Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Problem with StartupCheckLibrary.dll

Started by Rodger899 , Apr 19 2020 08:12 AM
Virus startupcheck.dll

  • Please log in to reply

#1
Rodger899
Posted 19 April 2020 - 08:12 AM

Rodger899

    Member

  • Member
  • PipPip
  • 72 posts

Hi

 

My sons computer had a virus which deleted his Eset .exe file. I had to do an online scan from Eset's website which removed two viruses (I can't remember their name unfortunately). I then uninstalled Eset Internet Security and reinstalled it. I now have the above error and can't get rid of it. I have checked the quarantined file section on Eset and don't see this file in quarantine.

 

Please could someone assist. I am pasting the info below from  the Farber Recovery Scan as advised.

 

Thanks

Rodger

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2020
Ran by user (administrator) on DESKTOP-8TKIUA7 (19-04-2020 15:59:01)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: defaultuser0 & user)
Platform: Windows 10 Pro Version 1903 18362.592 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Electronic Arts, Inc. -> ) C:\Program Files (x86)\Origin\QtWebEngineProcess.exe <2>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <16>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.1725.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.1725.0_x64__8j3eq9eme6ctt\IGCC.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_080d478a80aafa87\IntelCpHDCPSvc.exe
(Intel® Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12001.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8838400 2016-06-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [185648 2020-04-02] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [237416 2020-03-03] (IDSA Production signing key -> Intel)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-772020480-3986485932-2889396054-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3140368 2020-04-16] (Electronic Arts, Inc. -> Electronic Arts)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-12] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14D39AD2-DA1D-45D5-A117-A0D647249788} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1F00CA0F-C6D3-4298-8B68-DD28A9A89616} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-10-11] (Google Inc -> Google Inc.)
Task: {239B28C2-B9BD-4189-8DC2-A580F6165F87} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {253FF3C5-8AD0-4B05-ADA9-4381904BFDC1} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel® Software Development Products -> Intel Corporation)
Task: {3E57B5FB-DD1A-4D15-A4EB-996E2560577A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4FEB371B-7029-4261-86B6-627E12C1FC3C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5380DA36-00F9-470D-859E-D3D925A94D5E} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {54DE27A5-62B9-47DF-8659-E1F53EDF503B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {5FB4A3DD-D0D1-483C-B5A1-28F45A3498DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-10-11] (Google Inc -> Google Inc.)
Task: {636D69BC-91E8-400F-8061-9CF07CD7225A} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {72627485-5A40-4C2B-9D32-BF198518BC06} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7591FC7F-153A-472F-A03F-AF4117BCB180} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {776848C4-4DBF-4D27-A093-9523B42598E8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8AAA0C78-18B9-4CC6-BF2E-977486AE874D} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8CBF717A-C01B-41EA-A1B2-DB15532BC663} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8EC0056E-0F91-43F5-A7C1-CE0132D3523F} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\user\Downloads\esetonlinescanner.exe
Task: {8F73A28B-3BFE-4790-BF60-B5EBF11931E3} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\user\Downloads\esetonlinescanner.exe
Task: {A3ED8897-D679-43C4-902C-73A3BA961441} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CAE4E3A8-E588-4CF2-996D-A71ADFB23F52} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CCE28F0F-2A18-4484-93ED-E08F4D34E021} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D5A8725C-08CF-475D-A821-6044523E12D4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D7FB0DF1-2DF3-4D11-83BB-B143185567DF} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel® Software Development Products -> Intel Corporation)
Task: {E20B00FE-46C1-4B18-9EE5-85D0F40B0C7F} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{15aee268-86cd-473d-ace7-592af3c79604}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{646e0a3d-9cee-4e81-9ac9-33257f6fc438}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
 
FireFox:
========
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2020-04-19]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-11]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-11]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-11]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-11]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-11]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-13]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [37224 2020-03-03] (IDSA Production signing key -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [143720 2020-03-03] (IDSA Production signing key -> Intel)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2358784 2020-04-02] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2358784 2020-04-02] (ESET, spol. s r.o. -> ESET)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [877368 2019-08-16] (Intel® Software Development Products -> )
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel® Software Development Products -> Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2495792 2020-04-16] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3447608 2020-04-16] (Electronic Arts, Inc. -> Electronic Arts)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [204088 2019-08-16] (Intel® Software Development Products -> )
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [877368 2019-08-16] (Intel® Software Development Products -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 wuauserv; C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [45448 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-25] (ASUSTeK Computer Inc. -> )
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [154336 2020-04-02] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [106840 2020-04-02] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15800 2020-04-01] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [188872 2020-04-02] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [53048 2020-04-02] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [79520 2020-04-02] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [115960 2020-04-02] (ESET, spol. s r.o. -> ESET)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_71164464ccd46ae5\nvlddmkm.sys [22738296 2019-10-23] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-12-07] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-08-23] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [662528 2019-03-19] (Microsoft Windows -> Realtek )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [8206848 2019-03-19] (Microsoft Windows -> Realtek Semiconductor Corporation )
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [41816 2019-08-16] (Intel Corporation -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2020-01-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2020-01-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-01-13] (Microsoft Windows -> Microsoft Corporation)
S3 efavdrv; \??\C:\WINDOWS\system32\drivers\efavdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-04-19 15:59 - 2020-04-19 15:59 - 000018311 _____ C:\Users\user\Desktop\FRST.txt
2020-04-19 15:58 - 2020-04-19 15:59 - 000000000 ____D C:\FRST
2020-04-19 15:57 - 2020-04-19 15:57 - 002281984 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2020-04-19 15:38 - 2020-04-19 15:38 - 000000000 ___HD C:\OneDriveTemp
2020-04-19 14:32 - 2020-04-19 14:32 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-04-19 14:30 - 2020-04-19 14:30 - 000000067 _____ C:\Users\user\Desktop\website to fix wuaus.txt
2020-04-19 13:47 - 2020-04-19 13:47 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2020-04-15 14:55 - 2020-04-15 14:55 - 000002016 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2020-04-15 14:55 - 2020-04-15 14:55 - 000002016 _____ C:\ProgramData\Desktop\ESET Banking & Payment protection.lnk
2020-04-15 14:37 - 2020-04-15 14:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2020-04-15 14:37 - 2020-04-15 14:37 - 000000000 ____D C:\Program Files\ESET
2020-04-15 14:24 - 2020-04-15 14:26 - 000902240 _____ (ESET) C:\Users\user\Downloads\esetuninstaller.exe
2020-04-15 13:08 - 2020-04-19 14:40 - 000596036 _____ C:\WINDOWS\ntbtlog.txt
2020-04-15 13:00 - 2020-04-15 13:00 - 000170280 _____ (ESET) C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys
2020-04-15 13:00 - 2020-04-15 13:00 - 000168256 _____ (ESET) C:\WINDOWS\system32\Drivers\ESETMebrootCleaner.sys
2020-04-14 19:57 - 2020-04-14 19:57 - 000003800 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-04-14 19:57 - 2020-04-14 19:57 - 000003358 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-04-14 18:59 - 2020-04-14 18:59 - 000000649 _____ C:\Users\user\Desktop\ESET Online Scanner.lnk
2020-04-14 18:58 - 2020-04-14 18:58 - 000000748 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2020-04-14 17:47 - 2020-04-14 17:50 - 056521824 _____ (ESET) C:\Users\user\Downloads\eis_nt64.exe
2020-04-13 08:44 - 2020-04-13 08:44 - 000000000 ____D C:\Users\Default\AppData\Local\D3DSCache
2020-04-13 08:44 - 2020-04-13 08:44 - 000000000 ____D C:\Users\Default User\AppData\Local\D3DSCache
2020-04-02 13:43 - 2020-04-02 13:43 - 000188872 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2020-04-02 13:43 - 2020-04-02 13:43 - 000154336 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2020-04-02 13:43 - 2020-04-02 13:43 - 000115960 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2020-04-02 13:43 - 2020-04-02 13:43 - 000106840 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2020-04-02 13:43 - 2020-04-02 13:43 - 000079520 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys
2020-04-02 13:43 - 2020-04-02 13:43 - 000053048 _____ (ESET) C:\WINDOWS\system32\Drivers\ekbdflt.sys
2020-04-01 15:27 - 2020-04-01 15:27 - 000015800 _____ (ESET) C:\WINDOWS\system32\Drivers\eelam.sys
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-04-19 16:00 - 2019-10-11 16:36 - 000000000 ____D C:\Users\user\AppData\Roaming\Origin
2020-04-19 15:40 - 2019-10-10 00:23 - 000000000 ____D C:\ProgramData\NVIDIA
2020-04-19 15:39 - 2019-10-11 16:59 - 000000000 ____D C:\Program Files (x86)\Origin Games
2020-04-19 15:39 - 2019-10-11 16:36 - 000000000 ____D C:\ProgramData\Origin
2020-04-19 15:38 - 2019-10-11 16:36 - 000000000 ____D C:\Users\user\AppData\Local\Origin
2020-04-19 15:38 - 2019-10-10 15:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-19 15:38 - 2019-10-09 14:59 - 000000000 ___RD C:\Users\user\OneDrive
2020-04-19 15:38 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-19 15:37 - 2019-10-10 15:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-19 15:37 - 2019-03-19 06:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-04-19 13:51 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\USOPrivate
2020-04-17 20:28 - 2019-10-14 14:48 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2020-04-17 07:29 - 2019-10-10 15:52 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-772020480-3986485932-2889396054-1001
2020-04-17 07:29 - 2019-10-10 15:43 - 000002360 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-16 14:08 - 2019-10-11 16:55 - 000000000 ____D C:\Program Files (x86)\Origin
2020-04-15 18:12 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\catroot2.old
2020-04-15 14:37 - 2019-10-11 15:39 - 000000000 ____D C:\ProgramData\ESET
2020-04-15 14:37 - 2019-03-19 06:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-04-15 14:37 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2020-04-15 12:38 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-04-14 19:18 - 2020-01-27 12:46 - 000000000 ____D C:\Program Files (x86)\LEGO Jurassic World
2020-04-14 18:58 - 2019-10-11 15:39 - 000000000 ____D C:\Users\user\AppData\Local\ESET
2020-04-12 20:13 - 2019-10-10 15:06 - 000000000 ____D C:\Users\user\AppData\Local\PlaceholderTileLogoFolder
2020-04-12 17:59 - 2019-10-11 08:59 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-12 17:59 - 2019-10-11 08:59 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-12 17:59 - 2019-10-11 08:59 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-03-25 08:56 - 2019-10-11 08:59 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-25 08:56 - 2019-10-11 08:59 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-24 12:55 - 2019-10-11 15:54 - 000000000 ____D C:\Users\user\AppData\Local\NVIDIA Corporation
2020-03-24 12:10 - 2019-10-11 15:54 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000001443 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2020-03-24 12:10 - 2019-10-11 15:54 - 000001443 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2020-03-24 12:10 - 2019-10-10 00:23 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-03-24 12:10 - 2019-10-10 00:22 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-03-24 12:10 - 2019-10-10 00:22 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
 
==================== Files in the root of some directories ========
 
2019-10-11 16:56 - 2019-10-11 16:56 - 000000017 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2020
Ran by user (19-04-2020 16:00:20)
Running from C:\Users\user\Desktop
Windows 10 Pro Version 1903 18362.592 (X64) (2019-10-10 13:53:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-772020480-3986485932-2889396054-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-772020480-3986485932-2889396054-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-772020480-3986485932-2889396054-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-772020480-3986485932-2889396054-501 - Limited - Disabled)
user (S-1-5-21-772020480-3986485932-2889396054-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-772020480-3986485932-2889396054-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B066057A-E576-007C-D591-56C163D3B33B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.04) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
ESET Security (HKLM\...\{0C3F76CB-98AA-49B1-9B72-CD040E3E17E8}) (Version: 13.1.21.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.163 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel Driver && Support Assistant (HKLM-x32\...\{4DF3098D-2A9A-46DF-8B8C-9DD31D319739}) (Version: 20.2.9.6 - Intel) Hidden
Intel® Computing Improvement Program (HKLM\...\{A9133872-C9FE-45CC-8F01-D1947B0F09EA}) (Version: 2.4.04755 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7212 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{a2f234ef-6c54-4ad2-a401-107bcbdfdef2}) (Version: 20.2.9.6 - Intel)
Jurassic World Evolution (HKLM-x32\...\Jurassic World Evolution_is1) (Version:  - )
K-Lite Codec Pack 9.7.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.7.5 - )
LEGO Jurassic World (HKLM-x32\...\TEVHT0p1cmFzc2ljV29ybGQ=_is1) (Version: 1 - )
Microsoft OneDrive (HKU\S-1-5-21-772020480-3986485932-2889396054-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.2.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.2.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 441.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 441.08 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OpenOffice 4.1.7 (HKLM-x32\...\{A09D951F-4BA3-4383-97B3-D1B91835E779}) (Version: 4.17.9800 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.67.39484 - Electronic Arts, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7841 - Realtek Semiconductor Corp.)
Rise of Nations Extended Edition (HKLM-x32\...\Rise of Nations Extended Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.13646 - Electronic Arts)
The Sims 4 Seasons (HKLM\...\The Sims 4 Seasons_is1) (Version: 1.46.18.1020 - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F49D6A65-1AB6-4728-9FDA-DB5BAB631CF6}) (Version: 1.23.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
 
