms, Maximum = 60ms, Average = 58ms

Server: router.lan

Address: 192.168.88.1

Name: yahoo.com

Addresses: 2001:4998:58:1836::10

2001:4998:c:1023::5

2001:4998:58:1836::11

2001:4998:c:1023::4

2001:4998:44:41d::4

2001:4998:44:41d::3

98.137.246.7

72.30.35.10

98.138.219.231

72.30.35.9

98.137.246.8

98.138.219.232

Pinging yahoo.com [72.30.35.10] with 32 bytes of data:

Reply from 72.30.35.10: bytes=32 time=167ms TTL=50

Reply from 72.30.35.10: bytes=32 time=166ms TTL=50

Ping statistics for 72.30.35.10:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 166ms, Maximum = 167ms, Average = 166ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

8...00 ff 2b a2 bb 21 ......Astrill SSL VPN Adapter

13...54 48 10 da bf 64 ......Realtek PCIe GBE Family Controller

10...da 9c 67 3c b0 59 ......Microsoft Wi-Fi Direct Virtual Adapter #3

4...ea 9c 67 3c b0 59 ......Microsoft Wi-Fi Direct Virtual Adapter #4

15...d8 9c 67 3c b0 59 ......Qualcomm QCA9377 802.11ac Wireless Adapter

6...d8 9c 67 3c b0 5a ......Bluetooth Device (Personal Area Network)

1...........................Software Loopback Interface 1

===========================================================================

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 192.168.88.1 192.168.88.249 50

127.0.0.0 255.0.0.0 On-link 127.0.0.1 331

127.0.0.1 255.255.255.255 On-link 127.0.0.1 331

127.255.255.255 255.255.255.255 On-link 127.0.0.1 331

192.168.88.0 255.255.255.0 On-link 192.168.88.249 306

192.168.88.249 255.255.255.255 On-link 192.168.88.249 306

192.168.88.255 255.255.255.255 On-link 192.168.88.249 306

224.0.0.0 240.0.0.0 On-link 127.0.0.1 331

224.0.0.0 240.0.0.0 On-link 192.168.88.249 306

255.255.255.255 255.255.255.255 On-link 127.0.0.1 331

255.255.255.255 255.255.255.255 On-link 192.168.88.249 306

===========================================================================

Persistent Routes:

None

IPv6 Route Table

===========================================================================

Active Routes:

If Metric Network Destination Gateway

1 331 ::1/128 On-link

15 306 fe80::/64 On-link

15 306 fe80::4dbb:bf4:ae02:3fc4/128

On-link

1 331 ff00::/8 On-link

15 306 ff00::/8 On-link

===========================================================================

Persistent Routes:

None

========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)

Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)

Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)

Catalog5 04 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)

Catalog5 05 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)

Catalog5 06 C:\WINDOWS\SysWOW64\NLAapi.dll [70144] (Microsoft Corporation)

Catalog5 07 C:\WINDOWS\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)

Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)

Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)

Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)

Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)

Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)

Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)

Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)

Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)

Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)

Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)

Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)

Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)

Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)

Catalog9 14 C:\WINDOWS\SysWOW64\mswsock.dll [324920] (Microsoft Corporation)

x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)

x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [86528] (Microsoft Corporation)

x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86528] (Microsoft Corporation)

x64-Catalog5 04 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)

x64-Catalog5 05 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)

x64-Catalog5 06 C:\Windows\System32\NLAapi.dll [93184] (Microsoft Corporation)

x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)

x64-Catalog9 01 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)

x64-Catalog9 02 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)

x64-Catalog9 03 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)

x64-Catalog9 04 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)

x64-Catalog9 05 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)

x64-Catalog9 06 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)

x64-Catalog9 07 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)

x64-Catalog9 08 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)

x64-Catalog9 09 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)

x64-Catalog9 10 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)

x64-Catalog9 11 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)

x64-Catalog9 12 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)

x64-Catalog9 13 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)

x64-Catalog9 14 C:\Windows\System32\mswsock.dll [407544] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:

==================

Error: (10/07/2019 08:50:54 PM) (Source: ESENT) (User: )

Description: svchost (6332,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (10/07/2019 08:19:35 PM) (Source: ESENT) (User: )

Description: svchost (644,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (10/07/2019 08:12:02 PM) (Source: ESENT) (User: )

Description: svchost (3848,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (10/07/2019 08:00:47 PM) (Source: ESENT) (User: )

Description: svchost (3452,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.