Packages:
=========
ASTRONEER -> C:\Program Files\WindowsApps\SystemEraSoftworks.29415440E1269_1.8.64.0_x64__ftk5pbg2rayv2 [2019-12-30] (System Era Softworks)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-08] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.4.7.0_x86__kgqvnymyfvs32 [2020-01-13] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.154.400.0_x86__kgqvnymyfvs32 [2019-12-10] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.8.0.1_neutral__6e5tt8cgb93ep [2019-11-23] (Canon Inc.)
Despicable Me: Minion Rush -> C:\Program Files\WindowsApps\GAMELOFTSA.DespicableMeMinionRush_4.1.4.1_x86__0pp20fcewvvtj [2019-12-14] (GAMELOFT  SA)
Dig Out! -> C:\Program Files\WindowsApps\XIMADINC.DigOut_1.8.3.0_x64__np8fj6akx2czy [2019-12-14] (ZiMAD) [MS Ad]
Dragon City -> C:\Program Files\WindowsApps\SocialPoint.DragonCityMobile_9.9.3.0_x86__jahftqv9k5jer [2020-01-18] (Social Point)
Fallout Shelter -> C:\Program Files\WindowsApps\BethesdaSoftworks.FalloutShelter_1.13.156.2_x64__3275kfvn8vcwc [2019-11-24] (Bethesda Softworks)
Idle Farming -> C:\Program Files\WindowsApps\40091MagicWorldMinionsGam.IdleFarming_2.1.0.0_x64__gn4pwfy1ssrwp [2019-11-23] (Magic World Minions Games) [MS Ad]
Idle Miner Empire -> C:\Program Files\WindowsApps\15609SniperStrikeFPSShoot.IdleMinerEmpire_2.5.0.0_x64__9cjb9ckgksp78 [2019-11-23] (Sniper Strike FPS Shooting) [MS Ad]
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.1725.0_x64__8j3eq9eme6ctt [2019-10-13] (INTEL CORP) [Startup Task]
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.5.2.1_x86__h6adky7gbf63m [2020-01-18] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-10] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-11] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-30] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2019-10-13] (NVIDIA Corp.)
Star War Run -> C:\Program Files\WindowsApps\28627PremiumFreeEpisodeGa.StarWarRun_2.5.0.0_x64__haf3134me8dd2 [2019-11-23] (Premium Free Episode Games PC Ltd.) [MS Ad]
The Tribez & Castlez -> C:\Program Files\WindowsApps\0EB8BD08.TheTribezCastlez_2.5.46.0_x86__erk4rrwmt7jyt [2019-12-14] (GAME INSIGHT GLOBAL LIMITED)
WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2019-10-09] (WinZip Computing)
World of Tanks Blitz -> C:\Program Files\WindowsApps\7458BE2C.WorldofTanksBlitz_6.7.188.0_x64__x4tje2y229k00 [2020-01-18] (Wargaming Group Limited)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-772020480-3986485932-2889396054-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-02] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-02] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-10-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-02] (ESET, spol. s r.o. -> ESET)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2019-10-11 16:55 - 2020-04-16 14:07 - 000015360 _____ () [File not signed] C:\Program Files (x86)\Origin\libEGL.DLL
2019-10-11 16:55 - 2020-04-16 14:07 - 003090944 _____ () [File not signed] C:\Program Files (x86)\Origin\libGLESv2.dll
2019-10-13 13:40 - 2019-10-13 13:46 - 001322496 _____ () [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.1725.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\e_sqlite3.DLL
2019-10-13 13:40 - 2019-10-13 13:46 - 001322496 _____ () [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.1725.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\x64\e_sqlite3.dll
2019-10-13 13:40 - 2019-10-13 13:46 - 040914432 _____ (Intel) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.1725.0_x64__8j3eq9eme6ctt\IGCC.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000002560 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Origin\icudt58.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 001252864 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Origin\icuuc58.dll
2019-10-11 16:55 - 2020-04-16 14:07 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2019-10-11 16:55 - 2020-04-16 14:07 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qgif.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000032768 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qico.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000256512 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qtga.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000305152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2019-10-11 16:55 - 2020-04-16 14:07 - 000278016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\mediaservice\dsengine.dll
2019-10-11 16:55 - 2020-04-16 14:07 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000709120 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Multimedia.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000207360 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Positioning.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000310272 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5PrintSupport.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 003513344 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Qml.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 003390976 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Quick.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000068096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5QuickWidgets.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000045568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5TextToSpeech.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000116224 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebChannel.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 054071296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebEngineCore.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000211456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebEngineWidgets.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 13:47 - 2016-07-16 13:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-772020480-3986485932-2889396054-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7179BBBB-BEA4-4403-9CF8-0E14F1387FB0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7E9BDEDC-C50E-438A-9B73-A134195A06CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{234B3848-AF6D-43D9-BC48-5CA74DEA1C40}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe (Kalloc Studios, Inc. -> Kalloc Studios) [File not signed]
FirewallRules: [{2B1698EE-63E1-42AF-8336-EBF39024CB25}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe (Kalloc Studios, Inc. -> Kalloc Studios) [File not signed]
FirewallRules: [{5F04F6F1-0D93-4A08-88C8-6FFF92B6F7C0}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{B5A8DA49-FDAB-4906-9E56-0CE396B4EFC5}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{E477A2FC-AA34-4A3C-A464-2E2062DDBC85}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{868C4D8D-E5BB-4E28-B354-209728098E18}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{9C0B98B3-8414-4B08-963F-CC10F2D39C1A}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{892AF7BB-EBF1-4397-A160-DDEAC2A7ED03}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{953138D4-1F44-40AC-AA06-63D29C902D9E}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{529FCEE7-A74B-4B59-9B39-68713AAAC04F}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [TCP Query User{B7398DFE-5DDD-4916-8BBA-A26C1E836D89}C:\games\the sims 4 seasons\game\bin\ts4_x64.exe] => (Block) C:\games\the sims 4 seasons\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{C08F5384-EC30-4220-A5CA-DD348FCF1F50}C:\games\the sims 4 seasons\game\bin\ts4_x64.exe] => (Block) C:\games\the sims 4 seasons\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{CE923BD9-8107-4BA0-A82A-A5248C19C2E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{52800C33-9C88-4CF7-BFE5-008E98C2F1D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C59F3220-AE4A-4B6D-B6C3-60FD61B69FF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B7B0E92B-E229-4284-A4C8-28476BE2E3CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{25C5E771-5CF1-4ADA-94A5-F3272FFF5747}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5C835402-197B-4A0E-9704-0A24A2CFDBA3}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{9F8CCD50-4833-4158-8EFF-6C9BAC8F38B6}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{2D8CD376-80A5-43E6-99BB-FF7C7B9763B3}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{2370E4D7-E22A-4450-B6CC-774D8DFD7EC4}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
 
==================== Restore Points =========================
 
06-04-2020 15:36:25 Scheduled Checkpoint
18-04-2020 08:31:30 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/19/2020 03:53:25 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (5484,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
 
Error: (04/19/2020 03:42:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialise the Catalogue Database. The ESENT error was: -1023.
 
Error: (04/19/2020 03:42:32 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database (10168,R,98) Catalog Database: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\CatRoot2\edb.log.
 
Error: (04/19/2020 03:42:31 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialise the Catalogue Database. The ESENT error was: -1023.
 
Error: (04/19/2020 03:42:31 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database (10168,R,98) Catalog Database: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\CatRoot2\edb.log.
 
Error: (04/19/2020 03:40:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: The Cryptographic Services service failed to initialise the Catalogue Database. The ESENT error was: -1023.
 
Error: (04/19/2020 03:40:32 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Catalog Database (10168,R,98) Catalog Database: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\CatRoot2\edb.log.
 
Error: (04/19/2020 03:40:30 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x800705B4
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
System errors:
=============
Error: (04/19/2020 04:00:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (04/19/2020 04:00:26 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (04/19/2020 03:58:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (04/19/2020 03:58:26 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8TKIUA7)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (04/19/2020 03:56:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (04/19/2020 03:56:26 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (04/19/2020 03:54:26 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (04/19/2020 03:54:26 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
 
Windows Defender:
===================================
Date: 2020-01-26 11:45:18.691
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {89A770B8-F897-41D6-9B90-02A37E1C5CEC}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-02-07 14:02:07.686
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode 
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
 
Date: 2020-02-04 12:24:30.835
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.307.3222.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2020-02-04 12:24:30.835
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.307.3222.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2020-02-04 12:24:30.834
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.307.3222.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2020-02-04 12:24:30.825
Description: 
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.307.3222.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16600.7
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
CodeIntegrity:
===================================
 
Date: 2020-04-19 15:42:32.208
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-04-19 15:42:32.193
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-04-19 15:40:59.730
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-04-19 14:39:05.406
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-04-19 13:53:13.816
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-04-19 13:53:13.807
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-04-19 13:51:14.793
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-04-19 13:42:30.120
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 3805 05/16/2018
Motherboard: ASUSTeK COMPUTER INC. B150M-K
Processor: Intel® Core™ i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 49%
Total physical RAM: 8119.32 MB
Available physical RAM: 4077.46 MB
Total Virtual: 13495.32 MB
Available Virtual: 8351.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.14 GB) (Free:739.74 GB) NTFS
 
\\?\Volume{fb8676c7-c800-4b33-8bb2-72493272ac68}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{95fa06f5-6380-4c24-9fc0-c8e32f8afa8f}\ () (Fixed) (Total:0.82 GB) (Free:0.37 GB) NTFS
\\?\Volume{d1fb4a23-be45-438b-8457-6895c90e7bb7}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F188F6A9)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

 


  • 0

Advertisements

#2
RKinner
Posted 19 April 2020 - 09:12 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   2.36KB   234 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.


 


  • 0

#3
Rodger899
Posted 20 April 2020 - 06:25 AM

Rodger899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

This is great thank you. I have done as requested and below are the logs:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-04-2020
Ran by user (20-04-2020 14:13:30) Run:1
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: defaultuser0 & user)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Task: {636D69BC-91E8-400F-8061-9CF07CD7225A} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer
CMD: mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database
Unlock: C:\WINDOWS\system32\CatRoot2\edb.log
File: C:\WINDOWS\system32\CatRoot2\edb.log
Unlock: C:\Windows\system32\wuaueng.dll
File: C:\Windows\system32\wuaueng.dll
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:
 
 
*****************
 
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{636D69BC-91E8-400F-8061-9CF07CD7225A}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{636D69BC-91E8-400F-8061-9CF07CD7225A}" => removed successfully
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\StartupCheckLibrary" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
 
========= mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer =========
 
 
========= End of CMD: =========
 
 
========= mkdir C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database =========
 
 
========= End of CMD: =========
 
"C:\WINDOWS\system32\CatRoot2\edb.log" => not found
 
========================= File: C:\WINDOWS\system32\CatRoot2\edb.log ========================
 
"C:\WINDOWS\system32\CatRoot2\edb.log" => not found
====== End of File: ======
 
"C:\Windows\system32\wuaueng.dll" => was unlocked
 
========================= File: C:\Windows\system32\wuaueng.dll ========================
 
C:\Windows\system32\wuaueng.dll
Catalog: C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0412~31bf3856ad364e35~amd64~~10.0.18362.535.cat
File is digitally signed
MD5: 19834D8A1275417E0E9796DFFFBD89FC
Creation and modification date: 2019-11-13 23:58 - 2019-11-13 23:58
Size: 003105792
Attributes: ----A
Company Name: Microsoft Windows -> Microsoft Corporation
Internal Name: wuaueng.dll
Original Name: wuaueng.dll
Product: Microsoft® Windows® Operating System
Description: Windows Update Agent
File Version: 10.0.18362.449 (WinBuild.160101.0800)
Product Version: 10.0.18362.449
Copyright: © Microsoft Corporation. All rights reserved.
 
====== End of File: ======
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Failed to clear log Intel-SST-CFD-HDA/IntelSST.
The instance name passed was not recognized as valid by a WMI data provider.
Failed to clear log Microsoft-Windows-LiveId/Analytic.
Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational.
Access is denied.
 
========= End of CMD: =========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 14:14:26 ====
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2020
Ran by user (20-04-2020 14:20:38)
Running from C:\Users\user\Desktop
Windows 10 Pro Version 1903 18362.592 (X64) (2019-10-10 13:53:00)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-772020480-3986485932-2889396054-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-772020480-3986485932-2889396054-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-772020480-3986485932-2889396054-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-772020480-3986485932-2889396054-501 - Limited - Disabled)
user (S-1-5-21-772020480-3986485932-2889396054-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-772020480-3986485932-2889396054-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B066057A-E576-007C-D591-56C163D3B33B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.04) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
Command & Conquer™ Red Alert 2 and Yuri’s Revenge (HKLM-x32\...\{F5275D1C-D133-486D-8F07-D6C571F0A8EC}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
ESET Security (HKLM\...\{0C3F76CB-98AA-49B1-9B72-CD040E3E17E8}) (Version: 13.1.21.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.163 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel Driver && Support Assistant (HKLM-x32\...\{4DF3098D-2A9A-46DF-8B8C-9DD31D319739}) (Version: 20.2.9.6 - Intel) Hidden
Intel® Computing Improvement Program (HKLM\...\{A9133872-C9FE-45CC-8F01-D1947B0F09EA}) (Version: 2.4.04755 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.7212 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{a2f234ef-6c54-4ad2-a401-107bcbdfdef2}) (Version: 20.2.9.6 - Intel)
Jurassic World Evolution (HKLM-x32\...\Jurassic World Evolution_is1) (Version:  - )
K-Lite Codec Pack 9.7.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.7.5 - )
LEGO Jurassic World (HKLM-x32\...\TEVHT0p1cmFzc2ljV29ybGQ=_is1) (Version: 1 - )
Microsoft OneDrive (HKU\S-1-5-21-772020480-3986485932-2889396054-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
NVAPI Monitor plugin for NvContainer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvContainer.NvapiMonitor) (Version: 1.19 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 3.20.2.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.2.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 441.08 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 441.08 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.38.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
OpenOffice 4.1.7 (HKLM-x32\...\{A09D951F-4BA3-4383-97B3-D1B91835E779}) (Version: 4.17.9800 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.67.39484 - Electronic Arts, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7841 - Realtek Semiconductor Corp.)
Rise of Nations Extended Edition (HKLM-x32\...\Rise of Nations Extended Edition_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
STAR WARS™ Battlefront™ II (HKLM-x32\...\{8a882ce0-0c0b-4eb2-850c-28ebadab4f50}) (Version: 1.1.8.13646 - Electronic Arts)
The Sims 4 Seasons (HKLM\...\The Sims 4 Seasons_is1) (Version: 1.46.18.1020 - )
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F49D6A65-1AB6-4728-9FDA-DB5BAB631CF6}) (Version: 1.23.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
WestwoodOnline (HKLM-x32\...\{BBCD6D56-8A26-4DDE-9482-DBC9C7B7341D}) (Version: 1.0.0.0 - WestwoodOnline)
 
Packages:
=========
ASTRONEER -> C:\Program Files\WindowsApps\SystemEraSoftworks.29415440E1269_1.8.64.0_x64__ftk5pbg2rayv2 [2019-12-30] (System Era Softworks)
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-08] (Autodesk Inc.)
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_6.4.7.0_x86__kgqvnymyfvs32 [2020-01-13] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.154.400.0_x86__kgqvnymyfvs32 [2019-12-10] (king.com)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.8.0.1_neutral__6e5tt8cgb93ep [2019-11-23] (Canon Inc.)
Despicable Me: Minion Rush -> C:\Program Files\WindowsApps\GAMELOFTSA.DespicableMeMinionRush_4.1.4.1_x86__0pp20fcewvvtj [2019-12-14] (GAMELOFT  SA)
Dig Out! -> C:\Program Files\WindowsApps\XIMADINC.DigOut_1.8.3.0_x64__np8fj6akx2czy [2019-12-14] (ZiMAD) [MS Ad]
Dragon City -> C:\Program Files\WindowsApps\SocialPoint.DragonCityMobile_9.9.3.0_x86__jahftqv9k5jer [2020-01-18] (Social Point)
Fallout Shelter -> C:\Program Files\WindowsApps\BethesdaSoftworks.FalloutShelter_1.13.156.2_x64__3275kfvn8vcwc [2019-11-24] (Bethesda Softworks)
Idle Farming -> C:\Program Files\WindowsApps\40091MagicWorldMinionsGam.IdleFarming_2.1.0.0_x64__gn4pwfy1ssrwp [2019-11-23] (Magic World Minions Games) [MS Ad]
Idle Miner Empire -> C:\Program Files\WindowsApps\15609SniperStrikeFPSShoot.IdleMinerEmpire_2.5.0.0_x64__9cjb9ckgksp78 [2019-11-23] (Sniper Strike FPS Shooting) [MS Ad]
Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.1725.0_x64__8j3eq9eme6ctt [2019-10-13] (INTEL CORP) [Startup Task]
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_4.5.2.1_x86__h6adky7gbf63m [2020-01-18] (Gameloft.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-10-10] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-10-10] (Microsoft Corporation) [MS Ad]
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.34.20074.0_x64__8wekyb3d8bbwe [2020-01-14] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-11] (Microsoft Studios) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-30] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.956.0_x64__56jybvy8sckqj [2019-10-13] (NVIDIA Corp.)
Star War Run -> C:\Program Files\WindowsApps\28627PremiumFreeEpisodeGa.StarWarRun_2.5.0.0_x64__haf3134me8dd2 [2019-11-23] (Premium Free Episode Games PC Ltd.) [MS Ad]
The Tribez & Castlez -> C:\Program Files\WindowsApps\0EB8BD08.TheTribezCastlez_2.5.46.0_x86__erk4rrwmt7jyt [2019-12-14] (GAME INSIGHT GLOBAL LIMITED)
WinZip Universal -> C:\Program Files\WindowsApps\WinZipComputing.WinZipUniversal_1.5.13516.0_x64__3ykzqggjzj4z0 [2019-10-09] (WinZip Computing)
World of Tanks Blitz -> C:\Program Files\WindowsApps\7458BE2C.WorldofTanksBlitz_6.7.188.0_x64__x4tje2y229k00 [2020-01-18] (Wargaming Group Limited)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-772020480-3986485932-2889396054-1001_Classes\CLSID\{233525e0-5434-46ef-b464-fd7e45e2e145}\localserver32 -> C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (IDSA Production signing key -> Intel)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-02] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-02] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-10-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-02] (ESET, spol. s r.o. -> ESET)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2019-10-11 16:55 - 2020-04-16 14:07 - 000015360 _____ () [File not signed] C:\Program Files (x86)\Origin\libEGL.DLL
2019-10-11 16:55 - 2020-04-16 14:07 - 003090944 _____ () [File not signed] C:\Program Files (x86)\Origin\libGLESv2.dll
2019-10-13 13:40 - 2019-10-13 13:46 - 001322496 _____ () [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.1725.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\e_sqlite3.DLL
2019-10-13 13:40 - 2019-10-13 13:46 - 001322496 _____ () [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.1725.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\x64\e_sqlite3.dll
2019-10-13 13:40 - 2019-10-13 13:46 - 040914432 _____ (Intel) [File not signed] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.1725.0_x64__8j3eq9eme6ctt\IGCC.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000002560 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Origin\icudt58.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 001252864 _____ (The ICU Project) [File not signed] C:\Program Files (x86)\Origin\icuuc58.dll
2019-10-11 16:55 - 2020-04-16 14:07 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\LIBEAY32.dll
2019-10-11 16:55 - 2020-04-16 14:07 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [File not signed] C:\Program Files (x86)\Origin\ssleay32.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000030208 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qgif.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000032768 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qico.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000256512 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000026112 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qtga.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000305152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2019-10-11 16:55 - 2020-04-16 14:07 - 000278016 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\mediaservice\dsengine.dll
2019-10-11 16:55 - 2020-04-16 14:07 - 001611264 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 005487104 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Core.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 005841920 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Gui.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000709120 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Multimedia.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 001179136 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Network.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000207360 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Positioning.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000310272 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5PrintSupport.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 003513344 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Qml.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 003390976 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Quick.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000068096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5QuickWidgets.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000045568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5TextToSpeech.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000116224 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebChannel.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 054071296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebEngineCore.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000211456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebEngineWidgets.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000146432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 005089792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2020-04-16 14:08 - 2020-04-16 14:07 - 000184832 _____ (The Qt Company Ltd) [File not signed] C:\Program Files (x86)\Origin\Qt5Xml.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 13:47 - 2016-07-16 13:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-772020480-3986485932-2889396054-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7179BBBB-BEA4-4403-9CF8-0E14F1387FB0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{7E9BDEDC-C50E-438A-9B73-A134195A06CF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{234B3848-AF6D-43D9-BC48-5CA74DEA1C40}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe (Kalloc Studios, Inc. -> Kalloc Studios) [File not signed]
FirewallRules: [{2B1698EE-63E1-42AF-8336-EBF39024CB25}] => (Allow) C:\Program Files (x86)\Origin Games\Command and Conquer Red Alert II\RA2Launcher.exe (Kalloc Studios, Inc. -> Kalloc Studios) [File not signed]
FirewallRules: [{5F04F6F1-0D93-4A08-88C8-6FFF92B6F7C0}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{B5A8DA49-FDAB-4906-9E56-0CE396B4EFC5}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{E477A2FC-AA34-4A3C-A464-2E2062DDBC85}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{868C4D8D-E5BB-4E28-B354-209728098E18}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{9C0B98B3-8414-4B08-963F-CC10F2D39C1A}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{892AF7BB-EBF1-4397-A160-DDEAC2A7ED03}] => (Block) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{953138D4-1F44-40AC-AA06-63D29C902D9E}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [{529FCEE7-A74B-4B59-9B39-68713AAAC04F}] => (Allow) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe (Intel® Software Development Products -> )
FirewallRules: [TCP Query User{B7398DFE-5DDD-4916-8BBA-A26C1E836D89}C:\games\the sims 4 seasons\game\bin\ts4_x64.exe] => (Block) C:\games\the sims 4 seasons\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{C08F5384-EC30-4220-A5CA-DD348FCF1F50}C:\games\the sims 4 seasons\game\bin\ts4_x64.exe] => (Block) C:\games\the sims 4 seasons\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{CE923BD9-8107-4BA0-A82A-A5248C19C2E7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{52800C33-9C88-4CF7-BFE5-008E98C2F1D9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{C59F3220-AE4A-4B6D-B6C3-60FD61B69FF0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{B7B0E92B-E229-4284-A4C8-28476BE2E3CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{25C5E771-5CF1-4ADA-94A5-F3272FFF5747}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5C835402-197B-4A0E-9704-0A24A2CFDBA3}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{9F8CCD50-4833-4158-8EFF-6C9BAC8F38B6}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii_trial.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{2D8CD376-80A5-43E6-99BB-FF7C7B9763B3}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
FirewallRules: [{2370E4D7-E22A-4450-B6CC-774D8DFD7EC4}] => (Allow) C:\Program Files (x86)\Origin Games\STAR WARS Battlefront II\starwarsbattlefrontii.exe (Electronic Arts, Inc. -> Electronic Arts Inc.)
 
==================== Restore Points =========================
 
06-04-2020 15:36:25 Scheduled Checkpoint
18-04-2020 08:31:30 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/20/2020 02:17:44 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x800705B4
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/20/2020 02:16:43 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x800705B4
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (04/20/2020 02:14:53 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.
 
Error: (04/20/2020 02:14:53 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]
 
 
System errors:
=============
Error: (04/20/2020 02:21:42 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (04/20/2020 02:21:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (04/20/2020 02:19:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (04/20/2020 02:19:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (04/20/2020 02:17:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (04/20/2020 02:17:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (04/20/2020 02:17:41 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (04/20/2020 02:15:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
 
CodeIntegrity:
===================================
 
Date: 2020-04-20 14:19:44.918
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-04-20 14:19:44.910
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-04-20 14:17:46.381
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\eamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. 3805 05/16/2018
Motherboard: ASUSTeK COMPUTER INC. B150M-K
Processor: Intel® Core™ i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 36%
Total physical RAM: 8119.32 MB
Available physical RAM: 5184.28 MB
Total Virtual: 13751.32 MB
Available Virtual: 9680.37 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.14 GB) (Free:738.66 GB) NTFS
 
\\?\Volume{fb8676c7-c800-4b33-8bb2-72493272ac68}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.42 GB) NTFS
\\?\Volume{95fa06f5-6380-4c24-9fc0-c8e32f8afa8f}\ () (Fixed) (Total:0.82 GB) (Free:0.37 GB) NTFS
\\?\Volume{d1fb4a23-be45-438b-8457-6895c90e7bb7}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: F188F6A9)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2020
Ran by user (administrator) on DESKTOP-8TKIUA7 (20-04-2020 14:19:04)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: defaultuser0 & user)
Platform: Windows 10 Pro Version 1903 18362.592 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Electronic Arts, Inc. -> ) C:\Program Files (x86)\Origin\QtWebEngineProcess.exe <3>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(IDSA Production signing key -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.1725.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.1725.0_x64__8j3eq9eme6ctt\IGCC.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_080d478a80aafa87\IntelCpHDCPSvc.exe
(Intel® Software Development Products -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12001.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8838400 2016-06-07] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [185648 2020-04-02] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel Driver & Support Assistant] => C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe [237416 2020-03-03] (IDSA Production signing key -> Intel)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-772020480-3986485932-2889396054-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3140368 2020-04-16] (Electronic Arts, Inc. -> Electronic Arts)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-12] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {14D39AD2-DA1D-45D5-A117-A0D647249788} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1F00CA0F-C6D3-4298-8B68-DD28A9A89616} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-10-11] (Google Inc -> Google Inc.)
Task: {239B28C2-B9BD-4189-8DC2-A580F6165F87} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {253FF3C5-8AD0-4B05-ADA9-4381904BFDC1} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel® Software Development Products -> Intel Corporation)
Task: {3E57B5FB-DD1A-4D15-A4EB-996E2560577A} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4FEB371B-7029-4261-86B6-627E12C1FC3C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5380DA36-00F9-470D-859E-D3D925A94D5E} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {54DE27A5-62B9-47DF-8659-E1F53EDF503B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {5FB4A3DD-D0D1-483C-B5A1-28F45A3498DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-10-11] (Google Inc -> Google Inc.)
Task: {72627485-5A40-4C2B-9D32-BF198518BC06} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7591FC7F-153A-472F-A03F-AF4117BCB180} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {776848C4-4DBF-4D27-A093-9523B42598E8} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8AAA0C78-18B9-4CC6-BF2E-977486AE874D} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8CBF717A-C01B-41EA-A1B2-DB15532BC663} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8EC0056E-0F91-43F5-A7C1-CE0132D3523F} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\user\Downloads\esetonlinescanner.exe
Task: {8F73A28B-3BFE-4790-BF60-B5EBF11931E3} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\user\Downloads\esetonlinescanner.exe
Task: {A3ED8897-D679-43C4-902C-73A3BA961441} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CAE4E3A8-E588-4CF2-996D-A71ADFB23F52} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CCE28F0F-2A18-4484-93ED-E08F4D34E021} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D5A8725C-08CF-475D-A821-6044523E12D4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MpCmdRun.exe [469648 2020-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D7FB0DF1-2DF3-4D11-83BB-B143185567DF} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel® Software Development Products -> Intel Corporation)
Task: {E20B00FE-46C1-4B18-9EE5-85D0F40B0C7F} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{15aee268-86cd-473d-ace7-592af3c79604}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{646e0a3d-9cee-4e81-9ac9-33257f6fc438}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
 
FireFox:
========
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2020-04-20]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-10-11]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-10-11]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-10-11]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-11]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-10-11]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-13]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [37224 2020-03-03] (IDSA Production signing key -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [143720 2020-03-03] (IDSA Production signing key -> Intel)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2358784 2020-04-02] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2358784 2020-04-02] (ESET, spol. s r.o. -> ESET)
S3 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [877368 2019-08-16] (Intel® Software Development Products -> )
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18744 2019-04-15] (Intel® Software Development Products -> Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2495792 2020-04-16] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3447608 2020-04-16] (Electronic Arts, Inc. -> Electronic Arts)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [204088 2019-08-16] (Intel® Software Development Products -> )
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [877368 2019-08-16] (Intel® Software Development Products -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 wuauserv; C:\WINDOWS\system32\svchost.exe [53744 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S2 wuauserv; C:\WINDOWS\SysWOW64\svchost.exe [45448 2019-03-19] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-25] (ASUSTeK Computer Inc. -> )
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [154336 2020-04-02] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [106840 2020-04-02] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [15800 2020-04-01] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [188872 2020-04-02] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [53048 2020-04-02] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [79520 2020-04-02] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [115960 2020-04-02] (ESET, spol. s r.o. -> ESET)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_71164464ccd46ae5\nvlddmkm.sys [22738296 2019-10-23] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-12-07] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-04-17] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [75600 2019-08-23] (NVIDIA Corporation -> NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [662528 2019-03-19] (Microsoft Windows -> Realtek )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [8206848 2019-03-19] (Microsoft Windows -> Realtek Semiconductor Corporation )
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [41816 2019-08-16] (Intel Corporation -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45664 2020-01-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [355760 2020-01-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-01-13] (Microsoft Windows -> Microsoft Corporation)
S3 efavdrv; \??\C:\WINDOWS\system32\drivers\efavdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-04-20 14:16 - 2020-04-20 14:16 - 000000000 ___HD C:\OneDriveTemp
2020-04-20 14:13 - 2020-04-20 14:14 - 000004805 _____ C:\Users\user\Desktop\Fixlog.txt
2020-04-19 16:00 - 2020-04-19 16:01 - 000033414 _____ C:\Users\user\Desktop\Addition.txt
2020-04-19 15:59 - 2020-04-20 14:20 - 000017942 _____ C:\Users\user\Desktop\FRST.txt
2020-04-19 15:58 - 2020-04-20 14:19 - 000000000 ____D C:\FRST
2020-04-19 15:57 - 2020-04-19 15:57 - 002281984 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2020-04-19 14:32 - 2020-04-19 14:32 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-04-19 14:30 - 2020-04-19 14:30 - 000000067 _____ C:\Users\user\Desktop\website to fix wuaus.txt
2020-04-19 13:47 - 2020-04-19 13:47 - 000000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2020-04-15 14:55 - 2020-04-15 14:55 - 000002016 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2020-04-15 14:55 - 2020-04-15 14:55 - 000002016 _____ C:\ProgramData\Desktop\ESET Banking & Payment protection.lnk
2020-04-15 14:37 - 2020-04-15 14:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2020-04-15 14:37 - 2020-04-15 14:37 - 000000000 ____D C:\Program Files\ESET
2020-04-15 14:24 - 2020-04-15 14:26 - 000902240 _____ (ESET) C:\Users\user\Downloads\esetuninstaller.exe
2020-04-15 13:08 - 2020-04-19 14:40 - 000596036 _____ C:\WINDOWS\ntbtlog.txt
2020-04-15 13:00 - 2020-04-15 13:00 - 000170280 _____ (ESET) C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys
2020-04-15 13:00 - 2020-04-15 13:00 - 000168256 _____ (ESET) C:\WINDOWS\system32\Drivers\ESETMebrootCleaner.sys
2020-04-14 19:57 - 2020-04-14 19:57 - 000003800 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2020-04-14 19:57 - 2020-04-14 19:57 - 000003358 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2020-04-14 18:59 - 2020-04-14 18:59 - 000000649 _____ C:\Users\user\Desktop\ESET Online Scanner.lnk
2020-04-14 18:58 - 2020-04-14 18:58 - 000000748 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2020-04-14 17:47 - 2020-04-14 17:50 - 056521824 _____ (ESET) C:\Users\user\Downloads\eis_nt64.exe
2020-04-13 08:44 - 2020-04-13 08:44 - 000000000 ____D C:\Users\Default\AppData\Local\D3DSCache
2020-04-13 08:44 - 2020-04-13 08:44 - 000000000 ____D C:\Users\Default User\AppData\Local\D3DSCache
2020-04-02 13:43 - 2020-04-02 13:43 - 000188872 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2020-04-02 13:43 - 2020-04-02 13:43 - 000154336 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2020-04-02 13:43 - 2020-04-02 13:43 - 000115960 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2020-04-02 13:43 - 2020-04-02 13:43 - 000106840 _____ (ESET) C:\WINDOWS\system32\Drivers\edevmon.sys
2020-04-02 13:43 - 2020-04-02 13:43 - 000079520 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys
2020-04-02 13:43 - 2020-04-02 13:43 - 000053048 _____ (ESET) C:\WINDOWS\system32\Drivers\ekbdflt.sys
2020-04-01 15:27 - 2020-04-01 15:27 - 000015800 _____ (ESET) C:\WINDOWS\system32\Drivers\eelam.sys
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-04-20 14:20 - 2019-10-11 16:36 - 000000000 ____D C:\Users\user\AppData\Roaming\Origin
2020-04-20 14:18 - 2019-10-11 16:59 - 000000000 ____D C:\Program Files (x86)\Origin Games
2020-04-20 14:18 - 2019-10-11 16:36 - 000000000 ____D C:\ProgramData\Origin
2020-04-20 14:17 - 2019-10-11 16:36 - 000000000 ____D C:\Users\user\AppData\Local\Origin
2020-04-20 14:17 - 2019-10-10 00:23 - 000000000 ____D C:\ProgramData\NVIDIA
2020-04-20 14:16 - 2019-10-09 14:59 - 000000000 ___RD C:\Users\user\OneDrive
2020-04-20 14:15 - 2019-10-10 15:52 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-04-20 14:15 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-20 14:15 - 2019-03-19 06:37 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-04-20 14:07 - 2019-10-11 16:57 - 000000000 ____D C:\Users\user\AppData\Local\D3DSCache
2020-04-19 15:37 - 2019-10-10 15:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-04-19 13:51 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\USOPrivate
2020-04-17 20:28 - 2019-10-14 14:48 - 000000000 ____D C:\Users\user\AppData\Local\CrashDumps
2020-04-17 07:29 - 2019-10-10 15:52 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-772020480-3986485932-2889396054-1001
2020-04-17 07:29 - 2019-10-10 15:43 - 000002360 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-16 14:08 - 2019-10-11 16:55 - 000000000 ____D C:\Program Files (x86)\Origin
2020-04-15 18:12 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\catroot2.old
2020-04-15 14:37 - 2019-10-11 15:39 - 000000000 ____D C:\ProgramData\ESET
2020-04-15 14:37 - 2019-03-19 06:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-04-15 14:37 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2020-04-15 12:38 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2020-04-14 19:18 - 2020-01-27 12:46 - 000000000 ____D C:\Program Files (x86)\LEGO Jurassic World
2020-04-14 18:58 - 2019-10-11 15:39 - 000000000 ____D C:\Users\user\AppData\Local\ESET
2020-04-12 20:13 - 2019-10-10 15:06 - 000000000 ____D C:\Users\user\AppData\Local\PlaceholderTileLogoFolder
2020-04-12 17:59 - 2019-10-11 08:59 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-12 17:59 - 2019-10-11 08:59 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-12 17:59 - 2019-10-11 08:59 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-03-25 08:56 - 2019-10-11 08:59 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-25 08:56 - 2019-10-11 08:59 - 000003296 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-03-24 12:55 - 2019-10-11 15:54 - 000000000 ____D C:\Users\user\AppData\Local\NVIDIA Corporation
2020-03-24 12:10 - 2019-10-11 15:54 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000004106 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2020-03-24 12:10 - 2019-10-11 15:54 - 000001443 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2020-03-24 12:10 - 2019-10-11 15:54 - 000001443 _____ C:\ProgramData\Desktop\GeForce Experience.lnk
2020-03-24 12:10 - 2019-10-10 00:23 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-03-24 12:10 - 2019-10-10 00:22 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-03-24 12:10 - 2019-10-10 00:22 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
 
==================== Files in the root of some directories ========
 
2019-10-11 16:56 - 2019-10-11 16:56 - 000000017 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 

  • 0

#4
Rodger899
Posted 20 April 2020 - 06:33 AM

Rodger899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

I see Windows Update is still not working. I had this feeling the two may be interlinked. Do you think they are, and if so, is there a way to fix the Windows update?