Error: (10/07/2019 07:45:50 PM) (Source: Software Protection Platform Service) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0xC004F074

Command-line arguments:

RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (10/07/2019 07:44:26 PM) (Source: Software Protection Platform Service) (User: )

Description: License Activation (slui.exe) failed with the following error code:

hr=0x8007139F

Command-line arguments:

Error: (10/07/2019 07:42:19 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.

Error: (10/07/2019 07:42:19 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.

]

Error: (10/07/2019 07:42:19 PM) (Source: VSS) (User: )

Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007045b, A system shutdown is in progress.

Error: (10/07/2019 07:42:19 PM) (Source: VSS) (User: )

]

System errors:

=============

Microsoft Office Sessions:

=========================

Error: (10/07/2019 08:50:54 PM) (Source: ESENT)(User: )

Description: svchost6332,R,98TILEREPOSITORYS-1-5-18: C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log-1023 (0xfffffc01)

Error: (10/07/2019 08:19:35 PM) (Source: ESENT)(User: )

Description: svchost644,R,98TILEREPOSITORYS-1-5-18: C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log-1023 (0xfffffc01)

Error: (10/07/2019 08:12:02 PM) (Source: ESENT)(User: )

Description: svchost3848,R,98TILEREPOSITORYS-1-5-18: C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log-1023 (0xfffffc01)

Error: (10/07/2019 08:00:47 PM) (Source: ESENT)(User: )

Description: svchost3452,R,98TILEREPOSITORYS-1-5-18: C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log-1023 (0xfffffc01)

Error: (10/07/2019 07:45:50 PM) (Source: Software Protection Platform Service)(User: )

Description: hr=0xC004F074RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=UserLogon;SessionId=1

Error: (10/07/2019 07:44:26 PM) (Source: Software Protection Platform Service)(User: )

Description: hr=0x8007139FRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=58e97c99-f377-4ef1-81d5-4ad5522b5fd8;NotificationInterval=1440;Trigger=NetworkAvailable

Error: (10/07/2019 07:42:19 PM) (Source: VSS)(User: )

Description: CoCreateInstance0x8007045b, A system shutdown is in progress.

Error: (10/07/2019 07:42:19 PM) (Source: VSS)(User: )

Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x8007045b, A system shutdown is in progress.

Error: (10/07/2019 07:42:19 PM) (Source: VSS)(User: )

Description: CoCreateInstance0x8007045b, A system shutdown is in progress.

Error: (10/07/2019 07:42:19 PM) (Source: VSS)(User: )

Description: {4e14fba2-2e22-11d1-9964-00c04fbbb345}CEventSystem0x8007045b, A system shutdown is in progress.

CodeIntegrity Errors:

===================================

Date: 2019-10-07 19:45:06.499

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.

Date: 2019-10-07 19:45:06.487

Date: 2019-10-07 19:45:06.475

Date: 2019-10-07 19:45:06.462

Date: 2019-10-07 19:45:06.447

Date: 2019-10-07 19:45:06.435

Date: 2019-10-07 19:45:06.422

Date: 2019-10-07 19:45:06.404

Date: 2019-10-07 19:44:05.635

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.