 

Many thanks

Rodger


  • 0

#5
RKinner
Posted 20 April 2020 - 08:00 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Download, Save the attached wuauserv.reg file:

 

Attached File  wuauserv.reg   10KB   187 downloads

 

Right click on it and MERGE.

 

Then Search for:

 

services.msc

 

hit Enter

 

Scroll down to  Windows Update

 

Right click on it and if it is not started see if you can Start it.  Do you get an error?  What does the error say?

 

You can also try forcing an update:

 

Go to

https://www.microsof...nload/windows10

 

Click on Update Now.  Save the file then right click and Run As Admin.

 

 

We can also run DISM & SFC to check the system files:

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/
http://www.eightforu...indows-8-a.html

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow



This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt


Hit Enter.  Then type::


notepad %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)


It looks like it is complaining about not being registered.  Are you getting a popup that says you need a valid license?


  • 0

#6
Rodger899
Posted 21 April 2020 - 01:10 AM

Rodger899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

You are an absolute legend, it has worked, thank you so much. To recap for you:

 

I merged the registry file you sent and checked Services.msc. Windows Update was not even in the services. I performed the disk repairs as recommended and I see it is now working. I will paste the log below for you.

 

My daughters computer has exactly the same problems as this one (StartupCheckLibrary.dll problem on startup). Can I use that script you sent and run it through FRST or should I create a new thread and start the excercise from scratch?

 

This is sneaky Malware, deleted .exe file for AV and then prevented Windows updates for major security issues.. that will be the last time my kids bring something home and install on their PC's.

 

2020-01-26 10:22:25, Info                  CSI    00000006 [SR] Verifying 1 components
2020-01-26 10:22:25, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2020-01-26 10:22:25, Info                  CSI    00000008 [SR] Verify complete
2020-01-26 10:22:26, Info                  CSI    00000009 [SR] Verifying 1 components
2020-01-26 10:22:26, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2020-01-26 10:22:26, Info                  CSI    0000000b [SR] Verify complete
2020-01-26 10:22:26, Info                  CSI    0000000c [SR] Verifying 1 components
2020-01-26 10:22:26, Info                  CSI    0000000d [SR] Beginning Verify and Repair transaction
2020-01-26 10:22:26, Info                  CSI    0000000e [SR] Verify complete
2020-01-26 10:22:26, Info                  CSI    0000000f [SR] Verifying 1 components
2020-01-26 10:22:26, Info                  CSI    00000010 [SR] Beginning Verify and Repair transaction
2020-01-26 10:22:26, Info                  CSI    00000011 [SR] Verify complete
2020-01-26 10:22:26, Info                  CSI    00000012 [SR] Verifying 1 components
2020-01-26 10:22:26, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2020-01-26 10:22:26, Info                  CSI    00000014 [SR] Verify complete
2020-01-26 10:22:26, Info                  CSI    00000015 [SR] Verifying 1 components
2020-01-26 10:22:26, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2020-01-26 10:22:26, Info                  CSI    00000017 [SR] Verify complete
2020-02-04 12:08:47, Info                  CSI    00000006 [SR] Verifying 1 components
2020-02-04 12:08:47, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2020-02-04 12:08:48, Info                  CSI    00000008 [SR] Verify complete
2020-02-04 12:08:48, Info                  CSI    00000009 [SR] Verifying 1 components
2020-02-04 12:08:48, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2020-02-04 12:08:49, Info                  CSI    0000000b [SR] Verify complete
2020-02-04 12:08:49, Info                  CSI    0000000c [SR] Verifying 1 components
2020-02-04 12:08:49, Info                  CSI    0000000d [SR] Beginning Verify and Repair transaction
2020-02-04 12:08:49, Info                  CSI    0000000e [SR] Verify complete
2020-02-04 12:08:49, Info                  CSI    0000000f [SR] Verifying 1 components
2020-02-04 12:08:49, Info                  CSI    00000010 [SR] Beginning Verify and Repair transaction
2020-02-04 12:08:50, Info                  CSI    00000011 [SR] Verify complete
2020-02-04 12:08:50, Info                  CSI    00000012 [SR] Verifying 1 components
2020-02-04 12:08:50, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2020-02-04 12:08:50, Info                  CSI    00000014 [SR] Verify complete
2020-02-04 12:08:50, Info                  CSI    00000015 [SR] Verifying 1 components
2020-02-04 12:08:50, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2020-02-04 12:08:50, Info                  CSI    00000017 [SR] Verify complete
2020-02-14 13:38:27, Info                  CSI    00000006 [SR] Verifying 1 components
2020-02-14 13:38:27, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2020-02-14 13:38:29, Info                  CSI    00000009 [SR] Verify complete
2020-02-14 13:38:29, Info                  CSI    0000000a [SR] Verifying 1 components
2020-02-14 13:38:29, Info                  CSI    0000000b [SR] Beginning Verify and Repair transaction
2020-02-14 13:38:29, Info                  CSI    0000000c [SR] Verify complete
2020-02-14 13:38:30, Info                  CSI    0000000d [SR] Verifying 1 components
2020-02-14 13:38:30, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2020-02-14 13:38:30, Info                  CSI    0000000f [SR] Verify complete
2020-02-14 13:38:30, Info                  CSI    00000010 [SR] Verifying 1 components
2020-02-14 13:38:30, Info                  CSI    00000011 [SR] Beginning Verify and Repair transaction
2020-02-14 13:38:30, Info                  CSI    00000012 [SR] Verify complete
2020-02-14 13:38:31, Info                  CSI    00000013 [SR] Verifying 1 components
2020-02-14 13:38:31, Info                  CSI    00000014 [SR] Beginning Verify and Repair transaction
2020-02-14 13:38:31, Info                  CSI    00000015 [SR] Verify complete
2020-02-14 13:38:31, Info                  CSI    00000016 [SR] Verifying 1 components
2020-02-14 13:38:31, Info                  CSI    00000017 [SR] Beginning Verify and Repair transaction
2020-02-14 13:38:31, Info                  CSI    00000018 [SR] Verify complete
2020-02-21 14:08:23, Info                  CSI    00000006 [SR] Verifying 1 components
2020-02-21 14:08:23, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2020-02-21 14:08:24, Info                  CSI    00000008 [SR] Verify complete
2020-02-21 14:08:24, Info                  CSI    00000009 [SR] Verifying 1 components
2020-02-21 14:08:24, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2020-02-21 14:08:25, Info                  CSI    0000000b [SR] Verify complete
2020-02-21 14:08:25, Info                  CSI    0000000c [SR] Verifying 1 components
2020-02-21 14:08:25, Info                  CSI    0000000d [SR] Beginning Verify and Repair transaction
2020-02-21 14:08:25, Info                  CSI    0000000e [SR] Verify complete
2020-02-21 14:08:25, Info                  CSI    0000000f [SR] Verifying 1 components
2020-02-21 14:08:25, Info                  CSI    00000010 [SR] Beginning Verify and Repair transaction
2020-02-21 14:08:25, Info                  CSI    00000011 [SR] Verify complete
2020-02-21 14:08:25, Info                  CSI    00000012 [SR] Verifying 1 components
2020-02-21 14:08:25, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2020-02-21 14:08:25, Info                  CSI    00000014 [SR] Verify complete
2020-02-21 14:08:25, Info                  CSI    00000015 [SR] Verifying 1 components
2020-02-21 14:08:25, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2020-02-21 14:08:26, Info                  CSI    00000017 [SR] Verify complete
2020-02-28 19:22:25, Info                  CSI    00000006 [SR] Verifying 1 components
2020-02-28 19:22:25, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2020-02-28 19:22:25, Info                  CSI    00000008 [SR] Verify complete
2020-02-28 19:22:25, Info                  CSI    00000009 [SR] Verifying 1 components
2020-02-28 19:22:25, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2020-02-28 19:22:25, Info                  CSI    0000000b [SR] Verify complete
2020-02-28 19:22:25, Info                  CSI    0000000c [SR] Verifying 1 components
2020-02-28 19:22:25, Info                  CSI    0000000d [SR] Beginning Verify and Repair transaction
2020-02-28 19:22:25, Info                  CSI    0000000e [SR] Verify complete
2020-02-28 19:22:25, Info                  CSI    0000000f [SR] Verifying 1 components
2020-02-28 19:22:25, Info                  CSI    00000010 [SR] Beginning Verify and Repair transaction
2020-02-28 19:22:25, Info                  CSI    00000011 [SR] Verify complete
2020-02-28 19:22:25, Info                  CSI    00000012 [SR] Verifying 1 components
2020-02-28 19:22:25, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2020-02-28 19:22:25, Info                  CSI    00000014 [SR] Verify complete
2020-02-28 19:22:25, Info                  CSI    00000015 [SR] Verifying 1 components
2020-02-28 19:22:25, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2020-02-28 19:22:25, Info                  CSI    00000017 [SR] Verify complete
2020-03-06 19:25:40, Info                  CSI    00000006 [SR] Verifying 1 components
2020-03-06 19:25:40, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2020-03-06 19:25:41, Info                  CSI    00000008 [SR] Verify complete
2020-03-06 19:25:41, Info                  CSI    00000009 [SR] Verifying 1 components
2020-03-06 19:25:41, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2020-03-06 19:25:41, Info                  CSI    0000000b [SR] Verify complete
2020-03-06 19:25:41, Info                  CSI    0000000c [SR] Verifying 1 components
2020-03-06 19:25:41, Info                  CSI    0000000d [SR] Beginning Verify and Repair transaction
2020-03-06 19:25:41, Info                  CSI    0000000e [SR] Verify complete
2020-03-06 19:25:41, Info                  CSI    0000000f [SR] Verifying 1 components
2020-03-06 19:25:41, Info                  CSI    00000010 [SR] Beginning Verify and Repair transaction
2020-03-06 19:25:41, Info                  CSI    00000011 [SR] Verify complete
2020-03-06 19:25:41, Info                  CSI    00000012 [SR] Verifying 1 components
2020-03-06 19:25:41, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2020-03-06 19:25:41, Info                  CSI    00000014 [SR] Verify complete
2020-03-06 19:25:41, Info                  CSI    00000015 [SR] Verifying 1 components
2020-03-06 19:25:41, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2020-03-06 19:25:41, Info                  CSI    00000017 [SR] Verify complete
2020-03-14 06:40:08, Info                  CSI    00000006 [SR] Verifying 1 components
2020-03-14 06:40:08, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2020-03-14 06:40:08, Info                  CSI    00000008 [SR] Verify complete
2020-03-14 06:40:08, Info                  CSI    00000009 [SR] Verifying 1 components
2020-03-14 06:40:08, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2020-03-14 06:40:08, Info                  CSI    0000000b [SR] Verify complete
2020-03-14 06:40:08, Info                  CSI    0000000c [SR] Verifying 1 components
2020-03-14 06:40:08, Info                  CSI    0000000d [SR] Beginning Verify and Repair transaction
2020-03-14 06:40:08, Info                  CSI    0000000e [SR] Verify complete
2020-03-14 06:40:08, Info                  CSI    0000000f [SR] Verifying 1 components
2020-03-14 06:40:08, Info                  CSI    00000010 [SR] Beginning Verify and Repair transaction
2020-03-14 06:40:08, Info                  CSI    00000011 [SR] Verify complete
2020-03-14 06:40:08, Info                  CSI    00000012 [SR] Verifying 1 components
2020-03-14 06:40:08, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2020-03-14 06:40:08, Info                  CSI    00000014 [SR] Verify complete
2020-03-14 06:40:08, Info                  CSI    00000015 [SR] Verifying 1 components
2020-03-14 06:40:08, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2020-03-14 06:40:08, Info                  CSI    00000017 [SR] Verify complete
2020-03-24 12:02:22, Info                  CSI    00000006 [SR] Verifying 1 components
2020-03-24 12:02:22, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2020-03-24 12:02:22, Info                  CSI    00000008 [SR] Verify complete
2020-03-24 12:02:22, Info                  CSI    00000009 [SR] Verifying 1 components
2020-03-24 12:02:22, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2020-03-24 12:02:22, Info                  CSI    0000000b [SR] Verify complete
2020-03-24 12:02:22, Info                  CSI    0000000c [SR] Verifying 1 components
2020-03-24 12:02:22, Info                  CSI    0000000d [SR] Beginning Verify and Repair transaction
2020-03-24 12:02:22, Info                  CSI    0000000e [SR] Verify complete
2020-03-24 12:02:22, Info                  CSI    0000000f [SR] Verifying 1 components
2020-03-24 12:02:22, Info                  CSI    00000010 [SR] Beginning Verify and Repair transaction
2020-03-24 12:02:22, Info                  CSI    00000011 [SR] Verify complete
2020-03-24 12:02:22, Info                  CSI    00000012 [SR] Verifying 1 components
2020-03-24 12:02:22, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2020-03-24 12:02:22, Info                  CSI    00000014 [SR] Verify complete
2020-03-24 12:02:22, Info                  CSI    00000015 [SR] Verifying 1 components
2020-03-24 12:02:22, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2020-03-24 12:02:22, Info                  CSI    00000017 [SR] Verify complete
2020-03-31 14:40:03, Info                  CSI    00000006 [SR] Verifying 1 components
2020-03-31 14:40:03, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2020-03-31 14:40:03, Info                  CSI    00000008 [SR] Verify complete
2020-03-31 14:40:03, Info                  CSI    00000009 [SR] Verifying 1 components
2020-03-31 14:40:03, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2020-03-31 14:40:03, Info                  CSI    0000000b [SR] Verify complete
2020-03-31 14:40:03, Info                  CSI    0000000c [SR] Verifying 1 components
2020-03-31 14:40:03, Info                  CSI    0000000d [SR] Beginning Verify and Repair transaction
2020-03-31 14:40:03, Info                  CSI    0000000e [SR] Verify complete
2020-03-31 14:40:03, Info                  CSI    0000000f [SR] Verifying 1 components
2020-03-31 14:40:03, Info                  CSI    00000010 [SR] Beginning Verify and Repair transaction
2020-03-31 14:40:03, Info                  CSI    00000011 [SR] Verify complete
2020-03-31 14:40:03, Info                  CSI    00000012 [SR] Verifying 1 components
2020-03-31 14:40:03, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2020-03-31 14:40:03, Info                  CSI    00000014 [SR] Verify complete
2020-03-31 14:40:03, Info                  CSI    00000015 [SR] Verifying 1 components
2020-03-31 14:40:03, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2020-03-31 14:40:03, Info                  CSI    00000017 [SR] Verify complete
2020-04-07 16:07:04, Info                  CSI    00000006 [SR] Verifying 1 components
2020-04-07 16:07:04, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2020-04-07 16:07:04, Info                  CSI    00000008 [SR] Verify complete
2020-04-07 16:07:04, Info                  CSI    00000009 [SR] Verifying 1 components
2020-04-07 16:07:04, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2020-04-07 16:07:04, Info                  CSI    0000000b [SR] Verify complete
2020-04-07 16:07:04, Info                  CSI    0000000c [SR] Verifying 1 components
2020-04-07 16:07:04, Info                  CSI    0000000d [SR] Beginning Verify and Repair transaction
2020-04-07 16:07:04, Info                  CSI    0000000e [SR] Verify complete
2020-04-07 16:07:04, Info                  CSI    0000000f [SR] Verifying 1 components
2020-04-07 16:07:04, Info                  CSI    00000010 [SR] Beginning Verify and Repair transaction
2020-04-07 16:07:04, Info                  CSI    00000011 [SR] Verify complete
2020-04-07 16:07:04, Info                  CSI    00000012 [SR] Verifying 1 components
2020-04-07 16:07:04, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2020-04-07 16:07:05, Info                  CSI    00000014 [SR] Verify complete
2020-04-07 16:07:05, Info                  CSI    00000015 [SR] Verifying 1 components
2020-04-07 16:07:05, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2020-04-07 16:07:05, Info                  CSI    00000017 [SR] Verify complete
2020-04-14 17:24:43, Info                  CSI    00000006 [SR] Verifying 1 components
2020-04-14 17:24:43, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2020-04-14 17:24:47, Info                  CSI    00000009 [SR] Verify complete
2020-04-14 17:24:47, Info                  CSI    0000000a [SR] Verifying 1 components
2020-04-14 17:24:47, Info                  CSI    0000000b [SR] Beginning Verify and Repair transaction
2020-04-14 17:24:48, Info                  CSI    0000000c [SR] Verify complete
2020-04-14 17:24:48, Info                  CSI    0000000d [SR] Verifying 1 components
2020-04-14 17:24:48, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2020-04-14 17:24:48, Info                  CSI    0000000f [SR] Verify complete
2020-04-14 17:24:48, Info                  CSI    00000010 [SR] Verifying 1 components
2020-04-14 17:24:48, Info                  CSI    00000011 [SR] Beginning Verify and Repair transaction
2020-04-14 17:24:48, Info                  CSI    00000012 [SR] Verify complete
2020-04-14 17:24:49, Info                  CSI    00000013 [SR] Verifying 1 components
2020-04-14 17:24:49, Info                  CSI    00000014 [SR] Beginning Verify and Repair transaction
2020-04-14 17:24:49, Info                  CSI    00000015 [SR] Verify complete
2020-04-14 17:24:49, Info                  CSI    00000016 [SR] Verifying 1 components
2020-04-14 17:24:49, Info                  CSI    00000017 [SR] Beginning Verify and Repair transaction
2020-04-14 17:24:49, Info                  CSI    00000018 [SR] Verify complete
2020-04-19 13:39:11, Info                  CSI    00000006 [SR] Verifying 1 components
2020-04-19 13:39:11, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2020-04-19 13:39:11, Info                  CSI    00000008 [SR] Verify complete
2020-04-19 13:39:11, Info                  CSI    00000009 [SR] Verifying 1 components
2020-04-19 13:39:11, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2020-04-19 13:39:11, Info                  CSI    0000000b [SR] Verify complete
2020-04-19 13:39:11, Info                  CSI    0000000c [SR] Verifying 1 components
2020-04-19 13:39:11, Info                  CSI    0000000d [SR] Beginning Verify and Repair transaction
2020-04-19 13:39:11, Info                  CSI    0000000e [SR] Verify complete
2020-04-19 13:39:11, Info                  CSI    0000000f [SR] Verifying 1 components
2020-04-19 13:39:11, Info                  CSI    00000010 [SR] Beginning Verify and Repair transaction
2020-04-19 13:39:11, Info                  CSI    00000011 [SR] Verify complete
2020-04-19 13:39:11, Info                  CSI    00000012 [SR] Verifying 1 components
2020-04-19 13:39:11, Info                  CSI    00000013 [SR] Beginning Verify and Repair transaction
2020-04-19 13:39:11, Info                  CSI    00000014 [SR] Verify complete
2020-04-19 13:39:11, Info                  CSI    00000015 [SR] Verifying 1 components
2020-04-19 13:39:11, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2020-04-19 13:39:11, Info                  CSI    00000017 [SR] Verify complete
2020-04-19 13:39:13, Info                  CSI    00000018 [SR] Verifying 1 components
2020-04-19 13:39:13, Info                  CSI    00000019 [SR] Beginning Verify and Repair transaction
2020-04-19 13:39:13, Info                  CSI    0000001a [SR] Verify complete
2020-04-19 13:45:05, Info                  CSI    00000006 [SR] Verifying 1 components
2020-04-19 13:45:05, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2020-04-19 13:45:05, Info                  CSI    00000008 [SR] Verify complete
2020-04-21 08:47:44, Info                  CSI    00000006 [SR] Verifying 100 components
2020-04-21 08:47:44, Info                  CSI    00000007 [SR] Beginning Verify and Repair transaction
2020-04-21 08:47:46, Info                  CSI    00000008 [SR] Verify complete
2020-04-21 08:47:46, Info                  CSI    00000009 [SR] Verifying 100 components
2020-04-21 08:47:46, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2020-04-21 08:47:47, Info                  CSI    0000000c [SR] Verify complete
2020-04-21 08:47:47, Info                  CSI    0000000d [SR] Verifying 100 components
2020-04-21 08:47:47, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2020-04-21 08:47:48, Info                  CSI    0000000f [SR] Verify complete
2020-04-21 08:47:49, Info                  CSI    00000010 [SR] Verifying 100 components
2020-04-21 08:47:49, Info                  CSI    00000011 [SR] Beginning Verify and Repair transaction
2020-04-21 08:47:49, Info                  CSI    00000012 [SR] Verify complete
2020-04-21 08:47:49, Info                  CSI    00000013 [SR] Verifying 100 components
2020-04-21 08:47:49, Info                  CSI    00000014 [SR] Beginning Verify and Repair transaction
2020-04-21 08:47:53, Info                  CSI    00000015 [SR] Verify complete
2020-04-21 08:47:53, Info                  CSI    00000016 [SR] Verifying 100 components
2020-04-21 08:47:53, Info                  CSI    00000017 [SR] Beginning Verify and Repair transaction
2020-04-21 08:47:56, Info                  CSI    00000018 [SR] Verify complete
2020-04-21 08:47:56, Info                  CSI    00000019 [SR] Verifying 100 components
2020-04-21 08:47:56, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2020-04-21 08:47:59, Info                  CSI    0000001b [SR] Verify complete
2020-04-21 08:47:59, Info                  CSI    0000001c [SR] Verifying 100 components
2020-04-21 08:47:59, Info                  CSI    0000001d [SR] Beginning Verify and Repair transaction
2020-04-21 08:48:03, Info                  CSI    0000001e [SR] Verify complete
2020-04-21 08:48:03, Info                  CSI    0000001f [SR] Verifying 100 components
2020-04-21 08:48:03, Info                  CSI    00000020 [SR] Beginning Verify and Repair transaction
2020-04-21 08:48:15, Info                  CSI    00000021 [SR] Verify complete
2020-04-21 08:48:15, Info                  CSI    00000022 [SR] Verifying 100 components
2020-04-21 08:48:15, Info                  CSI    00000023 [SR] Beginning Verify and Repair transaction
2020-04-21 08:48:21, Info                  CSI    00000024 [SR] Verify complete
2020-04-21 08:48:21, Info                  CSI    00000025 [SR] Verifying 100 components
2020-04-21 08:48:21, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2020-04-21 08:48:26, Info                  CSI    00000027 [SR] Verify complete
2020-04-21 08:48:26, Info                  CSI    00000028 [SR] Verifying 100 components
2020-04-21 08:48:26, Info                  CSI    00000029 [SR] Beginning Verify and Repair transaction
2020-04-21 08:48:28, Info                  CSI    0000002a [SR] Verify complete
2020-04-21 08:48:29, Info                  CSI    0000002b [SR] Verifying 100 components
2020-04-21 08:48:29, Info                  CSI    0000002c [SR] Beginning Verify and Repair transaction
2020-04-21 08:48:38, Info                  CSI    0000002e [SR] Verify complete
2020-04-21 08:48:38, Info                  CSI    0000002f [SR] Verifying 100 components
2020-04-21 08:48:38, Info                  CSI    00000030 [SR] Beginning Verify and Repair transaction
2020-04-21 08:48:40, Info                  CSI    00000031 [SR] Verify complete
2020-04-21 08:48:40, Info                  CSI    00000032 [SR] Verifying 100 components
2020-04-21 08:48:40, Info                  CSI    00000033 [SR] Beginning Verify and Repair transaction
2020-04-21 08:48:43, Info                  CSI    00000035 [SR] Verify complete
2020-04-21 08:48:43, Info                  CSI    00000036 [SR] Verifying 100 components
2020-04-21 08:48:43, Info                  CSI    00000037 [SR] Beginning Verify and Repair transaction
2020-04-21 08:48:48, Info                  CSI    00000038 [SR] Verify complete
2020-04-21 08:48:48, Info                  CSI    00000039 [SR] Verifying 100 components
2020-04-21 08:48:48, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2020-04-21 08:48:52, Info                  CSI    0000003b [SR] Verify complete
2020-04-21 08:48:53, Info                  CSI    0000003c [SR] Verifying 100 components
2020-04-21 08:48:53, Info                  CSI    0000003d [SR] Beginning Verify and Repair transaction
2020-04-21 08:48:57, Info                  CSI    0000003e [SR] Verify complete
2020-04-21 08:48:57, Info                  CSI    0000003f [SR] Verifying 100 components
2020-04-21 08:48:57, Info                  CSI    00000040 [SR] Beginning Verify and Repair transaction
2020-04-21 08:49:01, Info                  CSI    00000041 [SR] Verify complete
2020-04-21 08:49:01, Info                  CSI    00000042 [SR] Verifying 100 components
2020-04-21 08:49:01, Info                  CSI    00000043 [SR] Beginning Verify and Repair transaction
2020-04-21 08:49:06, Info                  CSI    00000044 [SR] Verify complete
2020-04-21 08:49:06, Info                  CSI    00000045 [SR] Verifying 100 components
2020-04-21 08:49:06, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2020-04-21 08:49:11, Info                  CSI    00000047 [SR] Verify complete
2020-04-21 08:49:11, Info                  CSI    00000048 [SR] Verifying 100 components
2020-04-21 08:49:11, Info                  CSI    00000049 [SR] Beginning Verify and Repair transaction
2020-04-21 08:49:20, Info                  CSI    0000004a [SR] Verify complete
2020-04-21 08:49:20, Info                  CSI    0000004b [SR] Verifying 100 components
2020-04-21 08:49:20, Info                  CSI    0000004c [SR] Beginning Verify and Repair transaction
2020-04-21 08:49:32, Info                  CSI    0000004f [SR] Verify complete
2020-04-21 08:49:32, Info                  CSI    00000050 [SR] Verifying 100 components
2020-04-21 08:49:32, Info                  CSI    00000051 [SR] Beginning Verify and Repair transaction
2020-04-21 08:49:36, Info                  CSI    00000052 [SR] Verify complete
2020-04-21 08:49:36, Info                  CSI    00000053 [SR] Verifying 100 components
2020-04-21 08:49:36, Info                  CSI    00000054 [SR] Beginning Verify and Repair transaction
2020-04-21 08:49:39, Info                  CSI    00000055 [SR] Verify complete
2020-04-21 08:49:39, Info                  CSI    00000056 [SR] Verifying 100 components
2020-04-21 08:49:39, Info                  CSI    00000057 [SR] Beginning Verify and Repair transaction
2020-04-21 08:49:41, Info                  CSI    00000058 [SR] Verify complete
2020-04-21 08:49:41, Info                  CSI    00000059 [SR] Verifying 100 components
2020-04-21 08:49:41, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
2020-04-21 08:49:44, Info                  CSI    0000005b [SR] Verify complete
2020-04-21 08:49:44, Info                  CSI    0000005c [SR] Verifying 100 components
2020-04-21 08:49:44, Info                  CSI    0000005d [SR] Beginning Verify and Repair transaction
2020-04-21 08:49:48, Info                  CSI    00000060 [SR] Verify complete
2020-04-21 08:49:48, Info                  CSI    00000061 [SR] Verifying 100 components
2020-04-21 08:49:48, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
2020-04-21 08:49:50, Info                  CSI    00000063 [SR] Verify complete
2020-04-21 08:49:50, Info                  CSI    00000064 [SR] Verifying 100 components
2020-04-21 08:49:50, Info                  CSI    00000065 [SR] Beginning Verify and Repair transaction
2020-04-21 08:49:53, Info                  CSI    00000066 [SR] Verify complete
2020-04-21 08:49:53, Info                  CSI    00000067 [SR] Verifying 100 components
2020-04-21 08:49:53, Info                  CSI    00000068 [SR] Beginning Verify and Repair transaction
2020-04-21 08:49:55, Info                  CSI    00000069 [SR] Verify complete
2020-04-21 08:49:55, Info                  CSI    0000006a [SR] Verifying 100 components
2020-04-21 08:49:55, Info                  CSI    0000006b [SR] Beginning Verify and Repair transaction
2020-04-21 08:49:57, Info                  CSI    0000006c [SR] Verify complete
2020-04-21 08:49:57, Info                  CSI    0000006d [SR] Verifying 100 components
2020-04-21 08:49:57, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
2020-04-21 08:50:03, Info                  CSI    0000006f [SR] Verify complete
2020-04-21 08:50:04, Info                  CSI    00000070 [SR] Verifying 100 components
2020-04-21 08:50:04, Info                  CSI    00000071 [SR] Beginning Verify and Repair transaction
2020-04-21 08:50:12, Info                  CSI    00000072 [SR] Verify complete
2020-04-21 08:50:12, Info                  CSI    00000073 [SR] Verifying 100 components
2020-04-21 08:50:12, Info                  CSI    00000074 [SR] Beginning Verify and Repair transaction
2020-04-21 08:50:15, Info                  CSI    00000076 [SR] Verify complete
2020-04-21 08:50:15, Info                  CSI    00000077 [SR] Verifying 100 components
2020-04-21 08:50:15, Info                  CSI    00000078 [SR] Beginning Verify and Repair transaction
2020-04-21 08:50:19, Info                  CSI    00000079 [SR] Verify complete
2020-04-21 08:50:19, Info                  CSI    0000007a [SR] Verifying 100 components
2020-04-21 08:50:19, Info                  CSI    0000007b [SR] Beginning Verify and Repair transaction
2020-04-21 08:50:22, Info                  CSI    0000007f [SR] Verify complete
2020-04-21 08:50:22, Info                  CSI    00000080 [SR] Verifying 100 components
2020-04-21 08:50:22, Info                  CSI    00000081 [SR] Beginning Verify and Repair transaction
2020-04-21 08:50:28, Info                  CSI    00000083 [SR] Verify complete
2020-04-21 08:50:28, Info                  CSI    00000084 [SR] Verifying 100 components
2020-04-21 08:50:28, Info                  CSI    00000085 [SR] Beginning Verify and Repair transaction
2020-04-21 08:50:33, Info                  CSI    00000086 [SR] Verify complete
2020-04-21 08:50:34, Info                  CSI    00000087 [SR] Verifying 100 components
2020-04-21 08:50:34, Info                  CSI    00000088 [SR] Beginning Verify and Repair transaction
2020-04-21 08:50:37, Info                  CSI    0000008a [SR] Verify complete
2020-04-21 08:50:37, Info                  CSI    0000008b [SR] Verifying 100 components
2020-04-21 08:50:37, Info                  CSI    0000008c [SR] Beginning Verify and Repair transaction
2020-04-21 08:50:39, Info                  CSI    0000008d [SR] Verify complete
2020-04-21 08:50:39, Info                  CSI    0000008e [SR] Verifying 100 components
2020-04-21 08:50:39, Info                  CSI    0000008f [SR] Beginning Verify and Repair transaction
2020-04-21 08:50:42, Info                  CSI    00000091 [SR] Verify complete
2020-04-21 08:50:42, Info                  CSI    00000092 [SR] Verifying 100 components
2020-04-21 08:50:42, Info                  CSI    00000093 [SR] Beginning Verify and Repair transaction
2020-04-21 08:50:46, Info                  CSI    00000095 [SR] Verify complete
2020-04-21 08:50:46, Info                  CSI    00000096 [SR] Verifying 100 components
2020-04-21 08:50:46, Info                  CSI    00000097 [SR] Beginning Verify and Repair transaction
2020-04-21 08:50:48, Info                  CSI    00000098 [SR] Verify complete
2020-04-21 08:50:48, Info                  CSI    00000099 [SR] Verifying 100 components
2020-04-21 08:50:48, Info                  CSI    0000009a [SR] Beginning Verify and Repair transaction