Date: 2019-10-07 19:44:05.436

=========================== Installed Programs ============================

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)

Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.255 - Adobe)

Anki (HKLM-x32\...\Anki) (Version: 2.1.13 - )

Astrill (HKLM\...\{A77BCF74-A5A3-441B-9923-305EAD8B7976}_is1) (Version: - Astrill)

Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 19.8.2393 - AVAST Software)

Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 77.0.69.132 - Brave Software Inc)

calibre (HKLM-x32\...\{ED468F84-6B55-4FFD-A0C2-3C2064696A88}) (Version: 3.40.1 - Kovid Goyal)

CCleaner (HKLM\...\CCleaner) (Version: 5.62 - Piriform)

f.lux (HKCU\...\Flux) (Version: - f.lux Software LLC)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 77.0.3865.90 - Google LLC)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.1 - Google LLC) Hidden

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden

Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

Intel Driver && Support Assistant (HKLM-x32\...\{C2BB0965-B84D-4689-A4B0-AA40250C5C4D}) (Version: 19.9.38.6 - Intel) Hidden

Intel® Chipset Device Software (HKLM-x32\...\{262e9c1d-e509-4e2a-86e8-0abb312ac2e9}) (Version: 10.1.17765.8094 - Intel® Corporation) Hidden

Intel® Computing Improvement Program (HKLM\...\{D40D4164-EEDB-4F0F-85C6-2058A9E34CC7}) (Version: 2.4.04370 - Intel Corporation)

Intel® Graphics Driver Software (HKLM-x32\...\{34b71f5b-fd06-4029-966e-c1d187ea90a7}) (Version: 3.11.1.0 - Intel) Hidden

Intel® Graphics Driver Software (HKLM-x32\...\{d7a872bf-e69e-4300-8537-086dc6abbf23}) (Version: 3.11.1.0 - Intel) Hidden

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7212 - Intel Corporation)

Intel® Driver & Support Assistant (HKLM-x32\...\{f4fb06ec-c4f2-465a-a239-9c8bd6fd7108}) (Version: 19.9.38.6 - Intel)

LatencyMon 6.71 (HKLM\...\LatencyMon_is1) (Version: - Resplendence Software Projects Sp.)

Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)

Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9326.0 - Waves Audio Ltd.) Hidden

Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)

Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 19.152.0801.0008 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)

Mozilla Firefox 68.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 68.0.1 (x64 en-US)) (Version: 68.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 65.0.2 - Mozilla)

Open-Shell (HKLM\...\{FD722BB1-4960-455F-89C6-EFAEB79527EF}) (Version: 4.4.131 - The Open-Shell Team)

Opera Stable 63.0.3368.107 (HKCU\...\Opera 63.0.3368.107) (Version: 63.0.3368.107 - Opera Software)

Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden

Qualcomm 11ac Wireless LAN&Bluetooth Installer (HKLM-x32\...\{E7086B15-806E-4519-A876-DBA9FDDE9A13}) (Version: 11.0.0.10454 - Qualcomm)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31231 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8339 - Realtek Semiconductor Corp.)

Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)

Skype version 8.41 (HKLM-x32\...\Skype_is1) (Version: 8.41 - Skype Technologies S.A.)

Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)

SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1264 - SUPERAntiSpyware.com)

Update for Skype for Business 2016 (KB3127939) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{0E31A60F-4066-4FD8-AB36-4119E0FED3D9}) (Version: - Microsoft)

Update for Skype for Business 2016 (KB3127939) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{0E31A60F-4066-4FD8-AB36-4119E0FED3D9}) (Version: - Microsoft)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{16AD6161-2E47-4BF1-AA77-0946EFE93E08}) (Version: 2.61.0.0 - Microsoft Corporation)

UpdateAssistant (HKLM\...\{52C1DD03-104E-4AC6-9DC6-21D585721ED1}) (Version: 1.19.0.0 - Microsoft Corporation) Hidden

VLC media player (HKLM\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)

VSDC Free Video Editor version 6.3.1.939 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.3.1.939 - Flash-Integro LLC)

Vulkan Run Time Libraries 1.0.68.0 (HKLM\...\VulkanRT1.0.68.0) (Version: 1.0.68.0 - LunarG, Inc.) Hidden