2020-04-21 08:50:49, Info                  CSI    0000009b [SR] Verify complete
2020-04-21 08:50:50, Info                  CSI    0000009c [SR] Verifying 100 components
2020-04-21 08:50:50, Info                  CSI    0000009d [SR] Beginning Verify and Repair transaction
2020-04-21 08:50:53, Info                  CSI    0000009e [SR] Verify complete
2020-04-21 08:50:53, Info                  CSI    0000009f [SR] Verifying 100 components
2020-04-21 08:50:53, Info                  CSI    000000a0 [SR] Beginning Verify and Repair transaction
2020-04-21 08:50:57, Info                  CSI    000000a2 [SR] Verify complete
2020-04-21 08:50:57, Info                  CSI    000000a3 [SR] Verifying 100 components
2020-04-21 08:50:57, Info                  CSI    000000a4 [SR] Beginning Verify and Repair transaction
2020-04-21 08:51:01, Info                  CSI    000000a7 [SR] Verify complete
2020-04-21 08:51:01, Info                  CSI    000000a8 [SR] Verifying 100 components
2020-04-21 08:51:01, Info                  CSI    000000a9 [SR] Beginning Verify and Repair transaction
2020-04-21 08:51:05, Info                  CSI    000000aa [SR] Verify complete
2020-04-21 08:51:05, Info                  CSI    000000ab [SR] Verifying 100 components
2020-04-21 08:51:05, Info                  CSI    000000ac [SR] Beginning Verify and Repair transaction
2020-04-21 08:51:07, Info                  CSI    000000ad [SR] Verify complete
2020-04-21 08:51:07, Info                  CSI    000000ae [SR] Verifying 100 components
2020-04-21 08:51:07, Info                  CSI    000000af [SR] Beginning Verify and Repair transaction
2020-04-21 08:51:09, Info                  CSI    000000b0 [SR] Verify complete
2020-04-21 08:51:09, Info                  CSI    000000b1 [SR] Verifying 100 components
2020-04-21 08:51:09, Info                  CSI    000000b2 [SR] Beginning Verify and Repair transaction
2020-04-21 08:51:13, Info                  CSI    000000b3 [SR] Verify complete
2020-04-21 08:51:13, Info                  CSI    000000b4 [SR] Verifying 100 components
2020-04-21 08:51:13, Info                  CSI    000000b5 [SR] Beginning Verify and Repair transaction
2020-04-21 08:51:17, Info                  CSI    000000b6 [SR] Verify complete
2020-04-21 08:51:18, Info                  CSI    000000b7 [SR] Verifying 100 components
2020-04-21 08:51:18, Info                  CSI    000000b8 [SR] Beginning Verify and Repair transaction
2020-04-21 08:51:24, Info                  CSI    000000ba [SR] Verify complete
2020-04-21 08:51:24, Info                  CSI    000000bb [SR] Verifying 100 components
2020-04-21 08:51:24, Info                  CSI    000000bc [SR] Beginning Verify and Repair transaction
2020-04-21 08:51:28, Info                  CSI    000000be [SR] Verify complete
2020-04-21 08:51:28, Info                  CSI    000000bf [SR] Verifying 100 components
2020-04-21 08:51:28, Info                  CSI    000000c0 [SR] Beginning Verify and Repair transaction
2020-04-21 08:51:37, Info                  CSI    000000c4 [SR] Verify complete
2020-04-21 08:51:37, Info                  CSI    000000c5 [SR] Verifying 100 components
2020-04-21 08:51:37, Info                  CSI    000000c6 [SR] Beginning Verify and Repair transaction
2020-04-21 08:51:40, Info                  CSI    000000c7 [SR] Verify complete
2020-04-21 08:51:40, Info                  CSI    000000c8 [SR] Verifying 100 components
2020-04-21 08:51:40, Info                  CSI    000000c9 [SR] Beginning Verify and Repair transaction
2020-04-21 08:51:43, Info                  CSI    000000ca [SR] Verify complete
2020-04-21 08:51:43, Info                  CSI    000000cb [SR] Verifying 100 components
2020-04-21 08:51:43, Info                  CSI    000000cc [SR] Beginning Verify and Repair transaction
2020-04-21 08:51:47, Info                  CSI    000000cd [SR] Verify complete
2020-04-21 08:51:47, Info                  CSI    000000ce [SR] Verifying 100 components
2020-04-21 08:51:47, Info                  CSI    000000cf [SR] Beginning Verify and Repair transaction
2020-04-21 08:51:51, Info                  CSI    000000d0 [SR] Verify complete
2020-04-21 08:51:51, Info                  CSI    000000d1 [SR] Verifying 100 components
2020-04-21 08:51:51, Info                  CSI    000000d2 [SR] Beginning Verify and Repair transaction
2020-04-21 08:51:54, Info                  CSI    000000d3 [SR] Verify complete
2020-04-21 08:51:54, Info                  CSI    000000d4 [SR] Verifying 100 components
2020-04-21 08:51:54, Info                  CSI    000000d5 [SR] Beginning Verify and Repair transaction
2020-04-21 08:51:58, Info                  CSI    000000d6 [SR] Verify complete
2020-04-21 08:51:58, Info                  CSI    000000d7 [SR] Verifying 100 components
2020-04-21 08:51:58, Info                  CSI    000000d8 [SR] Beginning Verify and Repair transaction
2020-04-21 08:52:02, Info                  CSI    000000d9 [SR] Verify complete
2020-04-21 08:52:02, Info                  CSI    000000da [SR] Verifying 100 components
2020-04-21 08:52:02, Info                  CSI    000000db [SR] Beginning Verify and Repair transaction
2020-04-21 08:52:05, Info                  CSI    000000dc [SR] Verify complete
2020-04-21 08:52:05, Info                  CSI    000000dd [SR] Verifying 100 components
2020-04-21 08:52:05, Info                  CSI    000000de [SR] Beginning Verify and Repair transaction
2020-04-21 08:52:08, Info                  CSI    000000df [SR] Verify complete
2020-04-21 08:52:08, Info                  CSI    000000e0 [SR] Verifying 100 components
2020-04-21 08:52:08, Info                  CSI    000000e1 [SR] Beginning Verify and Repair transaction
2020-04-21 08:52:11, Info                  CSI    000000e2 [SR] Verify complete
2020-04-21 08:52:12, Info                  CSI    000000e3 [SR] Verifying 100 components
2020-04-21 08:52:12, Info                  CSI    000000e4 [SR] Beginning Verify and Repair transaction
2020-04-21 08:52:15, Info                  CSI    000000e5 [SR] Verify complete
2020-04-21 08:52:15, Info                  CSI    000000e6 [SR] Verifying 100 components
2020-04-21 08:52:15, Info                  CSI    000000e7 [SR] Beginning Verify and Repair transaction
2020-04-21 08:52:17, Info                  CSI    000000e8 [SR] Verify complete
2020-04-21 08:52:17, Info                  CSI    000000e9 [SR] Verifying 100 components
2020-04-21 08:52:17, Info                  CSI    000000ea [SR] Beginning Verify and Repair transaction
2020-04-21 08:52:20, Info                  CSI    000000eb [SR] Verify complete
2020-04-21 08:52:20, Info                  CSI    000000ec [SR] Verifying 100 components
2020-04-21 08:52:20, Info                  CSI    000000ed [SR] Beginning Verify and Repair transaction
2020-04-21 08:52:24, Info                  CSI    000000ee [SR] Verify complete
2020-04-21 08:52:24, Info                  CSI    000000ef [SR] Verifying 100 components
2020-04-21 08:52:24, Info                  CSI    000000f0 [SR] Beginning Verify and Repair transaction
2020-04-21 08:52:27, Info                  CSI    000000f1 [SR] Verify complete
2020-04-21 08:52:27, Info                  CSI    000000f2 [SR] Verifying 100 components
2020-04-21 08:52:27, Info                  CSI    000000f3 [SR] Beginning Verify and Repair transaction
2020-04-21 08:52:31, Info                  CSI    000000f4 [SR] Verify complete
2020-04-21 08:52:31, Info                  CSI    000000f5 [SR] Verifying 100 components
2020-04-21 08:52:31, Info                  CSI    000000f6 [SR] Beginning Verify and Repair transaction
2020-04-21 08:52:33, Info                  CSI    000000f7 [SR] Verify complete
2020-04-21 08:52:34, Info                  CSI    000000f8 [SR] Verifying 100 components
2020-04-21 08:52:34, Info                  CSI    000000f9 [SR] Beginning Verify and Repair transaction
2020-04-21 08:52:36, Info                  CSI    000000fa [SR] Verify complete
2020-04-21 08:52:36, Info                  CSI    000000fb [SR] Verifying 100 components
2020-04-21 08:52:36, Info                  CSI    000000fc [SR] Beginning Verify and Repair transaction
2020-04-21 08:52:40, Info                  CSI    000000fd [SR] Verify complete
2020-04-21 08:52:40, Info                  CSI    000000fe [SR] Verifying 100 components
2020-04-21 08:52:40, Info                  CSI    000000ff [SR] Beginning Verify and Repair transaction
2020-04-21 08:52:45, Info                  CSI    00000101 [SR] Verify complete
2020-04-21 08:52:45, Info                  CSI    00000102 [SR] Verifying 100 components
2020-04-21 08:52:45, Info                  CSI    00000103 [SR] Beginning Verify and Repair transaction
2020-04-21 08:52:48, Info                  CSI    00000104 [SR] Verify complete
2020-04-21 08:52:48, Info                  CSI    00000105 [SR] Verifying 100 components
2020-04-21 08:52:48, Info                  CSI    00000106 [SR] Beginning Verify and Repair transaction
2020-04-21 08:52:56, Info                  CSI    0000010d [SR] Verify complete
2020-04-21 08:52:56, Info                  CSI    0000010e [SR] Verifying 100 components
2020-04-21 08:52:56, Info                  CSI    0000010f [SR] Beginning Verify and Repair transaction
2020-04-21 08:52:59, Info                  CSI    00000110 [SR] Verify complete
2020-04-21 08:53:00, Info                  CSI    00000111 [SR] Verifying 100 components
2020-04-21 08:53:00, Info                  CSI    00000112 [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:03, Info                  CSI    00000113 [SR] Verify complete
2020-04-21 08:53:03, Info                  CSI    00000114 [SR] Verifying 100 components
2020-04-21 08:53:03, Info                  CSI    00000115 [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:06, Info                  CSI    00000116 [SR] Verify complete
2020-04-21 08:53:07, Info                  CSI    00000117 [SR] Verifying 100 components
2020-04-21 08:53:07, Info                  CSI    00000118 [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:10, Info                  CSI    0000011a [SR] Verify complete
2020-04-21 08:53:10, Info                  CSI    0000011b [SR] Verifying 100 components
2020-04-21 08:53:10, Info                  CSI    0000011c [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:13, Info                  CSI    0000011d [SR] Verify complete
2020-04-21 08:53:13, Info                  CSI    0000011e [SR] Verifying 100 components
2020-04-21 08:53:13, Info                  CSI    0000011f [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:16, Info                  CSI    00000120 [SR] Verify complete
2020-04-21 08:53:16, Info                  CSI    00000121 [SR] Verifying 100 components
2020-04-21 08:53:16, Info                  CSI    00000122 [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:19, Info                  CSI    00000123 [SR] Verify complete
2020-04-21 08:53:19, Info                  CSI    00000124 [SR] Verifying 100 components
2020-04-21 08:53:19, Info                  CSI    00000125 [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:25, Info                  CSI    00000128 [SR] Verify complete
2020-04-21 08:53:25, Info                  CSI    00000129 [SR] Verifying 100 components
2020-04-21 08:53:25, Info                  CSI    0000012a [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:29, Info                  CSI    0000012b [SR] Verify complete
2020-04-21 08:53:29, Info                  CSI    0000012c [SR] Verifying 100 components
2020-04-21 08:53:29, Info                  CSI    0000012d [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:31, Info                  CSI    0000012e [SR] Verify complete
2020-04-21 08:53:31, Info                  CSI    0000012f [SR] Verifying 100 components
2020-04-21 08:53:31, Info                  CSI    00000130 [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:34, Info                  CSI    00000131 [SR] Verify complete
2020-04-21 08:53:34, Info                  CSI    00000132 [SR] Verifying 100 components
2020-04-21 08:53:34, Info                  CSI    00000133 [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:36, Info                  CSI    00000134 [SR] Verify complete
2020-04-21 08:53:36, Info                  CSI    00000135 [SR] Verifying 100 components
2020-04-21 08:53:36, Info                  CSI    00000136 [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:38, Info                  CSI    00000138 [SR] Verify complete
2020-04-21 08:53:38, Info                  CSI    00000139 [SR] Verifying 100 components
2020-04-21 08:53:38, Info                  CSI    0000013a [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:41, Info                  CSI    0000013b [SR] Verify complete
2020-04-21 08:53:41, Info                  CSI    0000013c [SR] Verifying 100 components
2020-04-21 08:53:41, Info                  CSI    0000013d [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:44, Info                  CSI    0000013e [SR] Verify complete
2020-04-21 08:53:44, Info                  CSI    0000013f [SR] Verifying 100 components
2020-04-21 08:53:44, Info                  CSI    00000140 [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:47, Info                  CSI    00000141 [SR] Verify complete
2020-04-21 08:53:47, Info                  CSI    00000142 [SR] Verifying 100 components
2020-04-21 08:53:47, Info                  CSI    00000143 [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:51, Info                  CSI    00000144 [SR] Verify complete
2020-04-21 08:53:51, Info                  CSI    00000145 [SR] Verifying 100 components
2020-04-21 08:53:51, Info                  CSI    00000146 [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:53, Info                  CSI    00000147 [SR] Verify complete
2020-04-21 08:53:53, Info                  CSI    00000148 [SR] Verifying 100 components
2020-04-21 08:53:53, Info                  CSI    00000149 [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:55, Info                  CSI    0000014a [SR] Verify complete
2020-04-21 08:53:55, Info                  CSI    0000014b [SR] Verifying 100 components
2020-04-21 08:53:55, Info                  CSI    0000014c [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:57, Info                  CSI    0000014d [SR] Verify complete
2020-04-21 08:53:57, Info                  CSI    0000014e [SR] Verifying 100 components
2020-04-21 08:53:57, Info                  CSI    0000014f [SR] Beginning Verify and Repair transaction
2020-04-21 08:53:58, Info                  CSI    00000150 [SR] Verify complete
2020-04-21 08:53:58, Info                  CSI    00000151 [SR] Verifying 100 components
2020-04-21 08:53:58, Info                  CSI    00000152 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:00, Info                  CSI    00000154 [SR] Verify complete
2020-04-21 08:54:00, Info                  CSI    00000155 [SR] Verifying 100 components
2020-04-21 08:54:00, Info                  CSI    00000156 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:01, Info                  CSI    00000157 [SR] Verify complete
2020-04-21 08:54:01, Info                  CSI    00000158 [SR] Verifying 100 components
2020-04-21 08:54:01, Info                  CSI    00000159 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:03, Info                  CSI    0000015a [SR] Verify complete
2020-04-21 08:54:03, Info                  CSI    0000015b [SR] Verifying 100 components
2020-04-21 08:54:03, Info                  CSI    0000015c [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:04, Info                  CSI    0000015d [SR] Verify complete
2020-04-21 08:54:04, Info                  CSI    0000015e [SR] Verifying 100 components
2020-04-21 08:54:04, Info                  CSI    0000015f [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:07, Info                  CSI    00000160 [SR] Verify complete
2020-04-21 08:54:07, Info                  CSI    00000161 [SR] Verifying 100 components
2020-04-21 08:54:07, Info                  CSI    00000162 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:09, Info                  CSI    00000163 [SR] Verify complete
2020-04-21 08:54:09, Info                  CSI    00000164 [SR] Verifying 100 components
2020-04-21 08:54:09, Info                  CSI    00000165 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:10, Info                  CSI    00000166 [SR] Verify complete
2020-04-21 08:54:10, Info                  CSI    00000167 [SR] Verifying 100 components
2020-04-21 08:54:10, Info                  CSI    00000168 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:12, Info                  CSI    00000169 [SR] Verify complete
2020-04-21 08:54:12, Info                  CSI    0000016a [SR] Verifying 100 components
2020-04-21 08:54:12, Info                  CSI    0000016b [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:14, Info                  CSI    0000016c [SR] Verify complete
2020-04-21 08:54:14, Info                  CSI    0000016d [SR] Verifying 100 components
2020-04-21 08:54:14, Info                  CSI    0000016e [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:17, Info                  CSI    0000016f [SR] Verify complete
2020-04-21 08:54:17, Info                  CSI    00000170 [SR] Verifying 100 components
2020-04-21 08:54:17, Info                  CSI    00000171 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:18, Info                  CSI    00000172 [SR] Verify complete
2020-04-21 08:54:19, Info                  CSI    00000173 [SR] Verifying 100 components
2020-04-21 08:54:19, Info                  CSI    00000174 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:20, Info                  CSI    00000175 [SR] Verify complete
2020-04-21 08:54:20, Info                  CSI    00000176 [SR] Verifying 100 components
2020-04-21 08:54:20, Info                  CSI    00000177 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:22, Info                  CSI    00000178 [SR] Verify complete
2020-04-21 08:54:22, Info                  CSI    00000179 [SR] Verifying 100 components
2020-04-21 08:54:22, Info                  CSI    0000017a [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:23, Info                  CSI    0000017b [SR] Verify complete
2020-04-21 08:54:24, Info                  CSI    0000017c [SR] Verifying 100 components
2020-04-21 08:54:24, Info                  CSI    0000017d [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:25, Info                  CSI    0000017e [SR] Verify complete
2020-04-21 08:54:25, Info                  CSI    0000017f [SR] Verifying 100 components
2020-04-21 08:54:25, Info                  CSI    00000180 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:27, Info                  CSI    00000182 [SR] Verify complete
2020-04-21 08:54:28, Info                  CSI    00000183 [SR] Verifying 100 components
2020-04-21 08:54:28, Info                  CSI    00000184 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:30, Info                  CSI    00000185 [SR] Verify complete
2020-04-21 08:54:30, Info                  CSI    00000186 [SR] Verifying 100 components
2020-04-21 08:54:30, Info                  CSI    00000187 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:32, Info                  CSI    00000188 [SR] Verify complete
2020-04-21 08:54:32, Info                  CSI    00000189 [SR] Verifying 100 components
2020-04-21 08:54:32, Info                  CSI    0000018a [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:34, Info                  CSI    0000018b [SR] Verify complete
2020-04-21 08:54:34, Info                  CSI    0000018c [SR] Verifying 100 components
2020-04-21 08:54:34, Info                  CSI    0000018d [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:37, Info                  CSI    0000018e [SR] Verify complete
2020-04-21 08:54:37, Info                  CSI    0000018f [SR] Verifying 100 components
2020-04-21 08:54:37, Info                  CSI    00000190 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:39, Info                  CSI    00000191 [SR] Verify complete
2020-04-21 08:54:39, Info                  CSI    00000192 [SR] Verifying 100 components
2020-04-21 08:54:39, Info                  CSI    00000193 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:41, Info                  CSI    00000194 [SR] Verify complete
2020-04-21 08:54:41, Info                  CSI    00000195 [SR] Verifying 100 components
2020-04-21 08:54:41, Info                  CSI    00000196 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:44, Info                  CSI    00000197 [SR] Verify complete
2020-04-21 08:54:44, Info                  CSI    00000198 [SR] Verifying 100 components
2020-04-21 08:54:44, Info                  CSI    00000199 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:46, Info                  CSI    0000019a [SR] Verify complete
2020-04-21 08:54:46, Info                  CSI    0000019b [SR] Verifying 100 components
2020-04-21 08:54:46, Info                  CSI    0000019c [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:48, Info                  CSI    000001a0 [SR] Verify complete
2020-04-21 08:54:49, Info                  CSI    000001a1 [SR] Verifying 100 components
2020-04-21 08:54:49, Info                  CSI    000001a2 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:50, Info                  CSI    000001a3 [SR] Verify complete
2020-04-21 08:54:50, Info                  CSI    000001a4 [SR] Verifying 100 components
2020-04-21 08:54:50, Info                  CSI    000001a5 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:52, Info                  CSI    000001a6 [SR] Verify complete
2020-04-21 08:54:52, Info                  CSI    000001a7 [SR] Verifying 100 components
2020-04-21 08:54:52, Info                  CSI    000001a8 [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:53, Info                  CSI    000001a9 [SR] Verify complete
2020-04-21 08:54:53, Info                  CSI    000001aa [SR] Verifying 100 components
2020-04-21 08:54:53, Info                  CSI    000001ab [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:55, Info                  CSI    000001ac [SR] Verify complete
2020-04-21 08:54:55, Info                  CSI    000001ad [SR] Verifying 100 components
2020-04-21 08:54:55, Info                  CSI    000001ae [SR] Beginning Verify and Repair transaction
2020-04-21 08:54:58, Info                  CSI    000001b0 [SR] Verify complete
2020-04-21 08:54:58, Info                  CSI    000001b1 [SR] Verifying 100 components
2020-04-21 08:54:58, Info                  CSI    000001b2 [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:00, Info                  CSI    000001b3 [SR] Verify complete
2020-04-21 08:55:00, Info                  CSI    000001b4 [SR] Verifying 100 components
2020-04-21 08:55:00, Info                  CSI    000001b5 [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:02, Info                  CSI    000001b6 [SR] Verify complete
2020-04-21 08:55:02, Info                  CSI    000001b7 [SR] Verifying 100 components
2020-04-21 08:55:02, Info                  CSI    000001b8 [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:05, Info                  CSI    000001b9 [SR] Verify complete
2020-04-21 08:55:05, Info                  CSI    000001ba [SR] Verifying 100 components
2020-04-21 08:55:05, Info                  CSI    000001bb [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:08, Info                  CSI    000001bc [SR] Verify complete
2020-04-21 08:55:08, Info                  CSI    000001bd [SR] Verifying 100 components
2020-04-21 08:55:08, Info                  CSI    000001be [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:11, Info                  CSI    000001bf [SR] Verify complete
2020-04-21 08:55:11, Info                  CSI    000001c0 [SR] Verifying 100 components
2020-04-21 08:55:11, Info                  CSI    000001c1 [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:13, Info                  CSI    000001c3 [SR] Verify complete
2020-04-21 08:55:14, Info                  CSI    000001c4 [SR] Verifying 100 components
2020-04-21 08:55:14, Info                  CSI    000001c5 [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:15, Info                  CSI    000001c6 [SR] Verify complete
2020-04-21 08:55:15, Info                  CSI    000001c7 [SR] Verifying 100 components
2020-04-21 08:55:15, Info                  CSI    000001c8 [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:17, Info                  CSI    000001c9 [SR] Verify complete
2020-04-21 08:55:17, Info                  CSI    000001ca [SR] Verifying 100 components
2020-04-21 08:55:17, Info                  CSI    000001cb [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:19, Info                  CSI    000001cc [SR] Verify complete
2020-04-21 08:55:19, Info                  CSI    000001cd [SR] Verifying 100 components
2020-04-21 08:55:19, Info                  CSI    000001ce [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:21, Info                  CSI    000001cf [SR] Verify complete
2020-04-21 08:55:21, Info                  CSI    000001d0 [SR] Verifying 100 components
2020-04-21 08:55:21, Info                  CSI    000001d1 [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:24, Info                  CSI    000001d6 [SR] Verify complete
2020-04-21 08:55:24, Info                  CSI    000001d7 [SR] Verifying 100 components
2020-04-21 08:55:24, Info                  CSI    000001d8 [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:27, Info                  CSI    000001d9 [SR] Verify complete
2020-04-21 08:55:27, Info                  CSI    000001da [SR] Verifying 100 components
2020-04-21 08:55:27, Info                  CSI    000001db [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:28, Info                  CSI    000001dc [SR] Verify complete
2020-04-21 08:55:28, Info                  CSI    000001dd [SR] Verifying 100 components
2020-04-21 08:55:28, Info                  CSI    000001de [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:31, Info                  CSI    000001df [SR] Verify complete
2020-04-21 08:55:32, Info                  CSI    000001e0 [SR] Verifying 100 components
2020-04-21 08:55:32, Info                  CSI    000001e1 [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:34, Info                  CSI    000001e2 [SR] Verify complete
2020-04-21 08:55:34, Info                  CSI    000001e3 [SR] Verifying 100 components
2020-04-21 08:55:34, Info                  CSI    000001e4 [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:37, Info                  CSI    000001e6 [SR] Verify complete
2020-04-21 08:55:37, Info                  CSI    000001e7 [SR] Verifying 100 components
2020-04-21 08:55:37, Info                  CSI    000001e8 [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:39, Info                  CSI    000001e9 [SR] Verify complete
2020-04-21 08:55:39, Info                  CSI    000001ea [SR] Verifying 100 components
2020-04-21 08:55:39, Info                  CSI    000001eb [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:40, Info                  CSI    000001ec [SR] Verify complete
2020-04-21 08:55:41, Info                  CSI    000001ed [SR] Verifying 100 components
2020-04-21 08:55:41, Info                  CSI    000001ee [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:45, Info                  CSI    000001ef [SR] Verify complete
2020-04-21 08:55:45, Info                  CSI    000001f0 [SR] Verifying 100 components
2020-04-21 08:55:45, Info                  CSI    000001f1 [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:48, Info                  CSI    000001f2 [SR] Verify complete
2020-04-21 08:55:48, Info                  CSI    000001f3 [SR] Verifying 100 components
2020-04-21 08:55:48, Info                  CSI    000001f4 [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:49, Info                  CSI    000001f5 [SR] Verify complete
2020-04-21 08:55:49, Info                  CSI    000001f6 [SR] Verifying 100 components
2020-04-21 08:55:49, Info                  CSI    000001f7 [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:52, Info                  CSI    000001f8 [SR] Verify complete
2020-04-21 08:55:52, Info                  CSI    000001f9 [SR] Verifying 100 components
2020-04-21 08:55:52, Info                  CSI    000001fa [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:55, Info                  CSI    000001fb [SR] Verify complete
2020-04-21 08:55:55, Info                  CSI    000001fc [SR] Verifying 100 components
2020-04-21 08:55:55, Info                  CSI    000001fd [SR] Beginning Verify and Repair transaction
2020-04-21 08:55:58, Info                  CSI    000001fe [SR] Verify complete
2020-04-21 08:55:58, Info                  CSI    000001ff [SR] Verifying 100 components
2020-04-21 08:55:58, Info                  CSI    00000200 [SR] Beginning Verify and Repair transaction
2020-04-21 08:56:00, Info                  CSI    00000201 [SR] Verify complete
2020-04-21 08:56:00, Info                  CSI    00000202 [SR] Verifying 100 components
2020-04-21 08:56:00, Info                  CSI    00000203 [SR] Beginning Verify and Repair transaction
2020-04-21 08:56:02, Info                  CSI    00000204 [SR] Verify complete
2020-04-21 08:56:02, Info                  CSI    00000205 [SR] Verifying 100 components
2020-04-21 08:56:02, Info                  CSI    00000206 [SR] Beginning Verify and Repair transaction
2020-04-21 08:56:04, Info                  CSI    00000208 [SR] Verify complete
2020-04-21 08:56:04, Info                  CSI    00000209 [SR] Verifying 100 components
2020-04-21 08:56:04, Info                  CSI    0000020a [SR] Beginning Verify and Repair transaction
2020-04-21 08:56:05, Info                  CSI    0000020b [SR] Verify complete
2020-04-21 08:56:05, Info                  CSI    0000020c [SR] Verifying 77 components
2020-04-21 08:56:05, Info                  CSI    0000020d [SR] Beginning Verify and Repair transaction
2020-04-21 08:56:07, Info                  CSI    0000020e [SR] Verify complete
2020-04-21 08:56:07, Info                  CSI    0000020f [SR] Repairing 0 components
2020-04-21 08:56:07, Info                  CSI    00000210 [SR] Beginning Verify and Repair transaction
2020-04-21 08:56:07, Info                  CSI    00000211 [SR] Repair complete

  • 0

#7
RKinner
Posted 21 April 2020 - 03:59 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

I'm not sure which step helped you.  The forced update or the DISM/SFC.  If you didn't do the forced update it would be wise to do it and get up to date.  We are about to get a new version number in May and Windows is not good about updating if you get too far behind in version numbers.

 

It would be better if you posted your daughter's FRST logs.  (you can just post them here if you like - no need to start a new thread.)  The fixlist I did for you also fixed some other problems you had.


  • 0

#8
Rodger899
Posted 21 April 2020 - 06:42 AM

Rodger899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

I didn't do the forced update, I thought best to try that as a last resort, so the DISM/SFC did the trick I'm sure. 

 

Thanks for helping out on the other PC. Here are her log files:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2020
Ran by user (21-04-2020 14:34:08)
Running from C:\Users\user\Desktop
Windows 10 Pro Version 1809 17763.1039 (X64) (2019-07-15 07:22:15)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-230040752-2165402550-693070872-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-230040752-2165402550-693070872-503 - Limited - Disabled)
Guest (S-1-5-21-230040752-2165402550-693070872-501 - Limited - Disabled)
user (S-1-5-21-230040752-2165402550-693070872-1001 - Administrator - Enabled) => C:\Users\user
WDAGUtilityAccount (S-1-5-21-230040752-2165402550-693070872-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {885D845F-AF19-0124-FECE-FFF49D00F440}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {B066057A-E576-007C-D591-56C163D3B33B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.04) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.04 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 19.10.1 - Advanced Micro Devices, Inc.)
Branding64 (HKLM\...\{EE2AFCE4-0238-4DE0-A140-1647021627C1}) (Version: 1.00.0001 - Advanced Micro Devices, Inc.) Hidden
ESET Security (HKLM\...\{0C3F76CB-98AA-49B1-9B72-CD040E3E17E8}) (Version: 13.1.21.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.163 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
K-Lite Codec Pack 9.7.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.7.5 - )
Microsoft OneDrive (HKU\S-1-5-21-230040752-2165402550-693070872-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0012 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 24.0.1 - OBS Project)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
The Sims 4 Seasons (HKLM\...\The Sims 4 Seasons_is1) (Version: 1.46.18.1020 - )
Tux Typing (remove only) (HKLM-x32\...\TuxType) (Version:  - )
VLC media player 2.0.8 (HKLM-x32\...\VLC media player) (Version: 2.0.8 - VideoLAN)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
 
Packages:
=========
Amazing Run -> C:\Program Files\WindowsApps\28627PremiumFreeEpisodeGa.StarWarRun_2.9.0.0_x64__haf3134me8dd2 [2020-02-08] (Premium Free Episode Games PC Ltd.) [MS Ad]
Cooking Chef - Restaurant Fever -> C:\Program Files\WindowsApps\42444BestFriendsMultiplay.CookingChef-RestaurantFe_7.9.0.0_x64__y853g5sshg164 [2020-02-08] (Best Friends Multiplayer Games) [MS Ad]
Fancy Fashion Salon -> C:\Program Files\WindowsApps\53001.FancyFashionSalon_1.1.2.0_x86__zca8h67ayrj6t [2019-09-05] (IO Games) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-08-22] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-08-22] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-16] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.14.3002.0_x64__8wekyb3d8bbwe [2020-02-22] (Microsoft Studios)
Mr. Bean Art Games -> C:\Program Files\WindowsApps\23268AppolloPaint.Mr.BeanPaint_1.3.9.0_x64__skgegchsa453w [2019-09-05] (Paint) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.34.13393.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Corporation) [MS Ad]
ROBLOX -> C:\Program Files\WindowsApps\ROBLOXCORPORATION.ROBLOX_2.414.44205.0_x86__55nm5eh3cm0pr [2020-01-18] (ROBLOX Corporation)
Vacation Adventures: Park Ranger -> C:\Program Files\WindowsApps\C881FC4B.VacationAdventuresParkRanger_1.0.484.0_x86__gv7gkxn7zbbh4 [2019-09-05] (Filematch Ltd.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-02] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-02] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2019-10-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2020-04-02] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2005-06-07] () [File not signed]
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2019-07-15 11:14 - 2005-06-07 12:26 - 000043008 _____ () [File not signed] C:\Program Files (x86)\WinRAR\rarext64.dll
2019-01-08 12:56 - 2019-01-08 12:56 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2019-01-08 12:56 - 2019-01-08 12:56 - 003598336 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-01-08 12:57 - 2019-01-08 12:57 - 001441280 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2019-10-04 12:12 - 2019-10-04 12:12 - 005999104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-01-08 12:56 - 2019-01-08 12:56 - 006413824 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-01-08 12:56 - 2019-01-08 12:56 - 001141760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-01-08 12:56 - 2019-01-08 12:56 - 000339968 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-01-08 12:56 - 2019-01-08 12:56 - 004143104 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-01-08 12:56 - 2019-01-08 12:56 - 003840000 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-01-08 12:56 - 2019-01-08 12:56 - 000332800 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-01-08 12:56 - 2019-01-08 12:56 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-01-08 12:56 - 2019-01-08 12:56 - 000349184 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-01-08 12:56 - 2019-01-08 12:56 - 080959488 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-01-08 12:56 - 2019-01-08 12:56 - 005622272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-01-08 12:56 - 2019-01-08 12:56 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-01-08 12:56 - 2019-01-08 12:56 - 000190464 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-01-08 12:56 - 2019-01-08 12:56 - 002825216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-01-08 12:57 - 2019-01-08 12:57 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-01-08 12:57 - 2019-01-08 12:57 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-01-08 12:57 - 2019-01-08 12:57 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-01-08 12:57 - 2019-01-08 12:57 - 000330752 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-01-08 12:57 - 2019-01-08 12:57 - 000137216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-01-08 12:57 - 2019-01-08 12:57 - 000090112 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-01-08 12:57 - 2019-01-08 12:57 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-09-15 09:31 - 2018-09-15 09:31 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-230040752-2165402550-693070872-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-230040752-2165402550-693070872-1001\...\StartupApproved\StartupFolder: => "OpenOffice.org 3.4.1.lnk"
HKU\S-1-5-21-230040752-2165402550-693070872-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{5BF950E1-34CC-4A16-956B-08F99B529876}D:\snapy driver\sdi_x64_r1804.exe] => (Allow) D:\snapy driver\sdi_x64_r1804.exe No File
FirewallRules: [UDP Query User{B5FEF322-8967-4A85-B102-010FD79522C7}D:\snapy driver\sdi_x64_r1804.exe] => (Allow) D:\snapy driver\sdi_x64_r1804.exe No File
FirewallRules: [TCP Query User{029E09C9-B68D-442A-ADF0-520E83F9D462}C:\games\the sims 4 seasons\game\bin\ts4_x64.exe] => (Block) C:\games\the sims 4 seasons\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [UDP Query User{B966D525-FFDD-4CA5-B072-DE597EDB0ED4}C:\games\the sims 4 seasons\game\bin\ts4_x64.exe] => (Block) C:\games\the sims 4 seasons\game\bin\ts4_x64.exe (Electronic Arts Inc.) [File not signed]
FirewallRules: [{B8FAB27D-F74E-40F6-B486-0BA58BABFD40}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
27-03-2020 18:13:37 Scheduled Checkpoint
12-04-2020 13:49:51 Scheduled Checkpoint
21-04-2020 08:07:24 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (04/21/2020 02:26:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F025
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/21/2020 02:26:24 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F025
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/21/2020 07:42:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Minecraft.Windows.exe version 1.14.30.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 20b8
 