Vulkan Run Time Libraries 1.0.68.0 (HKLM\...\VulkanRT1.0.68.0-2) (Version: 1.0.68.0 - LunarG, Inc.) Hidden

Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22514 - Microsoft Corporation)

WinRAR 5.70 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.70.0 - win.rar GmbH)

WordWeb (HKLM-x32\...\WordWeb) (Version: 8 - WordWeb Software)

YTD Video Downloader 5.9.13 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 5.9.13 - GreenTree Applications SRL)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 69%

Total physical RAM: 3961.07 MB

Available physical RAM: 1204.43 MB

Total Virtual: 16249.07 MB

Available Virtual: 12309.32 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:100 GB) (Free:40.55 GB) NTFS

2 Drive d: () (Fixed) (Total:272 GB) (Free:237.8 GB) NTFS

3 Drive e: () (Fixed) (Total:272 GB) (Free:271.53 GB) NTFS

4 Drive f: () (Fixed) (Total:272.88 GB) (Free:265.96 GB) NTFS

========================= Users: ========================================

User accounts for \\DAVIDDELL2

Administrator David Jackson DefaultAccount

defaultuser0 Guest WDAGUtilityAccount

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

06-10-2019 13:16:39 O&O ShutUp10

**** End of log ****

#55
RKinner

Posted 07 October 2019 - 01:57 PM

Malware Expert

Expert
24,625 posts

Go back into Task Scheduler and see if the three tasks in Microsoft/Windows/Application Experience have gotten turned back on. If they have try Deleting them instead of Disabling.

#56
daba

Posted 07 October 2019 - 01:59 PM

Member

Topic Starter
Member
367 posts

Deleted.

#57
RKinner

Posted 07 October 2019 - 02:13 PM

Malware Expert

Expert
24,625 posts

Reboot and let's see what Latency Mon says about the page faults.

#58
daba

Posted 07 October 2019 - 02:28 PM

Member

Topic Starter
Member
367 posts

Thank you.

#59
RKinner

Posted 07 October 2019 - 02:40 PM

Malware Expert

Expert
24,625 posts

Looks like it came back. Did you reboot after deleting the tasks? Look and see if they came back.

#60
daba

Posted 07 October 2019 - 02:43 PM

Member

Topic Starter
Member
367 posts

Yes I did. They are not back. Don't know what you mean by 'it came back.' Sorry.

Page 4 of 10
2
3
4
5
6

Back to Virus, Spyware, Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: infection, antivirus de-activated

Security → Virus, Spyware, Malware Removal → Is My PC Infected? [Solved] Started by siroynthe , 09 Apr 2021 infection, virus, trojan, rat and 1 more...	2 replies 4,400 views	DR M 12 Apr 2021
Security → Virus, Spyware, Malware Removal → Diskdriver and Win64Coinminer.CZ infection Started by promithius , 31 May 2018 coinminer, diskdriver, virus and 2 more... 1 2 3 4	Hot 45 replies 17,715 views	promithius 17 Jun 2018
Security → Virus, Spyware, Malware Removal → jsecoin infection Chrome Started by blondie53185 , 20 Feb 2018 malware, bitcoin, jsecoin, chrome and 1 more... 1 2 3	Hot 30 replies 11,040 views	RKinner 02 Mar 2018
Security → Virus, Spyware, Malware Removal → Multiple Infections - Overall slowness and running poorly [Closed] Started by GreenGal , 08 Oct 2017 virus, infection, slowness and 1 more... 1 2	Hot 16 replies 9,107 views	LiquidTension 03 Nov 2017
Security → Virus, Spyware, Malware Removal → I think that my computer has been hi-jacked and infected-and no AV pro Started by randyyassine , 01 Jul 2017 virus, trojan, malware, backdoor and 6 more...	1 reply 5,708 views	randyyassine 02 Jul 2017