Start Time: 01d6179f9b38d5ec
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.14.3002.0_x64__8wekyb3d8bbwe\Minecraft.Windows.exe
 
Report Id: d91a4c7d-9ddd-4752-912b-b61809523ec7
 
Faulting package full name: Microsoft.MinecraftUWP_1.14.3002.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Hang type: Cross-process
 
Error: (04/21/2020 07:42:15 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F025
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (04/20/2020 06:25:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F025
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent
 
Error: (04/20/2020 06:24:57 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F025
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (04/19/2020 04:02:58 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F025
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=UserLogon;SessionId=1
 
Error: (04/19/2020 02:50:32 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0xC004F025
Command-line arguments:
RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=NetworkAvailable
 
 
System errors:
=============
Error: (04/21/2020 02:34:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (04/21/2020 02:34:17 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (04/21/2020 02:32:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (04/21/2020 02:32:17 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (04/21/2020 02:30:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (04/21/2020 02:30:17 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
Error: (04/21/2020 02:28:17 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The wuauserv service terminated with the following error: 
The system cannot find the file specified.
 
Error: (04/21/2020 02:28:17 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register with DCOM within the required timeout.
 
 
Windows Defender:
===================================
Date: 2019-08-22 09:20:47.944
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {EA610B80-9E36-439D-ABF0-D88E70900F74}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2019-08-22 14:41:56.424
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.297.1124.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16100.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2019-08-22 14:41:56.424
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.297.1124.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16100.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2019-08-22 14:41:56.424
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.297.1124.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16100.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2019-08-22 14:41:56.418
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.297.1124.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16100.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
Date: 2019-08-22 14:41:56.418
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.297.1124.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.16100.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved 
 
CodeIntegrity:
===================================
 
Date: 2019-09-05 16:38:01.641
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-09-05 16:38:01.575
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-09-05 16:38:01.309
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2019-09-05 16:38:01.100
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\ESET\ESET Security\ecmds.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
BIOS: American Megatrends Inc. P2.20 03/04/2019
Motherboard: ASRock B450M-HDV R4.0
Processor: AMD Ryzen 3 2200G with Radeon Vega Graphics 
Percentage of memory in use: 52%
Total physical RAM: 6072.68 MB
Available physical RAM: 2881.55 MB
Total Virtual: 7096.68 MB
Available Virtual: 2493.14 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.91 GB) (Free:836.83 GB) NTFS
 
\\?\Volume{68871a05-7977-4c94-a3f3-37da59f5369f}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.08 GB) NTFS
\\?\Volume{315fb178-6d3f-4f87-b4f2-738f38077e5d}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 45491304)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-04-2020
Ran by user (administrator) on DESKTOP-G003DIP (21-04-2020 14:32:44)
Running from C:\Users\user\Desktop
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 10 Pro Version 1809 17763.1039 (X64) Language: English (United Kingdom)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Adobe Systems, Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0347338.inf_amd64_ac57ebc90aacc6d7\B347375\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0347338.inf_amd64_ac57ebc90aacc6d7\B347375\atiesrxx.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <11>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12002.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wuapihost.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [185648 2020-04-02] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-230040752-2165402550-693070872-1001\...\MountPoints2: {663d883a-a6d3-11e9-9ad7-7085c2c7c69e} - "F:\ASRSetup.exe" 
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.163\Installer\chrmstp.exe [2020-04-12] (Google LLC -> Google LLC)
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2019-10-16]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () [File not signed]
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {264B7985-B78E-40DA-80FD-793F04762D2D} - System32\Tasks\AMD ThankingURL => C:\Program Files\AMD\CIM\Bin64\Setup.exe [891576 2019-10-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {49BB5C8A-324A-4630-992C-8945C98684C9} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [468992 2019-10-04] (Advanced Micro Devices, Inc.) [File not signed]
Task: {4C2C869C-87CE-444F-B259-8F98509EF613} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-07-15] (Google Inc -> Google Inc.)
Task: {633A009C-5DE3-46E2-9559-8279D6F33F59} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [468992 2019-10-04] (Advanced Micro Devices, Inc.) [File not signed]
Task: {6B07CB99-D003-436E-B5F9-0B3746922D0C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2019-07-15] (Google Inc -> Google Inc.)
Task: {6E8DAD47-B16A-4BE0-9589-F461A833380D} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\user\Downloads\esetonlinescanner.exe
Task: {73F3E279-D4CA-4CBB-950F-84AC752AFDBB} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61112 2019-10-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {79F73AC7-A7CC-4005-AA6D-972F547EC536} - System32\Tasks\Microsoft\Windows\Application Experience\StartupCheckLibrary => rundll32.exe StartupCheckLibrary.dll,DllMainRunLibrary <==== ATTENTION
Task: {9EAFF4C0-882E-4B39-A0CB-9DACDACCCF5A} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\user\Downloads\esetonlinescanner.exe
Task: {C131C0BF-FACA-4AFD-AC41-19793DC1B446} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [68280 2019-10-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{79bf1357-ee4b-469b-9142-d2e4c0416d41}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9dda5632-a4e8-4b57-a389-19c70beab3fa}: [DhcpNameServer] 192.168.8.1 192.168.8.1
 
Internet Explorer:
==================
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-04-12] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-04-12] (Oracle America, Inc. -> Oracle Corporation)
 
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-04-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-04-12] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-07-31] (VideoLAN) [File not signed]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2013-09-05] (Adobe Systems, Incorporated -> Adobe Systems Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2020-04-21]
CHR Extension: (Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-07-15]
CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-07-15]
CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-07-15]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-05]
CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-07-15]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-03]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD External Events Utility; C:\Windows\System32\DriverStore\FileRepository\c0347338.inf_amd64_ac57ebc90aacc6d7\B347375\atiesrxx.exe [509144 2019-10-07] (Advanced Micro Devices, Inc. -> AMD)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2358784 2020-04-02] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [2358784 2020-04-02] (ESET, spol. s r.o. -> ESET)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3831576 2019-08-22] (Microsoft Corporation -> Microsoft Corporation)
S3 wuauserv; C:\Windows\system32\svchost.exe [51696 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 wuauserv; C:\Windows\SysWOW64\svchost.exe [45448 2018-09-15] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdgpio2; C:\Windows\System32\drivers\amdgpio2.sys [45832 2019-10-01] (Advanced Micro Devices INC. -> Advanced Micro Devices, Inc)
R3 amdgpio3; C:\Windows\System32\drivers\amdgpio3.sys [33144 2017-08-29] (AMD PMP-PE CB Code Signer v20160415 -> Advanced Micro Devices, Inc)
R3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0347338.inf_amd64_ac57ebc90aacc6d7\B347375\atikmdag.sys [60655320 2019-10-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0347338.inf_amd64_ac57ebc90aacc6d7\B347375\atikmpag.sys [598224 2019-10-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\drivers\amdpsp.sys [137104 2017-11-07] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc. )
S3 AsrSetupDrv103; C:\Windows\SysWOW64\Drivers\AsrSetupDrv103.sys [34568 2019-07-15] (ASROCK Incorporation -> RW-Everything) [File not signed]
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [108152 2019-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [154336 2020-04-02] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [106840 2020-04-02] (ESET, spol. s r.o. -> ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15800 2020-04-01] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [188872 2020-04-02] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [53048 2020-04-02] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [79520 2020-04-02] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [115960 2020-04-02] (ESET, spol. s r.o. -> ESET)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [605696 2018-09-15] (Microsoft Windows -> Realtek )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [8206848 2018-09-15] (Microsoft Windows -> Realtek Semiconductor Corporation )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46584 2018-09-15] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [340008 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [61992 2018-09-15] (Microsoft Windows -> Microsoft Corporation)
S3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-04-21 14:32 - 2020-04-21 14:33 - 000013125 _____ C:\Users\user\Desktop\FRST.txt
2020-04-21 14:32 - 2020-04-21 14:33 - 000000000 ____D C:\FRST
2020-04-21 14:28 - 2020-04-21 14:31 - 002281984 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2020-04-15 16:48 - 2020-04-15 16:48 - 000002016 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2020-04-15 16:48 - 2020-04-15 16:48 - 000002016 _____ C:\ProgramData\Desktop\ESET Banking & Payment protection.lnk
2020-04-15 16:12 - 2020-04-15 16:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2020-04-15 16:12 - 2020-04-15 16:12 - 000000000 ____D C:\Program Files\ESET
2020-04-15 15:58 - 2020-04-15 15:58 - 000902240 _____ (ESET) C:\esetuninstaller.exe
2020-04-15 15:43 - 2020-04-19 15:01 - 000667174 _____ C:\Windows\ntbtlog.txt
2020-04-15 15:39 - 2020-04-15 15:39 - 000170280 _____ (ESET) C:\Windows\system32\Drivers\ESETCleanersDriver.sys
2020-04-15 15:38 - 2020-04-15 15:38 - 000168256 _____ (ESET) C:\Windows\system32\Drivers\ESETMebrootCleaner.sys
2020-04-14 23:45 - 2020-04-14 23:45 - 000003800 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onLogOn
2020-04-14 23:45 - 2020-04-14 23:45 - 000003358 _____ C:\Windows\system32\Tasks\EOSv3 Scheduler onTime
2020-04-14 20:06 - 2020-04-14 20:06 - 000000748 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2020-04-14 20:06 - 2020-04-14 20:06 - 000000649 _____ C:\Users\user\Desktop\ESET Online Scanner.lnk
2020-04-12 12:05 - 2020-04-12 12:05 - 000114232 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2020-04-12 12:05 - 2020-04-12 12:05 - 000000000 ____D C:\Users\user\AppData\Roaming\Sun
2020-04-12 12:05 - 2020-04-12 12:05 - 000000000 ____D C:\ProgramData\Oracle
2020-04-12 12:05 - 2020-04-12 12:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2020-04-12 12:05 - 2020-04-12 12:05 - 000000000 ____D C:\Program Files (x86)\Java
2020-04-03 14:50 - 2020-04-03 14:58 - 056521824 _____ (ESET) C:\Users\user\Downloads\eis_nt64.exe
2020-04-03 14:42 - 2020-04-03 14:42 - 005504824 _____ (ESET) C:\Users\user\Downloads\eset_internet_security_live_installer (2).exe
2020-04-02 13:43 - 2020-04-02 13:43 - 000188872 _____ (ESET) C:\Windows\system32\Drivers\ehdrv.sys
2020-04-02 13:43 - 2020-04-02 13:43 - 000154336 _____ (ESET) C:\Windows\system32\Drivers\eamonm.sys
2020-04-02 13:43 - 2020-04-02 13:43 - 000115960 _____ (ESET) C:\Windows\system32\Drivers\epfwwfp.sys
2020-04-02 13:43 - 2020-04-02 13:43 - 000106840 _____ (ESET) C:\Windows\system32\Drivers\edevmon.sys
2020-04-02 13:43 - 2020-04-02 13:43 - 000079520 _____ (ESET) C:\Windows\system32\Drivers\epfw.sys
2020-04-02 13:43 - 2020-04-02 13:43 - 000053048 _____ (ESET) C:\Windows\system32\Drivers\ekbdflt.sys
2020-04-01 15:27 - 2020-04-01 15:27 - 000015800 _____ (ESET) C:\Windows\system32\Drivers\eelam.sys
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-04-21 14:24 - 2019-09-29 08:34 - 000004162 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{A2DF6450-EFA8-446F-BDC3-13BB92C1A2D4}
2020-04-21 14:24 - 2018-09-15 09:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-04-21 14:23 - 2019-07-15 09:15 - 000000000 ____D C:\Windows\system32\SleepStudy
2020-04-21 07:45 - 2019-07-15 09:24 - 000795992 _____ C:\Windows\system32\PerfStringBackup.INI
2020-04-21 07:45 - 2018-09-15 09:31 - 000000000 ____D C:\Windows\INF
2020-04-21 07:41 - 2020-02-25 19:07 - 000003110 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2020-04-21 07:41 - 2019-07-15 09:16 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-04-20 20:50 - 2018-09-15 08:09 - 000524288 _____ C:\Windows\system32\config\BBI
2020-04-17 19:00 - 2019-07-15 09:55 - 000003374 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-230040752-2165402550-693070872-1001
2020-04-17 19:00 - 2019-07-15 09:55 - 000000000 ___RD C:\Users\user\OneDrive
2020-04-17 19:00 - 2019-07-15 09:44 - 000002360 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-04-15 16:12 - 2019-08-22 17:03 - 000000000 ____D C:\ProgramData\ESET
2020-04-15 16:12 - 2018-09-15 09:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2020-04-14 20:06 - 2019-08-22 17:03 - 000000000 ____D C:\Users\user\AppData\Local\ESET
2020-04-12 13:38 - 2019-07-15 13:59 - 000000000 ____D C:\Users\user\AppData\Local\D3DSCache
2020-04-12 09:49 - 2019-07-15 11:15 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-04-12 09:49 - 2019-07-15 11:15 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-04-12 09:49 - 2019-07-15 11:15 - 000002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-03-27 14:33 - 2018-09-15 09:33 - 000000000 ___HD C:\Program Files\WindowsApps
2020-03-27 14:33 - 2018-09-15 09:33 - 000000000 ____D C:\Windows\AppReadiness
2020-03-27 14:32 - 2019-07-15 09:52 - 000000000 ____D C:\Users\user\AppData\Local\Packages
2020-03-24 12:16 - 2019-08-23 19:04 - 000000000 ____D C:\Users\user\AppData\Local\PlaceholderTileLogoFolder
2020-03-24 12:16 - 2019-07-15 11:14 - 000003420 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-03-24 12:16 - 2019-07-15 11:14 - 000003296 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories ========
 
2019-08-22 21:14 - 2019-08-22 21:15 - 000007605 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================

  • 0

#9
RKinner
Posted 21 April 2020 - 07:23 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   2.95KB   178 downloads

Run FRST and press Fix.  I'm letting this fixlist also run DISM and SFC so it will take about 30 minutes to complete.  Be patient.

A fix log will be generated please post that.  It may be too big to post in which case you will need to attach it:

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
This PC is using version 1809 which is two major versions behind so you should force the update using the link I gave you earlier.  Otherwise it is unlikely to ever update.

 


  • 0

#10
Rodger899
Posted 22 April 2020 - 03:19 AM

Rodger899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

Everything seems to be working great now, thank you. 

 

Here is the log file as requested. It is huge, so have attached it for you.

 

Let me know if you see any other problems. 


  • 0

#11
RKinner
Posted 22 April 2020 - 03:33 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

No attachment.

 

Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 


  • 0

#12
Rodger899
Posted 22 April 2020 - 05:46 AM

Rodger899

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts

Sorry, here we go

Attached Files


  • 0

#13
RKinner
Posted 22 April 2020 - 06:01 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Is Windows Update working?  Can't tell from the log.  Need the FRST scan logs.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Virus, startupcheck.dll

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP