Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dogpile Being Redirected When "Forum" Is Typed.


  • Please log in to reply

#16
smittyd

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Thanks.  I do have another issue if you have time.  Do you know anything about Thunderbird email?  Here within the past few days, when I hit my TB icon, even when I go to the TB folder and actually hit the .exe, TB does not appear on the screen.  I opened Task Manager to watch and see what happens.  It'll appear there for a few seconds and the disappear.  But, what also appears with it is "WerFault.exe.  Any help would be appreciate or direct me to a possible solution.  Thanks!


  • 0

Advertisements


#17
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,580 posts
  • MVP

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)


 


  • 0

#18
smittyd

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 06/01/2021 12:02:45 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/01/2021 4:14:19 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 05/01/2021 3:34:29 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/01/2021 1:03:52 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Genie Timeline Service service terminated unexpectedly.  It has done this 3 time(s).

Log: 'System' Date/Time: 05/01/2021 9:59:48 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Genie Timeline Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 05/01/2021 7:30:28 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Genie Timeline Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 05/01/2021 7:24:09 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Wondershare Application Framework Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 05/01/2021 7:24:09 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Wondershare Application Framework Service service to connect.

Log: 'System' Date/Time: 05/01/2021 6:54:39 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Genie Timeline Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 05/01/2021 4:26:19 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Genie Timeline Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 05/01/2021 4:14:32 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 10:12:29 AM on ?1/?5/?2021 was unexpected.

Log: 'System' Date/Time: 05/01/2021 3:53:09 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 05/01/2021 3:53:09 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Log: 'System' Date/Time: 05/01/2021 3:53:09 PM
Type: Error Category: 0
Event: 10005 Source: Microsoft-Windows-DistributedCOM
DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Log: 'System' Date/Time: 05/01/2021 3:51:24 PM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {82C85EAA-7C94-4702-AA75-DF39403AE358} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 05/01/2021 3:37:36 PM
Type: Error Category: 0
Event: 14332 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Log: 'System' Date/Time: 05/01/2021 3:34:47 PM
Type: Error Category: 0
Event: 1001 Source: Microsoft-Windows-WER-SystemErrorReporting
The computer has rebooted from a bugcheck.  The bugcheck was: 0x000000c2 (0x0000000000000007, 0x000000000000109b, 0x0000000004140003, 0xfffffa800d4d9e10). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010521-34491-01.

Log: 'System' Date/Time: 05/01/2021 3:34:36 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 9:33:30 AM on ?1/?5/?2021 was unexpected.

Log: 'System' Date/Time: 05/01/2021 3:32:31 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Genie Timeline Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 05/01/2021 6:00:08 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The Genie Timeline Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Log: 'System' Date/Time: 05/01/2021 5:47:41 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Wondershare Application Framework Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 05/01/2021 5:47:41 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Wondershare Application Framework Service service to connect.

Log: 'System' Date/Time: 05/01/2021 5:03:21 AM
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The Malwarebytes Service service did not shut down properly after receiving a preshutdown control.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/01/2021 7:24:51 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20071114173400000&0#.

Log: 'System' Date/Time: 05/01/2021 7:23:36 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 05/01/2021 7:23:23 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
The event description cannot be found.

Log: 'System' Date/Time: 05/01/2021 7:20:47 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 05/01/2021 7:20:47 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 05/01/2021 5:05:08 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20071114173400000&0#.

Log: 'System' Date/Time: 05/01/2021 5:03:58 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 05/01/2021 5:03:46 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
The event description cannot be found.

Log: 'System' Date/Time: 05/01/2021 5:03:19 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 05/01/2021 5:03:19 PM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped.  Module Path: C:\Windows\system32\athihvs.dll

Log: 'System' Date/Time: 05/01/2021 4:16:28 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20071114173400000&0#.

Log: 'System' Date/Time: 05/01/2021 4:15:00 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
The event description cannot be found.

Log: 'System' Date/Time: 05/01/2021 4:14:39 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 05/01/2021 4:14:23 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
The event description cannot be found.

Log: 'System' Date/Time: 05/01/2021 3:50:54 PM
Type: Warning Category: 0
Event: 7039 Source: Service Control Manager
A service process other than the one launched by the Service Control Manager connected when starting the %1!s! Update Service (avg)!s! Update Service (avg)!s! Update Service (avg)!s! Update Service (avg) service.  The Service Control Manager launched process 6924 and process 5236 connected instead.    Note that if this service is configured to start under a debugger, this behavior is expected.

Log: 'System' Date/Time: 05/01/2021 3:35:33 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MULTI-CARD&REV_1.00#20071114173400000&0#.

Log: 'System' Date/Time: 05/01/2021 3:34:42 PM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 05/01/2021 3:34:31 PM
Type: Warning Category: 0
Event: 1 Source: RTL8167
The event description cannot be found.

Log: 'System' Date/Time: 05/01/2021 5:47:02 AM
Type: Warning Category: 0
Event: 11 Source: Microsoft-Windows-Wininit
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.

Log: 'System' Date/Time: 05/01/2021 5:46:49 AM
Type: Warning Category: 0
Event: 1 Source: RTL8167
The event description cannot be found.


 


  • 0

#19
smittyd

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Application:

 

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 06/01/2021 12:34:07 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 06/01/2021 6:13:51 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0x2388 Faulting application start time: 0x01d6e457aecd177e Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: ed9fe6d6-504a-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 3:21:52 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0x24b0 Faulting application start time: 0x01d6e43fa922c155 Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: e6ff4632-5032-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 3:15:22 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0x2ca8 Faulting application start time: 0x01d6e43ec08636b7 Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: fe3dcde9-5031-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 3:14:57 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0x28f8 Faulting application start time: 0x01d6e43eb18bc412 Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: ef4a874f-5031-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 3:13:14 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0x2d24 Faulting application start time: 0x01d6e43e7376fb0d Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: b2429e5a-5031-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 3:02:03 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0x218c Faulting application start time: 0x01d6e43ce38a6645 Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: 224874cf-5030-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 2:32:43 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0x2f30 Faulting application start time: 0x01d6e438cab2a8b5 Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: 09440147-502c-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 2:02:59 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0x2a94 Faulting application start time: 0x01d6e434a3797196 Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: e1e5403b-5027-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 5:32:34 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0x24ac Faulting application start time: 0x01d6e3ed563a6578 Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: 93f0c426-4fe0-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 5:32:34 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0x2fb0 Faulting application start time: 0x01d6e3ed5622222e Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: 93d880db-4fe0-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 5:32:34 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0x2f78 Faulting application start time: 0x01d6e3ed56071fb8 Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: 93bd3045-4fe0-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 5:32:34 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0xbc Faulting application start time: 0x01d6e3ed55ed7cd8 Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: 93a429a7-4fe0-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 5:32:34 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0x24b8 Faulting application start time: 0x01d6e3ed55d3d9f8 Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: 938a38a6-4fe0-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 5:32:33 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0x6ec Faulting application start time: 0x01d6e3ed55ba3718 Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: 93706eb5-4fe0-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 5:32:33 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0xce4 Faulting application start time: 0x01d6e3ed55a09438 Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: 93574107-4fe0-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 5:32:33 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0x2d40 Faulting application start time: 0x01d6e3ed558829dc Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: 933e617a-4fe0-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 5:32:33 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0x2ef8 Faulting application start time: 0x01d6e3ed556e86fc Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: 93250cbb-4fe0-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 5:32:33 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0x20cc Faulting application start time: 0x01d6e3ed5555f590 Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: 930ddae4-4fe0-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 5:32:33 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0x2a30 Faulting application start time: 0x01d6e3ed553a08b8 Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: 92f01944-4fe0-11eb-b25d-d4bed9e6e920

Log: 'Application' Date/Time: 06/01/2021 5:32:32 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Faulting module name: thunderbird.exe, version: 85.0.0.7669, time stamp: 0x5feccc1e Exception code: 0xc0000005 Fault offset: 0x00002ccb Faulting process id: 0x2e64 Faulting application start time: 0x01d6e3ed5522d6e1 Faulting application path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Faulting module path: C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe Report Id: 92d8e76d-4fe0-11eb-b25d-d4bed9e6e920

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/01/2021 7:30:20 PM
Type: Warning Category: 7
Event: 507 Source: ESENT
wuaueng.dll (608) SUS20ClientDataStore: A request to read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 1127645184 (0x0000000043368000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (75 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 05/01/2021 6:54:28 PM
Type: Warning Category: 7
Event: 507 Source: ESENT
wuaueng.dll (520) SUS20ClientDataStore: A request to read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 117440512 (0x0000000007000000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (6271 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

Log: 'Application' Date/Time: 05/01/2021 5:59:48 AM
Type: Warning Category: 7
Event: 507 Source: ESENT
wuaueng.dll (688) SUS20ClientDataStore: A request to read from the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 303202304 (0x0000000012128000) for 32768 (0x00008000) bytes succeeded, but took an abnormally long time (423 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.


 


  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,580 posts
  • MVP

Put

thunderbird.exe

in the FRST search box and then hit Search Files.  You will get one log please post.

 

Also you have a BSOD so let's see what is causing that:

Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

 

You also have a serious Event 507 which causes major slowness.  I'll try a fixlist next time after I see the results of the thunderbird.exe search.


  • 0

#21
smittyd

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Farbar Recovery Scan Tool (x64) Version: 05-01-2021
Ran by Owner (06-01-2021 22:09:18)
Running from C:\Users\Owner\Desktop
Boot Mode: Normal

================== Search Files: "thunderbird.exe" =============

C:\Windows.old\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
[2013-12-11 10:20][2013-12-11 10:20] 000390256 _____ (Mozilla Corporation) 46F0B95A7D98C7FA4E00D0D092D7B1E3 [File is digitally signed]

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
[2020-12-24 13:11][2021-01-05 09:33] 000407248 _____ (Mozilla Corporation) ED639F66BD0DC8B82C8B3B743295F9A7 [File is digitally signed]


====== End of Search ======

 

I ran the Blue Screen View and nothing showed up.


  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,580 posts
  • MVP

Let's see if using the older version will work better.  Also I would uninstall SuperAntiSpyware, Spybot S&D. You are getting errors from Wondershare and ReadySHARE Vault.  If you are not using them uninstall.  If you are trying to use them they probably need a reinstall.

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   2.01KB   26 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again but this time make sure Addition.txt is checked and hit Scan.  Post both logs.


 


  • 0

#23
smittyd

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-01-2021
Ran by Owner (administrator) on OWNER-PC (Dell Inc. Inspiron 660) (07-01-2021 13:11:34)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Atheros) [File not signed] C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\caudiofilteragent64.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe
(Conexant Systems, Inc. -> Conexant Systems, Inc.) C:\Program Files\CONEXANT\SA3\SmartAudio3.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation - Mobile Wireless Group -> Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel® Upgrade Service -> Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\3.8.106.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MSGSDK\msgrunner.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_6\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <4>
(Nero AG -> Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SUPERAntiSpyware.com -> SUPERAntiSpyware.com) C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASCORE64.EXE
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe <2>
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.Service.exe
(Surfshark Ltd. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.ShadowsocksService.exe
(Tweaking LLC -> Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [564352 2011-12-14] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1628288 2011-09-08] (Conexant Systems, Inc. -> Conexant Systems, Inc.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11406608 2011-12-19] (Intel Corporation - Mobile Wireless Group -> Intel Corporation)
HKLM\...\Run: [WSVCUUpdateHelper.exe] => C:\Program Files\Wondershare\Wondershare UniConverter\WSVCUUpdateHelper.exe [34744 2020-12-23] (Wondershare Technology Co.,Ltd -> )
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe [4362704 2020-11-27] (Surfshark Ltd. -> Surfshark)
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32414392 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\MountPoints2: {24670f47-71b5-11e3-bcac-806e6f6e6963} - D:\autoRcd.exe
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\...\Print\Monitors\HP 5912 Status Monitor: C:\Windows\system32\hpinksts5912LM.dll [331664 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8600): C:\Windows\system32\HPDiscoPM5912.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\Installer\chrmstp.exe [2020-12-03] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UPS Thermal Printing.lnk [2019-02-05]
ShortcutTarget: UPS Thermal Printing.lnk -> C:\Program Files (x86)\UPS\Thermal Printing\UPSISJavaStarter.exe (United Parcel Service) [File not signed]
Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2019-05-03]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E313519-F2CD-4E9F-9C27-8B8DF7B05A89} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_465_Plugin.exe [1504312 2020-12-08] (Adobe Inc. -> Adobe)
Task: {1D77A071-171F-4554-94D3-D851C2AD0927} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-16] (Google Inc -> Google Inc.)
Task: {1FD67AC7-010B-4D16-9F09-E6EB9574DDFB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {23C624EA-F7F3-489E-96B9-E9F4A5CAA68D} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4603200 2020-08-16] (McAfee, LLC -> McAfee, LLC)
Task: {28128529-D51E-4E11-BA53-3B77456B5BA0} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [4119656 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {4EBBE1C6-1081-404A-A982-103F922B3188} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {52D1E257-6F32-400C-998C-1079B31AF08F} - System32\Tasks\{D2BC83A8-B3D8-4D1C-90D9-A43B7D71A1A7} => C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe [407248 2021-01-05] (Mozilla Corporation -> Mozilla Corporation)
Task: {57B7B3A5-3EE4-4A36-9D44-55A178863607} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {6572046D-7C15-49B9-9023-7FE67C2EC48A} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {8AB4A04B-04E3-4720-9D27-5977A245BB0A} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1773192 2020-09-17] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {9F319575-6A40-46DC-99C3-715BA7F37CCB} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [693216 2021-01-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {A00DD7D3-D4D4-4835-9071-FC40B439ED0D} - System32\Tasks\{25A0616E-6AFD-4655-8902-D17F2E0763DC} => C:\Windows\system32\pcalua.exe -a "C:\Users\Owner\Desktop\Backup\Users\Owner\Documents\Games\My Documents\frostwire-4.18.1.windows.exe"
Task: {BE669FC4-2E88-4F73-B670-0B1B11F76A3F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
Task: {D5326979-D4EE-422B-80DF-8989AF84DC08} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1090800 2020-08-14] (McAfee, LLC -> McAfee, LLC)
Task: {DA331BD8-52A3-4245-A098-0E5DE31D8834} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [764640 2020-06-09] (McAfee, LLC -> McAfee, LLC)
Task: {E2ECD4C7-820A-40F7-9DF1-84660267BAD9} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.5.126\DADUpdater.exe [4000984 2020-11-04] (McAfee, LLC -> McAfee, LLC)
Task: {E7FCE166-5458-4C4F-855D-434660F78491} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26896568 2020-12-08] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {ED04F281-DC15-4EF7-9598-51D46163DEC0} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [220816 2019-09-30] (Tweaking LLC -> Tweaking.com)
Task: {F7EB52B0-1D8F-4ACB-94AF-95919173892F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-09-16] (Google Inc -> Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9177BD24-158B-4F5A-850A-E78230A70809}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{F6C593FC-DE1F-428A-8525-EA6E831D2CED}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF DefaultProfile: 06wnhiu5.default-1504139140416
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416 [2021-01-07]
FF Homepage: Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416 -> hxxps://www.dogpile.com/
FF Extension: (AdBlocker Ultimate) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\Extensions\adblockultimate@adblockultimate.net.xpi [2020-12-07]
FF Extension: (NoScript) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2020-12-23]
FF Extension: (Adblock Plus - free ad blocker) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2020-12-15]
FF Extension: (Greasemonkey) - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2020-10-04]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: (FiddlerHook) - C:\Program Files (x86)\Fiddler2\FiddlerHook [2015-04-03] [Legacy] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2020-10-20] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-08-21] (McAfee, LLC -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_465.dll [2020-12-08] (Adobe Inc. -> )
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-08-21] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-12-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2192775400-2880640462-1298197252-1000: tdameritrade.com/thinkorswim -> C:\Program Files\thinkorswim\npthinkorswim.dll [2021-01-07] (TD Ameritrade -> TD Ameritrade)
FF Plugin HKU\S-1-5-21-2192775400-2880640462-1298197252-1000: tdameritrade.com/tossc -> C:\Program Files\thinkorswim\nptossc.dll [2021-01-07] (TD Ameritrade -> TD Ameritrade)

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default [2021-01-07]
CHR HomePage: Default -> hxxp://www.google.com
CHR Extension: (Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-24]
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-24]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-24]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-09-16]
CHR Extension: (Adobe Acrobat) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-12-16]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-12-30]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-21]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-07]
CHR Extension: (Chrome Media Router) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-30]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [ggkfikfcbnpfoicfjammigpnakpogebh] - <no Path/update_url>

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-04-27] (SUPERAntiSpyware.com -> SUPERAntiSpyware.com)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe Inc. -> Adobe)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc. -> McAfee, Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-29] (Malwarebytes Inc -> Malwarebytes)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [958216 2020-12-17] (McAfee, LLC -> McAfee, LLC)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_6\McApExe.exe [768256 2020-09-11] (McAfee, LLC -> McAfee, LLC)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.8.106.0\\McCSPServiceHost.exe [2726312 2020-08-13] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1745400 2020-08-14] (McAfee, LLC -> McAfee, LLC)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4221040 2020-07-29] (McAfee, LLC -> McAfee, LLC)
R2 Surfshark Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-06-15] (Surfshark Ltd. -> Surfshark)
R2 Surfshark Shadowsocks Service; C:\Program Files (x86)\Surfshark\Resources\x64\nssm.exe [436688 2020-06-15] (Surfshark Ltd. -> Surfshark)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Windows -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppService.exe [493792 2017-12-19] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 WsDrvInst; C:\Program Files\Wondershare\Wondershare UniConverter\Transfer\DriverInstall.exe [112560 2020-12-23] (Wondershare Technology Co.,Ltd -> Wondershare)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [73728 2011-11-29] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc. -> SlySoft, Inc.)
S3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-28] (SlySoft, Inc. -> SlySoft, Inc.)
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2796544 2011-11-22] (Microsoft Windows Hardware Compatibility Publisher -> Atheros Communications, Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2014-01-08] (AVG Technologies -> AVG Technologies)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [75704 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-12-29] (Malwarebytes Corporation -> Malwarebytes)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [218960 2020-05-25] (McAfee, LLC -> McAfee, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2021-01-06] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [197792 2021-01-07] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-01-07] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2021-01-06] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [127088 2021-01-07] (Malwarebytes Inc -> Malwarebytes)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [529848 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [382392 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [521656 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [1006008 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [595896 2020-06-07] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [107960 2020-06-07] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [116664 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252344 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Microsoft Windows Hardware Compatibility Publisher -> Primax Ltd)
S3 nusb3hub; C:\Windows\system32\drivers\nusb3hub.sys [80384 2010-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 nusb3xhc; C:\Windows\system32\drivers\nusb3xhc.sys [180736 2010-09-30] (Microsoft Windows Hardware Compatibility Publisher -> Renesas Electronics Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security S.L. -> Panda Security, S.L.)
R1 SASDIFSV; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Users\Owner\Documents\Anti Spyware\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (Support.com, Inc. -> SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SurfsharkSplitTunnelDriver; C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys [39648 2020-06-15] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 tapsurfshark; C:\Windows\System32\DRIVERS\tapsurfshark.sys [36544 2020-06-15] (Surfshark Ltd. -> The OpenVPN Project)
R3 wintunshark; C:\Windows\System32\DRIVERS\wintunshark.sys [28936 2020-09-17] (Surfshark Ltd. -> Surfshark Ltd)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare Software Co., Ltd.  -> Wondershare)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-07 12:55 - 2021-01-07 12:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-01-07 12:53 - 2021-01-07 12:53 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-01-07 12:52 - 2021-01-07 12:53 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\IGDump
2021-01-07 12:52 - 2021-01-07 12:52 - 000197792 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-01-07 12:52 - 2021-01-07 12:52 - 000127088 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-01-07 11:55 - 2021-01-07 11:55 - 000002058 _____ C:\Users\Owner\Desktop\fixlist-2.txt
2021-01-06 23:05 - 2021-01-06 23:05 - 000001405 _____ C:\Users\Public\Desktop\SeaTools for Windows.lnk
2021-01-06 23:05 - 2021-01-06 23:05 - 000001405 _____ C:\ProgramData\Desktop\SeaTools for Windows.lnk
2021-01-06 23:04 - 2021-01-06 23:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2021-01-06 23:04 - 2021-01-06 23:04 - 000000000 ____D C:\Program Files (x86)\Seagate
2021-01-06 23:03 - 2021-01-06 23:03 - 026028480 _____ (Seagate Technology LLC) C:\Users\Owner\Desktop\SeaToolsforWindowsSetup.exe
2021-01-06 22:36 - 2021-01-06 22:37 - 000000000 ____D C:\Users\Owner\Documents\Blue Screen View
2021-01-06 22:25 - 2021-01-06 22:25 - 000141864 _____ C:\Users\Owner\Desktop\bluescreenview_setup.exe
2021-01-06 22:09 - 2021-01-06 22:21 - 000000652 _____ C:\Users\Owner\Desktop\Search.txt
2021-01-06 22:08 - 2021-01-06 22:08 - 000000000 ____D C:\Users\Owner\Desktop\FRST-OlderVersion
2021-01-06 22:05 - 2021-01-06 22:05 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-01-06 22:02 - 2021-01-06 22:02 - 000220160 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-01-06 20:21 - 2021-01-06 20:21 - 000000207 _____ C:\Windows\tweaking.com-regbackup-OWNER-PC-Windows-7-Home-Premium-(64-bit).dat
2021-01-06 20:21 - 2021-01-06 20:21 - 000000000 ____D C:\RegBackup
2021-01-06 20:20 - 2021-01-06 20:20 - 000002163 _____ C:\Users\Owner\Desktop\Tweaking.com - Windows Repair.lnk
2021-01-06 20:19 - 2021-01-06 20:20 - 000361564 _____ C:\Windows\Tweaking.com - Windows Repair Setup Log.txt
2021-01-06 20:19 - 2021-01-06 20:19 - 000003654 _____ C:\Windows\system32\Tasks\Tweaking.com - Windows Repair Tray Icon
2021-01-06 20:19 - 2021-01-06 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2021-01-06 20:19 - 2021-01-06 20:19 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2021-01-06 20:03 - 2021-01-06 20:04 - 040931680 _____ (Tweaking.com) C:\Users\Owner\Desktop\tweaking.com_windows_repair_aio_setup.exe
2021-01-06 16:36 - 2021-01-06 23:05 - 000000000 ____D C:\ProgramData\Package Cache
2021-01-06 16:30 - 2021-01-06 16:30 - 000000000 ____D C:\Users\Owner\AppData\Roaming\iolo
2021-01-06 12:04 - 2021-01-06 12:04 - 000011456 _____ C:\Users\Owner\Desktop\VEW.txt
2021-01-06 12:02 - 2021-01-06 12:34 - 000014874 _____ C:\VEW.txt
2021-01-06 12:00 - 2021-01-06 12:00 - 000061440 _____ ( ) C:\Users\Owner\Desktop\VEW.exe
2021-01-06 11:59 - 2021-01-06 11:59 - 001246680 _____ (BraveSoftware Inc.) C:\Users\Owner\Desktop\BraveBrowserSetup.exe
2021-01-05 16:14 - 2021-01-05 16:14 - 000002982 _____ C:\Windows\system32\Tasks\{D2BC83A8-B3D8-4D1C-90D9-A43B7D71A1A7}
2021-01-05 16:12 - 2021-01-05 16:13 - 000055930 _____ C:\Users\Owner\Documents\cc_20210105_161253.reg
2021-01-05 13:36 - 2021-01-05 13:36 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\7722D388.sys
2021-01-05 00:04 - 2021-01-05 14:58 - 000000000 ____D C:\Users\Owner\Desktop\mbar
2021-01-05 00:04 - 2021-01-05 14:58 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2021-01-05 00:04 - 2021-01-05 00:04 - 000255928 _____ (Malwarebytes) C:\Windows\system32\Drivers\42663616.sys
2021-01-05 00:03 - 2021-01-05 00:03 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Owner\Desktop\mbar-1.10.3.1001.exe
2021-01-04 16:52 - 2021-01-04 16:52 - 000008276 _____ C:\Users\Owner\Desktop\TCPView.txt
2021-01-04 15:39 - 2021-01-04 15:40 - 000300832 _____ (Sysinternals - www.sysinternals.com) C:\Users\Owner\Desktop\Tcpview.exe
2021-01-04 11:57 - 2021-01-07 12:32 - 000058162 _____ C:\Users\Owner\Desktop\Fixlog.txt
2021-01-04 11:55 - 2021-01-04 11:55 - 000007992 ____R C:\Users\Owner\Desktop\fixlist.txt
2021-01-04 09:12 - 2021-01-04 09:14 - 000054197 _____ C:\Users\Owner\Desktop\Addition.txt
2021-01-04 09:10 - 2021-01-07 13:12 - 000027225 _____ C:\Users\Owner\Desktop\FRST.txt
2021-01-04 09:10 - 2021-01-07 13:12 - 000000000 ____D C:\FRST
2021-01-04 09:09 - 2021-01-06 22:08 - 002282496 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2020-12-30 05:36 - 2020-12-30 05:36 - 000000977 _____ C:\Users\Owner\Desktop\Eusing Cleaner.lnk
2020-12-30 05:36 - 2020-12-30 05:36 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eusing Cleaner
2020-12-30 05:36 - 2020-12-30 05:36 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Eusing
2020-12-30 05:36 - 2020-12-30 05:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eusing Cleaner
2020-12-30 05:36 - 2020-12-30 05:36 - 000000000 ____D C:\Program Files (x86)\Eusing Cleaner
2020-12-29 13:36 - 2021-01-06 22:02 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-12-29 13:36 - 2020-12-29 13:36 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-12-29 13:36 - 2020-12-29 13:36 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-12-29 13:36 - 2020-12-29 13:36 - 000001948 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2020-12-29 13:36 - 2020-12-29 13:36 - 000000000 ____D C:\Users\Owner\AppData\Local\mbam
2020-12-29 13:36 - 2020-12-29 13:35 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-12-28 08:08 - 2020-12-28 08:08 - 000001081 _____ C:\Users\Public\Desktop\Wondershare UniConverter.lnk
2020-12-28 08:08 - 2020-12-28 08:08 - 000001081 _____ C:\ProgramData\Desktop\Wondershare UniConverter.lnk
2020-12-24 13:11 - 2021-01-05 09:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2020-12-22 13:17 - 2021-01-07 11:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-12-20 05:43 - 2020-12-20 05:43 - 000401024 _____ C:\Users\Owner\Desktop\WeeklyPaycheckStrategyGuide2019.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-01-07 13:11 - 2016-11-17 17:55 - 000000000 ____D C:\Users\Owner\AppData\LocalLow\Mozilla
2021-01-07 13:10 - 2014-01-01 17:04 - 000000000 ____D C:\ProgramData\Mozilla
2021-01-07 13:09 - 2020-06-28 15:53 - 000000000 ____D C:\Users\Owner\.thinkorswim
2021-01-07 13:09 - 2020-06-28 15:53 - 000000000 ____D C:\Program Files\thinkorswim
2021-01-07 13:00 - 2009-07-13 22:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2021-01-07 13:00 - 2009-07-13 22:45 - 000028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2021-01-07 12:55 - 2020-10-17 11:43 - 000000000 ____D C:\Program Files\CCleaner
2021-01-07 12:55 - 2009-07-13 23:13 - 000778180 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-07 12:55 - 2009-07-13 21:20 - 000000000 ____D C:\Windows\inf
2021-01-07 12:52 - 2015-08-22 09:35 - 000000000 __SHD C:\Users\Owner\IntelGraphicsProfiles
2021-01-07 12:51 - 2009-07-13 23:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-07 11:57 - 2018-12-18 15:08 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Genie9
2021-01-07 11:57 - 2018-02-04 14:49 - 000000000 ____D C:\Windows\system32\Tasks\McAfee
2021-01-07 11:56 - 2014-02-12 14:15 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2021-01-07 11:56 - 2014-01-01 17:04 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-01-07 11:42 - 2014-02-12 15:10 - 000009196 _____ C:\Windows\wininit.ini
2021-01-07 11:42 - 2014-02-12 14:15 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2021-01-07 00:10 - 2014-02-22 07:31 - 000000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2021-01-06 21:59 - 2020-08-22 07:36 - 000121888 _____ C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2021-01-06 21:59 - 2010-11-21 01:16 - 000000000 ___RD C:\Users\Public\Recorded TV
2021-01-06 21:58 - 2020-08-30 18:13 - 000435440 _____ C:\Windows\system32\FNTCACHE.DAT
2021-01-06 21:06 - 2009-07-13 20:34 - 000000514 _____ C:\Windows\win.ini
2021-01-06 20:59 - 2014-01-07 10:05 - 000781790 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2021-01-05 21:15 - 2014-01-02 08:53 - 000001586 _____ C:\Users\Owner\Desktop\Thunderbird.lnk
2021-01-05 16:08 - 2014-01-03 15:25 - 000000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2021-01-05 16:07 - 2013-12-30 18:48 - 000000000 ____D C:\Windows\Minidump
2021-01-05 16:05 - 2019-06-28 08:59 - 000000000 ____D C:\Temp
2021-01-05 12:57 - 2015-01-03 12:41 - 000000000 ____D C:\Users\Owner\AppData\Local\Avg
2021-01-05 12:57 - 2015-01-03 12:41 - 000000000 ____D C:\ProgramData\AVG
2021-01-05 11:03 - 2013-12-30 20:16 - 000000000 ____D C:\Users\Owner
2021-01-05 10:58 - 2015-03-22 05:11 - 000000000 ____D C:\Program Files (x86)\Registry Mechanic
2021-01-05 10:50 - 2014-01-01 18:53 - 000000000 ____D C:\ProgramData\TEMP
2021-01-05 10:50 - 2014-01-01 18:48 - 000000000 ____D C:\Users\Owner\Documents\Anti Spyware
2021-01-05 00:19 - 2015-11-03 13:31 - 000000000 ____D C:\Users\Owner\AppData\Roaming\Juniper Networks
2021-01-05 00:18 - 2015-11-03 13:28 - 000000000 ____D C:\ProgramData\Citrix
2021-01-05 00:18 - 2015-11-03 13:27 - 000000000 ____D C:\Program Files (x86)\Citrix
2021-01-05 00:17 - 2015-11-03 13:27 - 000000000 ____D C:\Users\Owner\AppData\Local\Citrix
2021-01-04 12:44 - 2020-09-05 16:00 - 000000000 ____D C:\ProgramData\Surfshark
2021-01-03 20:24 - 2019-03-27 12:18 - 000000000 ____D C:\Users\Owner\AppData\Local\BitTorrentHelper
2020-12-29 13:36 - 2014-02-09 06:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-12-29 13:34 - 2017-10-23 17:37 - 000000000 ____D C:\Program Files\Malwarebytes
2020-12-28 22:56 - 2020-10-17 11:43 - 000003870 _____ C:\Windows\system32\Tasks\CCleaner Update
2020-12-28 22:51 - 2014-02-15 18:33 - 000000000 ____D C:\AdwCleaner
2020-12-28 08:08 - 2014-02-03 23:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2020-12-23 15:43 - 2016-08-04 11:21 - 000000000 ____D C:\Users\Owner\Documents\Chessmaster 9000
2020-12-11 20:43 - 2015-11-15 19:59 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-12-08 19:15 - 2018-03-13 14:07 - 000004462 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier
2020-12-08 19:15 - 2014-01-05 15:11 - 000004312 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-12-08 19:15 - 2014-01-02 09:39 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-12-08 19:15 - 2014-01-02 09:39 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-12-08 19:15 - 2014-01-02 09:39 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-12-08 19:15 - 2014-01-02 09:39 - 000000000 ____D C:\Windows\system32\Macromed

==================== Files in the root of some directories ========

2014-01-08 17:00 - 2014-02-05 22:46 - 000003744 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-01-05 15:01 - 2014-12-18 21:29 - 000000203 _____ () C:\Users\Owner\AppData\Roaming\default.rss
2015-11-15 17:20 - 2015-11-15 19:04 - 000000115 _____ () C:\Users\Owner\AppData\Roaming\LogFile.txt

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2021-01-03 18:52
==================== End of FRST.txt ========================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-01-2021
Ran by Owner (07-01-2021 13:12:45)
Running from C:\Users\Owner\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-12-31 02:16:24)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2192775400-2880640462-1298197252-500 - Administrator - Disabled)
Guest (S-1-5-21-2192775400-2880640462-1298197252-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2192775400-2880640462-1298197252-1002 - Limited - Enabled)
Owner (S-1-5-21-2192775400-2880640462-1298197252-1000 - Administrator - Enabled) => C:\Users\Owner

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: McAfee VirusScan (Enabled - Up to date) {2624E002-54CC-27F9-FD39-B2DD14D41191}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\uTorrent) (Version: 3.5.5.45852 - BitTorrent Inc.)
3D Home Architect Design Suite Deluxe 8 (HKLM-x32\...\{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}) (Version: 8.0 - Encore) Hidden
3D Home Architect Design Suite Deluxe 8 (HKLM-x32\...\InstallShield_{83EC8AE9-53A6-474D-95AF-8F5116CC9C4E}) (Version: 8.0 - Encore)
3D Home Architect Home Design Deluxe 6 (HKLM-x32\...\{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}) (Version: 6.00.0000 - Broderbund) Hidden
3D Home Architect Home Design Deluxe 6 (HKLM-x32\...\InstallShield_{D781A6EC-12AC-4993-BF13-B4CF12F1F20C}) (Version: 6.00.0000 - Broderbund)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.013.20074 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.465 - Adobe)
Advertising Center (HKLM-x32\...\{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}) (Version: 0.0.0.1 - Nero AG) Hidden
Any Video Converter 5.5.5 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG Driver Updater (HKLM-x32\...\{95294F1F-3F2F-48E6-A33B-B89632F8F1B7}) (Version: 2.2.2 - AVG Netherlands B.V) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.75 - Piriform)
Chessmaster 9000 (HKLM-x32\...\Chessmaster 9000) (Version:  - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant SmartAudio HD (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.50.8.0 - Conexant)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
Dell System Detect (HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\9204f5692a8faf3b) (Version: 5.6.0.4 - Dell)
Dell Wireless Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 9.0 - Dell)
DolbyFiles (HKLM-x32\...\{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}) (Version: 0.1 - Nero AG) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Eusing Cleaner (HKLM-x32\...\Eusing Cleaner) (Version:  - Eusing Freeware)
Fiddler (HKLM-x32\...\Fiddler2) (Version: 2.5.0.0 - Telerik)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version:  - )
FLAC to MP3 Converter 6.1.9.0 (HKLM-x32\...\DD4F47DF-6540-4BDA-BEAD-2B19250B0C48_is1) (Version:  - Accmeware Corporation)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.64.5211 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 87.0.4280.88 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
honestech VHS to DVD 3.0 SE (HKLM-x32\...\{0C69661F-BAE9-466A-8878-CA78026412DF}) (Version: 3.0 - Honest Technology) Hidden
honestech VHS to DVD 3.0 SE (HKLM-x32\...\{2856F5EA-E98A-40E4-BAD6-8C644A4A3F3C}) (Version: 3.0 - honestech)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{B6465A32-8BE9-4B38-ADC5-4B4BDDC10B0D}) (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
ImagXpress (HKLM-x32\...\{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}) (Version: 7.0.74.0 - Nero AG) Hidden
iMyFone Fixppo 7.7.0.4 (HKLM-x32\...\{FD27E638-0609-44D4-B4E0-8F238FACC75C}_is1) (Version: 7.7.0.4 - Shenzhen iMyFone Technology Co., Ltd.)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\Juniper_Setup_Client) (Version: 7.4.13.52059 - Juniper Networks, Inc.)
K-Lite Codec Pack 7.0.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.0.0 - )
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
McAfee Multi Access (HKLM-x32\...\MSC) (Version: 16.0 R28 - McAfee, LLC)
Menu Templates - Starter Kit (HKLM-x32\...\{B78120A0-CF84-4366-A393-4D0A59BC546C}) (Version: 9.4.2.0 - Nero AG) Hidden
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508 (HKLM-x32\...\{6913e92a-b64e-41c9-a5e6-cef39207fe89}) (Version: 14.25.28508.3 - Microsoft Corporation)
Movie Templates - Starter Kit (HKLM-x32\...\{E498385E-1C51-459A-B45F-1721E37AA1A0}) (Version: 9.4.2.0 - Nero AG) Hidden
Mozilla Firefox 84.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 84.0.2 (x64 en-US)) (Version: 84.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
Mozilla Thunderbird 85.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 85.0 (x86 en-US)) (Version: 85.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 9 Essentials (HKLM-x32\...\{2af62f37-8157-4b8e-b84b-a4eab6c1d27b}) (Version:  - Nero AG)
OGG to MP3 Converter (HKLM-x32\...\{4809DDAE-110C-4CF8-B383-706BB5B3D5B6}_is1) (Version:  - www.oggtomp3converter.com)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.10 - Panda Security)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Registry Mechanic 8.0 (HKLM-x32\...\Registry Mechanic_is1) (Version: 8.0 - PC Tools)
SeaTools for Windows 1.4.0.7 (HKLM-x32\...\SeaTools for Windows) (Version: 1.4.0.7 - Seagate Technology)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Surfshark (HKLM-x32\...\{5795EF4B-5D61-4FEC-9CAB-39A0849C7238}) (Version: 2.7.7999 - Surfshark) Hidden
Surfshark (HKLM-x32\...\Surfshark 2.7.7999) (Version: 2.7.7999 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{FDCDF826-A508-41B3-93B0-C3EC5F3251E7}) (Version: 1.0 - Surfshark)
Surfshark TUN Driver Windows (HKLM\...\{0446BBB9-5BF7-4EE8-813C-2A630808D5A1}) (Version: 1.0 - Surfshark)
System Ninja version 2.4.4 (HKLM-x32\...\{6E67710E-206D-43AB-BF21-E7CD63056C55}_is1) (Version: 2.4.4 - SingularLabs)
thinkorswim (HKLM\...\9968-4488-2169-7623) (Version: desktop - thinkorswim, Inc)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.10.3 - Tweaking.com)
ubi.com (HKLM-x32\...\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UPS Thermal Printing (HKLM-x32\...\{5468B610-354E-4ED3-B274-535F8F0AE2C0}) (Version: 2.0.0.0 - United Parcel Service)
Video Poker for Winners (HKLM-x32\...\{5B73AF17-C52E-452D-B37F-C7B69E567DB8}) (Version: 1.11.0000 - Action Gaming, Inc)
Video Poker for Winners (HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\Video Poker for Winners) (Version:  - )
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
WebAdvisor by McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.177 - McAfee, LLC)
Windows Driver Package - Surfshark Ltd (wintunshark) Net  (08/10/2020 0.8.0.0) (HKLM\...\C3138B3DBCE6F9FCB8C067FECE833A62860FFB4C) (Version: 08/10/2020 0.8.0.0 - Surfshark Ltd)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Wise Disk Cleaner 10.31 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 10.31 - WiseCleaner.com, Inc.)
Wondershare Helper Compact 2.5.3 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.3 - Wondershare)
Wondershare UniConverter(Build 12.5.1.8) (HKLM\...\UniConverter_is1) (Version: 12.5.1.8 - Wondershare Software)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2217832 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Excluded] -> {B77E8651-93B1-40CD-8ECF-6F33DAC805A0} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Folder] -> {CEAF16CE-C11C-4081-BE29-DDE7F45A59DB} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-NotBackedUp] -> {88A8B1EE-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ShellIconOverlayIdentifiers-x32: [0GenieTimeLine-Pending ] -> {88A8B1EF-EFEA-4A15-8D88-FA0055DCB824} => C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl [2016-12-18] () [File not signed]
ContextMenuHandlers1-x32: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files (x86)\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll [2009-06-05] (Nero AG -> Nero AG)
ContextMenuHandlers1: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers1-x32: [FileOpreation] -> {64686A76-F095-4872-A41C-1B682E751D88} => C:\Windows\SysWow64\WS_ContextMenu.dll [2010-10-28] () [File not signed]
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [WondershareVideoConverterFileOpreation] -> {FEB746CA-95C2-485F-B386-C30D4E56D22E} => C:\Windows\SysWOW64\WSCM64.dll [2015-02-27] () [File not signed]
ContextMenuHandlers3: [Genie-Soft Timeline Backup Context Menu Extension] -> {D821600B-0B5D-4D7E-B1CC-034C652E8288} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [MSSE] -> {0365FE2C-F183-4091-AC82-BFC39FB75C49} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2015-08-27] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [DefragglerShellExtension] -> {4380C993-0C43-4E02-9A7A-0D40B6EA7590} => C:\Program Files\Defraggler\DefragglerShell64.dll [2015-03-11] (Piriform Ltd -> Piriform Ltd)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-12-29] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2013-12-01] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Owner\Desktop\Backup\Users\Owner\Desktop\Geek Squad Backup\Users\Derrell\Flash Drive Back Up 2-12-2013\Removable Disk\Junk\Remote Workstation.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://ctxmf.valero.com

==================== Loaded Modules (Whitelisted) =============

2014-01-01 16:31 - 2011-11-29 20:00 - 000059392 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-08-07 12:48 - 2016-07-21 09:54 - 000137728 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-08-07 12:48 - 2017-03-23 08:49 - 001506304 _____ () [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2020-10-12 11:54 - 2020-10-12 11:54 - 000324096 _____ () [File not signed] C:\Program Files (x86)\Surfshark\Resources\x64\Surfshark.Firewall.dll
2020-11-20 01:06 - 2020-11-20 01:06 - 004035072 _____ () [File not signed] C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkWg.dll
2018-12-18 15:09 - 2016-12-13 04:19 - 000089600 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSEncryption.gtl
2018-12-18 15:09 - 2016-12-13 04:18 - 000045568 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSLogging.gtl
2018-12-18 15:09 - 2016-12-18 06:38 - 000163328 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSTimelineIconOverlay.gtl
2018-12-18 15:09 - 2016-12-18 06:38 - 000211968 _____ () [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\Settings.gtl
2018-02-07 19:54 - 2018-02-07 19:54 - 000172032 _____ () [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\6673ce6dac4d89de35948e2f0390d97b\IsdiInterop.ni.dll
2018-12-18 15:09 - 2015-05-26 03:42 - 000491520 _____ (Artpol Software) [File not signed] C:\Program Files\NETGEAR\ReadySHARE Vault\GSZipEng.gtl
2014-01-01 16:23 - 2011-11-29 09:51 - 000439808 _____ (Atheros) [File not signed] C:\Windows\system32\athihvs.dll
2014-01-01 16:14 - 2012-01-09 17:40 - 000364544 _____ (Conexant Systems, Inc.) [File not signed] [File is in use] C:\Program Files\Conexant\SA3\Languages\en-US\SmartAudio.resources.dll
2018-01-18 12:12 - 2018-01-18 12:12 - 000014336 _____ (Intel Corp.) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\439f4df27ed07e50e3dac6eacce3a0f8\IAStorCommon.ni.dll
2014-01-01 16:31 - 2011-11-29 20:00 - 000175616 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUIHelper.dll
2014-01-01 16:31 - 2011-11-29 20:00 - 001319424 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll
2014-01-01 16:31 - 2011-11-29 19:41 - 000278016 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\ISDI.dll
2014-01-01 16:20 - 2012-02-17 01:31 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2018-02-07 19:54 - 2018-02-07 19:54 - 000225280 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\a90db6c138e5a8e0c550be7c61e5d6b6\IAStorDataMgr.ni.dll
2018-03-14 20:42 - 2018-03-14 20:42 - 000487424 _____ (Intel Corporation) [File not signed] C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\4acddac9fd2b5660cc05ad1e6f67e796\IAStorUtil.ni.dll
2014-05-21 22:16 - 2014-05-21 22:16 - 000225280 _____ (Microsoft Corporation) [File not signed] [File is in use] C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
2018-01-18 17:07 - 2017-09-27 17:30 - 000489984 _____ (Newtonsoft) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\Newtonsoft.Json.dll
2018-01-18 17:07 - 2017-12-19 15:51 - 000088064 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppCollect.dll
2018-01-18 17:07 - 2017-12-19 15:51 - 000200192 _____ (Wondershare) [File not signed] [File is in use] C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppCommon.dll
2014-02-03 19:42 - 2017-03-23 08:52 - 000708608 _____ (Wondershare) [File not signed] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:D1B5B4F1 [163]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 11) (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000 -> {5C25E8A3-2225-4A57-9311-5CA0A679F82A} URL =
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-12-17] (McAfee, LLC -> McAfee, LLC)
BHO-x32: AcroIEHlprObj Class -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16] (Adobe Systems, Incorporated -> )
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-12-17] (McAfee, LLC -> McAfee, LLC)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\...\localhost -> localhost

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2021-01-06 21:06 - 000000855 _____ C:\Windows\system32\drivers\etc\hosts
127.0.0.1       localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\1.5\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\1.5\bin\x64;C:\Program Files (x86)\QuickTime\QTSystem\
HKU\S-1-5-21-2192775400-2880640462-1298197252-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F0B42C8B-18E4-4453-B7F4-AF07039DDA72}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{6D287328-FB9C-489C-BE20-DCB66556B486}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{CC0C7C3A-E243-4D6A-9FB8-60A9361AC21C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{380C03FA-DA4F-49B9-BCBB-4CA3F25E2311}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{6AD5B1E4-7525-4294-9428-6FEAF9223E98}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{4B43463E-6840-45A1-A76A-B877DB41F515}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{CD115A5D-3C73-473D-ADFD-68B7A1CA8CA4}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{D628E81A-408A-4A04-B129-BC5CD964B452}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{B72B88C9-C96C-404E-B39C-86B53DB1AA44}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{7AACFB67-81C2-42ED-A05A-1F7CC96BFDEB}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{3060B2D1-9B37-40A4-966F-442F0D7BD6F5}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8F1A5A4E-558D-428D-89DA-05C6FE5B7E12}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1E962DE6-1EB5-4D53-B5BD-E44A50F795D1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{63CDA6EB-C3DF-461A-94E4-5E5933482F67}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{F9EED568-720A-4DF8-8A15-8C6710DF39D7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{BCE88674-3735-4121-A1B1-8F47C9D8317C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AAEC3056-0F88-4A1F-AA0F-0E744E16E0B1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E419970E-0773-42BC-BB42-6CC2DFEA84B3}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{284094B8-4491-44B4-85F0-15C20CB9D78A}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{16223476-6DCE-4512-B5E7-99C11567A815}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{66078EE9-0D2B-4F6C-BC98-8CE5103A86DD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

03-01-2021 18:59:29 Scheduled Checkpoint
06-01-2021 16:41:44 Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.25.28508
06-01-2021 23:05:02 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================

System errors:
=============
Error: (01/07/2021 12:52:28 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

Error: (01/07/2021 12:51:53 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ModuleCoreService service.


==================== Memory info ===========================

BIOS: Dell Inc. A05 07/26/2012
Motherboard: Dell Inc. 0XR1GT
Processor: Intel® Core™ i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 49%
Total physical RAM: 8066.04 MB
Available physical RAM: 4062.66 MB
Total Virtual: 16130.23 MB
Available Virtual: 11942.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1862.92 GB) (Free:874.39 GB) NTFS

\\?\Volume{24670f43-71b5-11e3-bcac-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: 236FA298)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================


  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,580 posts
  • MVP

Could I see the Fixlog?

 

Does Thunderbird still crash?


  • 0

#25
smittyd

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Fixlog:

 

CMD: sc config WMPNetworkSvc start= disabled
CMD: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows" /v LoadAppInit_DLLs /t Reg_DWORD /d 00000000 /f
CMD: RENAME C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
CMD: COPY C:\Windows.old\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Program Files (x86)\Mozilla Thunderbird\oldthunderbird.exe
File: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
File: C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
CMD: SC stop BITS
CMD: SC stop wuauserv
CMD: esentutl /p C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
CMD: esentutl /p C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
CMD: SC start BITS
CMD: SC start wuauserv
File: C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
File: C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:

 

BTW, I forgot to tell you that I went to properties for the Thunderbird Icon and hit previous versions.  Only one was listed and it was from 2014. 

 

Yes, Thunderbird loads in Task Manager for a few seconds then clears. 


 


  • 0

Advertisements


#26
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,580 posts
  • MVP

That's the fixlist.  I need the fixlog.

 

Also since you have tried Thunderbird since you ran the fixlist, run VEW again and post both logs.


  • 0

#27
smittyd

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

[System Process]    0    TCP    owner-pc    52100    104.28.28.94    http    TIME_WAIT                                        
[System Process]    0    TCP    owner-pc    52124    104.28.28.94    http    TIME_WAIT                                        
[System Process]    0    TCP    owner-pc    52125    104.28.28.94    http    TIME_WAIT                                        
[System Process]    0    TCP    owner-pc    52139    192.168.1.2    9080    TIME_WAIT                                        
[System Process]    0    TCP    Owner-PC    wsd    localhost    52141    TIME_WAIT                                        
firefox.exe    1072    TCP    Owner-PC    52045    localhost    52046    ESTABLISHED            21    21                        
firefox.exe    1072    TCP    Owner-PC    52046    localhost    52045    ESTABLISHED    21    21                                
firefox.exe    9896    TCP    Owner-PC    52048    localhost    52049    ESTABLISHED                                        
firefox.exe    9896    TCP    Owner-PC    52049    localhost    52048    ESTABLISHED                                        
firefox.exe    1072    TCP    owner-pc    52052    104.16.249.249    https    ESTABLISHED    1    39    1    39                        
firefox.exe    1072    TCP    owner-pc    52057    ec2-52-41-255-64.us-west-2.compute.amazonaws.com    https    ESTABLISHED                                        
firefox.exe    1276    TCP    Owner-PC    52059    localhost    52060    ESTABLISHED                                        
firefox.exe    1276    TCP    Owner-PC    52060    localhost    52059    ESTABLISHED                                        
firefox.exe    10040    TCP    Owner-PC    52062    localhost    52063    ESTABLISHED                                        
firefox.exe    10040    TCP    Owner-PC    52063    localhost    52062    ESTABLISHED                                        
Jhi_service.exe    2036    TCP    Owner-PC    49155    Owner-PC    0    LISTENING                                        
LMS.exe    4172    TCP    Owner-PC    623    Owner-PC    0    LISTENING                                        
LMS.exe    4172    TCP    Owner-PC    16992    Owner-PC    0    LISTENING                                        
LMS.exe    4172    TCPV6    owner-pc    623    owner-pc    0    LISTENING                                        
LMS.exe    4172    TCPV6    owner-pc    16992    owner-pc    0    LISTENING                                        
LMS.exe    4172    TCPV6    [0:0:0:0:0:0:0:1]    49225    [0:0:0:0:0:0:0:1]    49227    ESTABLISHED                                        
LMS.exe    4172    TCPV6    [0:0:0:0:0:0:0:1]    49227    [0:0:0:0:0:0:0:1]    49225    ESTABLISHED                                        
lsass.exe    800    TCP    Owner-PC    49157    Owner-PC    0    LISTENING                                        
lsass.exe    800    TCPV6    owner-pc    49157    owner-pc    0    LISTENING                                        
MBAMService.exe    2500    TCP    Owner-PC    43227    Owner-PC    0    LISTENING                                        
MBAMService.exe    2500    TCP    owner-pc    50800    server-13-226-201-34.dfw55.r.cloudfront.net    https    CLOSE_WAIT                                        
mcshield.exe    5560    TCP    owner-pc    52126    161.69.92.25    https    ESTABLISHED    5    1,979    5    1,754                        
MMSSHOST.exe    1816    TCP    Owner-PC    6646    Owner-PC    0    LISTENING                                        
MMSSHOST.exe    1816    UDP    Owner-PC    6646    *    *                                            
services.exe    732    TCP    Owner-PC    49167    Owner-PC    0    LISTENING                                        
services.exe    732    TCPV6    owner-pc    49167    owner-pc    0    LISTENING                                        
spoolsv.exe    1560    TCP    Owner-PC    49165    Owner-PC    0    LISTENING                                        
spoolsv.exe    1560    TCPV6    owner-pc    49165    owner-pc    0    LISTENING                                        
svchost.exe    992    TCP    Owner-PC    epmap    Owner-PC    0    LISTENING                                        
svchost.exe    576    TCP    Owner-PC    49153    Owner-PC    0    LISTENING                                        
svchost.exe    804    TCP    Owner-PC    49154    Owner-PC    0    LISTENING                                        
svchost.exe    576    UDP    Owner-PC    bootpc    *    *        4    1,200                                
svchost.exe    804    UDP    Owner-PC    isakmp    *    *                                            
svchost.exe    1940    UDP    Owner-PC    ssdp    *    *        39    18,354    102    37,542                        
svchost.exe    1940    UDP    owner-pc    ssdp    *    *                                            
svchost.exe    1940    UDP    Owner-PC    ws-discovery    *    *        2    2,452    4    2,496                        
svchost.exe    1940    UDP    Owner-PC    ws-discovery    *    *                                            
svchost.exe    684    UDP    Owner-PC    ws-discovery    *    *                8    4,992                        
svchost.exe    684    UDP    Owner-PC    ws-discovery    *    *                                            
svchost.exe    804    UDP    Owner-PC    ipsec-msft    *    *                                            
svchost.exe    1212    UDP    Owner-PC    llmnr    *    *                6    252                        
svchost.exe    1940    UDP    Owner-PC    54942    *    *                                            
svchost.exe    1940    UDP    owner-pc    59872    *    *        12    1,476    36    12,729                        
svchost.exe    1940    UDP    Owner-PC    59873    *    *        12    1,476    3    1,176                        
svchost.exe    684    UDP    Owner-PC    64722    *    *        4    2,496    2    2,452                        
svchost.exe    992    TCPV6    owner-pc    epmap    owner-pc    0    LISTENING                                        
svchost.exe    576    TCPV6    owner-pc    49153    owner-pc    0    LISTENING                                        
svchost.exe    804    TCPV6    owner-pc    49154    owner-pc    0    LISTENING                                        
svchost.exe    804    UDPV6    owner-pc    500    *    *                                            
svchost.exe    1940    UDPV6    [0:0:0:0:0:0:0:1]    1900    *    *                                            
svchost.exe    1940    UDPV6    [fe80:0:0:0:2dd6:4d59:d518:c1d6]    1900    *    *                                            
svchost.exe    1940    UDPV6    owner-pc    3702    *    *                                            
svchost.exe    684    UDPV6    owner-pc    3702    *    *                                            
svchost.exe    1940    UDPV6    owner-pc    3702    *    *                                            
svchost.exe    684    UDPV6    owner-pc    3702    *    *                                            
svchost.exe    804    UDPV6    owner-pc    4500    *    *                                            
svchost.exe    1212    UDPV6    owner-pc    5355    *    *                                            
svchost.exe    1940    UDPV6    owner-pc    54943    *    *                                            
svchost.exe    1940    UDPV6    [fe80:0:0:0:2dd6:4d59:d518:c1d6]    59870    *    *                                            
svchost.exe    1940    UDPV6    [0:0:0:0:0:0:0:1]    59871    *    *                6    2,328                        
svchost.exe    684    UDPV6    owner-pc    64723    *    *                                            
svchost.exe    576    UDP    Owner-PC    bootpc    *    *                                            
svchost.exe    684    TCP    Owner-PC    52137    localhost    icslap    ESTABLISHED                                        
System    4    TCP    owner-pc    netbios-ssn    Owner-PC    0    LISTENING                                        
System    4    TCP    Owner-PC    microsoft-ds    Owner-PC    0    LISTENING                                        
System    4    TCP    Owner-PC    icslap    Owner-PC    0    LISTENING                                        
System    4    TCP    Owner-PC    wsd    Owner-PC    0    LISTENING                                        
System    4    TCP    Owner-PC    10243    Owner-PC    0    LISTENING                                        
System    4    UDP    owner-pc    netbios-ns    *    *        27    1,350    6    300                        
System    4    UDP    owner-pc    netbios-dgm    *    *                                            
System    4    TCPV6    owner-pc    microsoft-ds    owner-pc    0    LISTENING                                        
System    4    TCPV6    [fe80:0:0:0:2dd6:4d59:d518:c1d6]    microsoft-ds    [fe80:0:0:0:2dd6:4d59:d518:c1d6]    49172    ESTABLISHED                                        
System    4    TCPV6    owner-pc    icslap    owner-pc    0    LISTENING                                        
System    4    TCPV6    owner-pc    wsd    owner-pc    0    LISTENING                                        
System    4    TCPV6    owner-pc    10243    owner-pc    0    LISTENING                                        
System    4    TCPV6    [fe80:0:0:0:2dd6:4d59:d518:c1d6]    49172    [fe80:0:0:0:2dd6:4d59:d518:c1d6]    microsoft-ds    ESTABLISHED                                        
System    4    TCP    Owner-PC    icslap    localhost    52137    ESTABLISHED    2    6,011    1    233                        
UNS.exe    7480    TCP    Owner-PC    49231    Owner-PC    0    LISTENING                                        
wininit.exe    672    TCP    Owner-PC    49152    Owner-PC    0    LISTENING                                        
wininit.exe    672    TCPV6    owner-pc    49152    owner-pc    0    LISTENING                                        
wmpnetwk.exe    7172    TCP    Owner-PC    rtsp    Owner-PC    0    LISTENING                                        
wmpnetwk.exe    7172    UDP    Owner-PC    5004    *    *                                            
wmpnetwk.exe    7172    UDP    Owner-PC    5005    *    *                                            
wmpnetwk.exe    7172    TCPV6    owner-pc    rtsp    owner-pc    0    LISTENING                                        
wmpnetwk.exe    7172    UDPV6    owner-pc    5004    *    *                                            
wmpnetwk.exe    7172    UDPV6    owner-pc    5005    *    *                                            

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-01-2021
Ran by Owner (07-01-2021 12:03:18) Run:2
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner
Boot Mode: Normal
==============================================

fixlist content:
*****************
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => 127.0.0.1:1080
Task: {1CB800FF-C5CA-4410-AC31-5CDF123022AD} - System32\Tasks\AVGUpdateTaskMachineCore => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {BB6C6411-A7E0-43CF-8622-02D62F2E9833} - System32\Tasks\AVGUpdateTaskMachineUA => C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe [201984 2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\searchplugins\bing-lavasoft-ff59.xml [2018-05-27]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll [2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
FF Plugin-x32: @update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll [2020-10-26] (AVG Technologies USA, LLC -> AVG Technologies)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [No File]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer Networking Ltd. -> Safer-Networking Ltd.)
U2 TMAgent; no ImagePath
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
FirewallRules: [TCP Query User{1C4684DB-B963-4CC2-B043-CCB8F4ED764F}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe => No File
FirewallRules: [UDP Query User{0EC9AC9C-5987-4987-8707-44B649587DC2}C:\program files (x86)\wondershare\vcu\urlreqservice.exe] => (Allow) C:\program files (x86)\wondershare\vcu\urlreqservice.exe => No File
FirewallRules: [TCP Query User{561AD7C6-BCC6-4F64-AA9B-0FE7AC2C643C}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe => No File
FirewallRules: [UDP Query User{3EC44355-D004-4969-B468-59010EA3F679}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe => No File
FirewallRules: [TCP Query User{55F91AA5-706E-4125-885D-B110A37FCE87}C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe => No File
FirewallRules: [UDP Query User{15705161-3644-493C-ACA6-02132ED49003}C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe] => (Allow) C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe => No File
FirewallRules: [{D97DF715-A02F-4C93-A6FC-2A29FB1348D2}] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe => No File
FirewallRules: [{D3E33636-8100-4B24-9673-CD018C64D132}] => (Block) C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe => No File
CMD: SFC /scannow
CMD: findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Reboot:


*****************

"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable" => removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CB800FF-C5CA-4410-AC31-5CDF123022AD}" => not found
"C:\Windows\System32\Tasks\AVGUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGUpdateTaskMachineCore" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB6C6411-A7E0-43CF-8622-02D62F2E9833}" => not found
"C:\Windows\System32\Tasks\AVGUpdateTaskMachineUA" => not found
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVGUpdateTaskMachineUA" => not found
"C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\06wnhiu5.default-1504139140416\searchplugins\bing-lavasoft-ff59.xml" => not found
"HKLM\Software\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com" => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@update.avgbrowser.com/AVG Browser;version=3 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll [2020-10-26] (AVG Technologies USA, LLC" => not found
"C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll" => not found
"HKLM\Software\Wow6432Node\MozillaPlugins\@update.avgbrowser.com/AVG Browser;version=9 -> C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll [2020-10-26] (AVG Technologies USA, LLC" => not found
"C:\Program Files (x86)\AVG\Browser\Update\1.8.1066.0\npAvgBrowserUpdate3.dll" => not found
HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin => not found
SDScannerService => service not found.
SDUpdateService => service not found.
SDWSCService => service not found.
TMAgent => service not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => not found
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{1C4684DB-B963-4CC2-B043-CCB8F4ED764F}C:\program files (x86)\wondershare\vcu\urlreqservice.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0EC9AC9C-5987-4987-8707-44B649587DC2}C:\program files (x86)\wondershare\vcu\urlreqservice.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{561AD7C6-BCC6-4F64-AA9B-0FE7AC2C643C}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3EC44355-D004-4969-B468-59010EA3F679}C:\users\owner\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{55F91AA5-706E-4125-885D-B110A37FCE87}C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{15705161-3644-493C-ACA6-02132ED49003}C:\program files (x86)\common files\oracle\java\javapath_target_2146985553\java.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D97DF715-A02F-4C93-A6FC-2A29FB1348D2}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D3E33636-8100-4B24-9673-CD018C64D132}" => not found

========= SFC /scannow =========



Beginning system scan.  This process will take some time.



Beginning verification phase of system scan.

Verification 0% complete.Verification 1% complete.Verification 2% complete.Verification 2% complete.Verification 3% complete.Verification 4% complete.Verification 4% complete.Verification 5% complete.Verification 6% complete.Verification 7% complete.Verification 7% complete.Verification 8% complete.Verification 9% complete.Verification 9% complete.Verification 10% complete.Verification 11% complete.Verification 12% complete.Verification 12% complete.Verification 13% complete.Verification 14% complete.Verification 14% complete.Verification 15% complete.Verification 16% complete.Verification 17% complete.Verification 17% complete.Verification 18% complete.Verification 19% complete.Verification 19% complete.Verification 20% complete.Verification 21% complete.Verification 22% complete.Verification 22% complete.Verification 23% complete.Verification 24% complete.Verification 24% complete.Verification 25% complete.Verification 26% complete.Verification 27% complete.Verification 27% complete.Verification 28% complete.Verification 29% complete.Verification 29% complete.Verification 30% complete.Verification 31% complete.Verification 32% complete.Verification 32% complete.Verification 33% complete.Verification 34% complete.Verification 34% complete.Verification 35% complete.Verification 36% complete.Verification 37% complete.Verification 37% complete.Verification 38% complete.Verification 39% complete.Verification 39% complete.Verification 40% complete.Verification 41% complete.Verification 41% complete.Verification 42% complete.Verification 43% complete.Verification 44% complete.Verification 44% complete.Verification 45% complete.Verification 46% complete.Verification 46% complete.Verification 47% complete.Verification 48% complete.Verification 49% complete.Verification 49% complete.Verification 50% complete.Verification 51% complete.Verification 51% complete.Verification 52% complete.Verification 53% complete.Verification 54% complete.Verification 54% complete.Verification 55% complete.Verification 56% complete.Verification 56% complete.Verification 57% complete.Verification 58% complete.Verification 59% complete.Verification 59% complete.Verification 60% complete.Verification 61% complete.Verification 61% complete.Verification 62% complete.Verification 63% complete.Verification 64% complete.Verification 64% complete.Verification 65% complete.Verification 66% complete.Verification 66% complete.Verification 67% complete.Verification 68% complete.Verification 69% complete.Verification 69% complete.Verification 70% complete.Verification 71% complete.Verification 71% complete.Verification 72% complete.Verification 73% complete.Verification 74% complete.Verification 74% complete.Verification 75% complete.Verification 76% complete.Verification 76% complete.Verification 77% complete.Verification 78% complete.Verification 78% complete.Verification 79% complete.Verification 80% complete.Verification 81% complete.Verification 81% complete.Verification 82% complete.Verification 83% complete.Verification 83% complete.Verification 84% complete.Verification 85% complete.Verification 86% complete.Verification 86% complete.Verification 87% complete.Verification 88% complete.Verification 88% complete.Verification 89% complete.Verification 90% complete.Verification 91% complete.Verification 91% complete.Verification 92% complete.Verification 93% complete.Verification 93% complete.Verification 94% complete.Verification 95% complete.Verification 96% complete.Verification 96% complete.Verification 97% complete.Verification 98% complete.Verification 98% complete.Verification 99% complete.Verification 100% complete.


Windows Resource Protection did not find any integrity violations.


========= End of CMD: =========


========= findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log =========

2021-01-07 12:03:32, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:03:32, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
2021-01-07 12:03:34, Info                  CSI    0000000c [SR] Verify complete
2021-01-07 12:03:37, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:03:37, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
2021-01-07 12:03:40, Info                  CSI    00000010 [SR] Verify complete
2021-01-07 12:03:43, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:03:43, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
2021-01-07 12:03:46, Info                  CSI    00000014 [SR] Verify complete
2021-01-07 12:03:49, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:03:49, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
2021-01-07 12:03:50, Info                  CSI    00000018 [SR] Verify complete
2021-01-07 12:03:53, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:03:53, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
2021-01-07 12:03:55, Info                  CSI    0000001c [SR] Verify complete
2021-01-07 12:03:57, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:03:57, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
2021-01-07 12:03:59, Info                  CSI    00000020 [SR] Verify complete
2021-01-07 12:04:00, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:04:00, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
2021-01-07 12:04:03, Info                  CSI    00000024 [SR] Verify complete
2021-01-07 12:04:04, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:04:04, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
2021-01-07 12:04:05, Info                  CSI    00000028 [SR] Verify complete
2021-01-07 12:04:07, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:04:07, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
2021-01-07 12:04:09, Info                  CSI    0000002c [SR] Verify complete
2021-01-07 12:04:11, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:04:11, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
2021-01-07 12:04:12, Info                  CSI    00000030 [SR] Verify complete
2021-01-07 12:04:14, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:04:14, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
2021-01-07 12:04:15, Info                  CSI    00000034 [SR] Verify complete
2021-01-07 12:04:17, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:04:17, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
2021-01-07 12:04:19, Info                  CSI    00000038 [SR] Verify complete
2021-01-07 12:04:21, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:04:21, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
2021-01-07 12:04:23, Info                  CSI    0000003c [SR] Verify complete
2021-01-07 12:04:24, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:04:24, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
2021-01-07 12:04:29, Info                  CSI    00000040 [SR] Verify complete
2021-01-07 12:04:31, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:04:31, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
2021-01-07 12:04:33, Info                  CSI    00000044 [SR] Verify complete
2021-01-07 12:04:34, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:04:34, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
2021-01-07 12:04:37, Info                  CSI    00000048 [SR] Verify complete
2021-01-07 12:04:39, Info                  CSI    00000049 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:04:39, Info                  CSI    0000004a [SR] Beginning Verify and Repair transaction
2021-01-07 12:04:43, Info                  CSI    0000004c [SR] Verify complete
2021-01-07 12:04:45, Info                  CSI    0000004d [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:04:45, Info                  CSI    0000004e [SR] Beginning Verify and Repair transaction
2021-01-07 12:04:45, Info                  CSI    00000050 [SR] Verify complete
2021-01-07 12:04:47, Info                  CSI    00000051 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:04:47, Info                  CSI    00000052 [SR] Beginning Verify and Repair transaction
2021-01-07 12:04:51, Info                  CSI    00000054 [SR] Verify complete
2021-01-07 12:04:52, Info                  CSI    00000055 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:04:52, Info                  CSI    00000056 [SR] Beginning Verify and Repair transaction
2021-01-07 12:04:54, Info                  CSI    00000058 [SR] Verify complete
2021-01-07 12:04:55, Info                  CSI    00000059 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:04:55, Info                  CSI    0000005a [SR] Beginning Verify and Repair transaction
2021-01-07 12:04:57, Info                  CSI    0000005c [SR] Verify complete
2021-01-07 12:04:58, Info                  CSI    0000005d [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:04:58, Info                  CSI    0000005e [SR] Beginning Verify and Repair transaction
2021-01-07 12:05:09, Info                  CSI    00000060 [SR] Verify complete
2021-01-07 12:05:09, Info                  CSI    00000061 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:05:09, Info                  CSI    00000062 [SR] Beginning Verify and Repair transaction
2021-01-07 12:05:17, Info                  CSI    00000064 [SR] Verify complete
2021-01-07 12:05:18, Info                  CSI    00000065 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:05:18, Info                  CSI    00000066 [SR] Beginning Verify and Repair transaction
2021-01-07 12:05:26, Info                  CSI    00000068 [SR] Verify complete
2021-01-07 12:05:26, Info                  CSI    00000069 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:05:26, Info                  CSI    0000006a [SR] Beginning Verify and Repair transaction
2021-01-07 12:05:35, Info                  CSI    0000006c [SR] Verify complete
2021-01-07 12:05:36, Info                  CSI    0000006d [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:05:36, Info                  CSI    0000006e [SR] Beginning Verify and Repair transaction
2021-01-07 12:05:52, Info                  CSI    00000072 [SR] Verify complete
2021-01-07 12:05:54, Info                  CSI    00000073 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:05:54, Info                  CSI    00000074 [SR] Beginning Verify and Repair transaction
2021-01-07 12:06:08, Info                  CSI    00000079 [SR] Verify complete
2021-01-07 12:06:09, Info                  CSI    0000007a [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:06:09, Info                  CSI    0000007b [SR] Beginning Verify and Repair transaction
2021-01-07 12:06:18, Info                  CSI    0000007e [SR] Verify complete
2021-01-07 12:06:19, Info                  CSI    0000007f [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:06:19, Info                  CSI    00000080 [SR] Beginning Verify and Repair transaction
2021-01-07 12:06:32, Info                  CSI    00000082 [SR] Verify complete
2021-01-07 12:06:34, Info                  CSI    00000083 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:06:34, Info                  CSI    00000084 [SR] Beginning Verify and Repair transaction
2021-01-07 12:06:45, Info                  CSI    000000a6 [SR] Verify complete
2021-01-07 12:06:47, Info                  CSI    000000a7 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:06:47, Info                  CSI    000000a8 [SR] Beginning Verify and Repair transaction
2021-01-07 12:07:00, Info                  CSI    000000ad [SR] Verify complete
2021-01-07 12:07:02, Info                  CSI    000000ae [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:07:02, Info                  CSI    000000af [SR] Beginning Verify and Repair transaction
2021-01-07 12:07:13, Info                  CSI    000000b1 [SR] Verify complete
2021-01-07 12:07:14, Info                  CSI    000000b2 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:07:14, Info                  CSI    000000b3 [SR] Beginning Verify and Repair transaction
2021-01-07 12:07:19, Info                  CSI    000000b5 [SR] Verify complete
2021-01-07 12:07:20, Info                  CSI    000000b6 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:07:20, Info                  CSI    000000b7 [SR] Beginning Verify and Repair transaction
2021-01-07 12:07:28, Info                  CSI    000000b9 [SR] Verify complete
2021-01-07 12:07:29, Info                  CSI    000000ba [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:07:29, Info                  CSI    000000bb [SR] Beginning Verify and Repair transaction
2021-01-07 12:07:36, Info                  CSI    000000bd [SR] Verify complete
2021-01-07 12:07:37, Info                  CSI    000000be [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:07:37, Info                  CSI    000000bf [SR] Beginning Verify and Repair transaction
2021-01-07 12:07:43, Info                  CSI    000000c1 [SR] Verify complete
2021-01-07 12:07:43, Info                  CSI    000000c2 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:07:43, Info                  CSI    000000c3 [SR] Beginning Verify and Repair transaction
2021-01-07 12:07:55, Info                  CSI    000000e6 [SR] Verify complete
2021-01-07 12:07:56, Info                  CSI    000000e7 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:07:56, Info                  CSI    000000e8 [SR] Beginning Verify and Repair transaction
2021-01-07 12:08:04, Info                  CSI    000000ea [SR] Verify complete
2021-01-07 12:08:05, Info                  CSI    000000eb [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:08:05, Info                  CSI    000000ec [SR] Beginning Verify and Repair transaction
2021-01-07 12:08:17, Info                  CSI    000000ee [SR] Verify complete
2021-01-07 12:08:19, Info                  CSI    000000ef [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:08:19, Info                  CSI    000000f0 [SR] Beginning Verify and Repair transaction
2021-01-07 12:08:26, Info                  CSI    000000f4 [SR] Verify complete
2021-01-07 12:08:27, Info                  CSI    000000f5 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:08:27, Info                  CSI    000000f6 [SR] Beginning Verify and Repair transaction
2021-01-07 12:08:30, Info                  CSI    000000f8 [SR] Verify complete
2021-01-07 12:08:30, Info                  CSI    000000f9 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:08:30, Info                  CSI    000000fa [SR] Beginning Verify and Repair transaction
2021-01-07 12:08:31, Info                  CSI    000000fc [SR] Verify complete
2021-01-07 12:08:33, Info                  CSI    000000fd [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:08:33, Info                  CSI    000000fe [SR] Beginning Verify and Repair transaction
2021-01-07 12:08:39, Info                  CSI    00000100 [SR] Verify complete
2021-01-07 12:08:39, Info                  CSI    00000101 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:08:39, Info                  CSI    00000102 [SR] Beginning Verify and Repair transaction
2021-01-07 12:08:47, Info                  CSI    00000115 [SR] Verify complete
2021-01-07 12:08:48, Info                  CSI    00000116 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:08:48, Info                  CSI    00000117 [SR] Beginning Verify and Repair transaction
2021-01-07 12:08:53, Info                  CSI    00000119 [SR] Verify complete
2021-01-07 12:08:54, Info                  CSI    0000011a [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:08:54, Info                  CSI    0000011b [SR] Beginning Verify and Repair transaction
2021-01-07 12:08:59, Info                  CSI    0000011d [SR] Verify complete
2021-01-07 12:08:59, Info                  CSI    0000011e [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:08:59, Info                  CSI    0000011f [SR] Beginning Verify and Repair transaction
2021-01-07 12:09:03, Info                  CSI    00000121 [SR] Verify complete
2021-01-07 12:09:05, Info                  CSI    00000122 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:09:05, Info                  CSI    00000123 [SR] Beginning Verify and Repair transaction
2021-01-07 12:09:13, Info                  CSI    00000126 [SR] Verify complete
2021-01-07 12:09:15, Info                  CSI    00000127 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:09:15, Info                  CSI    00000128 [SR] Beginning Verify and Repair transaction
2021-01-07 12:09:24, Info                  CSI    0000012b [SR] Verify complete
2021-01-07 12:09:25, Info                  CSI    0000012c [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:09:25, Info                  CSI    0000012d [SR] Beginning Verify and Repair transaction
2021-01-07 12:09:29, Info                  CSI    0000012f [SR] Verify complete
2021-01-07 12:09:30, Info                  CSI    00000130 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:09:30, Info                  CSI    00000131 [SR] Beginning Verify and Repair transaction
2021-01-07 12:09:32, Info                  CSI    00000133 [SR] Verify complete
2021-01-07 12:09:33, Info                  CSI    00000134 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:09:33, Info                  CSI    00000135 [SR] Beginning Verify and Repair transaction
2021-01-07 12:09:46, Info                  CSI    00000137 [SR] Verify complete
2021-01-07 12:09:46, Info                  CSI    00000138 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:09:46, Info                  CSI    00000139 [SR] Beginning Verify and Repair transaction
2021-01-07 12:09:53, Info                  CSI    0000013b [SR] Verify complete
2021-01-07 12:09:54, Info                  CSI    0000013c [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:09:54, Info                  CSI    0000013d [SR] Beginning Verify and Repair transaction
2021-01-07 12:10:03, Info                  CSI    0000013f [SR] Verify complete
2021-01-07 12:10:04, Info                  CSI    00000140 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:10:04, Info                  CSI    00000141 [SR] Beginning Verify and Repair transaction
2021-01-07 12:10:17, Info                  CSI    00000159 [SR] Verify complete
2021-01-07 12:10:18, Info                  CSI    0000015a [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:10:18, Info                  CSI    0000015b [SR] Beginning Verify and Repair transaction
2021-01-07 12:10:25, Info                  CSI    0000015d [SR] Verify complete
2021-01-07 12:10:26, Info                  CSI    0000015e [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:10:26, Info                  CSI    0000015f [SR] Beginning Verify and Repair transaction
2021-01-07 12:10:38, Info                  CSI    00000161 [SR] Verify complete
2021-01-07 12:10:39, Info                  CSI    00000162 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:10:39, Info                  CSI    00000163 [SR] Beginning Verify and Repair transaction
2021-01-07 12:10:52, Info                  CSI    00000166 [SR] Verify complete
2021-01-07 12:10:53, Info                  CSI    00000167 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:10:53, Info                  CSI    00000168 [SR] Beginning Verify and Repair transaction
2021-01-07 12:11:03, Info                  CSI    0000016a [SR] Verify complete
2021-01-07 12:11:03, Info                  CSI    0000016b [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:11:03, Info                  CSI    0000016c [SR] Beginning Verify and Repair transaction
2021-01-07 12:11:09, Info                  CSI    0000016e [SR] Verify complete
2021-01-07 12:11:10, Info                  CSI    0000016f [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:11:10, Info                  CSI    00000170 [SR] Beginning Verify and Repair transaction
2021-01-07 12:11:15, Info                  CSI    00000172 [SR] Verify complete
2021-01-07 12:11:16, Info                  CSI    00000173 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:11:16, Info                  CSI    00000174 [SR] Beginning Verify and Repair transaction
2021-01-07 12:11:21, Info                  CSI    00000178 [SR] Verify complete
2021-01-07 12:11:21, Info                  CSI    00000179 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:11:21, Info                  CSI    0000017a [SR] Beginning Verify and Repair transaction
2021-01-07 12:11:26, Info                  CSI    0000017c [SR] Verify complete
2021-01-07 12:11:27, Info                  CSI    0000017d [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:11:27, Info                  CSI    0000017e [SR] Beginning Verify and Repair transaction
2021-01-07 12:11:39, Info                  CSI    00000180 [SR] Verify complete
2021-01-07 12:11:39, Info                  CSI    00000181 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:11:39, Info                  CSI    00000182 [SR] Beginning Verify and Repair transaction
2021-01-07 12:11:47, Info                  CSI    00000185 [SR] Verify complete
2021-01-07 12:11:48, Info                  CSI    00000186 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:11:48, Info                  CSI    00000187 [SR] Beginning Verify and Repair transaction
2021-01-07 12:11:53, Info                  CSI    0000018a [SR] Verify complete
2021-01-07 12:11:54, Info                  CSI    0000018b [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:11:54, Info                  CSI    0000018c [SR] Beginning Verify and Repair transaction
2021-01-07 12:11:59, Info                  CSI    0000018e [SR] Verify complete
2021-01-07 12:12:01, Info                  CSI    0000018f [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:12:01, Info                  CSI    00000190 [SR] Beginning Verify and Repair transaction
2021-01-07 12:12:10, Info                  CSI    00000193 [SR] Verify complete
2021-01-07 12:12:11, Info                  CSI    00000194 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:12:11, Info                  CSI    00000195 [SR] Beginning Verify and Repair transaction
2021-01-07 12:12:15, Info                  CSI    00000197 [SR] Verify complete
2021-01-07 12:12:17, Info                  CSI    00000198 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:12:17, Info                  CSI    00000199 [SR] Beginning Verify and Repair transaction
2021-01-07 12:12:22, Info                  CSI    0000019b [SR] Verify complete
2021-01-07 12:12:23, Info                  CSI    0000019c [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:12:23, Info                  CSI    0000019d [SR] Beginning Verify and Repair transaction
2021-01-07 12:12:28, Info                  CSI    000001a0 [SR] Verify complete
2021-01-07 12:12:29, Info                  CSI    000001a1 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:12:29, Info                  CSI    000001a2 [SR] Beginning Verify and Repair transaction
2021-01-07 12:12:37, Info                  CSI    000001a4 [SR] Verify complete
2021-01-07 12:12:38, Info                  CSI    000001a5 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:12:38, Info                  CSI    000001a6 [SR] Beginning Verify and Repair transaction
2021-01-07 12:12:41, Info                  CSI    000001a8 [SR] Verify complete
2021-01-07 12:12:42, Info                  CSI    000001a9 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:12:42, Info                  CSI    000001aa [SR] Beginning Verify and Repair transaction
2021-01-07 12:12:47, Info                  CSI    000001ad [SR] Verify complete
2021-01-07 12:12:47, Info                  CSI    000001ae [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:12:47, Info                  CSI    000001af [SR] Beginning Verify and Repair transaction
2021-01-07 12:12:54, Info                  CSI    000001b1 [SR] Verify complete
2021-01-07 12:12:55, Info                  CSI    000001b2 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:12:55, Info                  CSI    000001b3 [SR] Beginning Verify and Repair transaction
2021-01-07 12:13:00, Info                  CSI    000001b7 [SR] Verify complete
2021-01-07 12:13:01, Info                  CSI    000001b8 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:13:01, Info                  CSI    000001b9 [SR] Beginning Verify and Repair transaction
2021-01-07 12:13:06, Info                  CSI    000001bb [SR] Verify complete
2021-01-07 12:13:07, Info                  CSI    000001bc [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:13:07, Info                  CSI    000001bd [SR] Beginning Verify and Repair transaction
2021-01-07 12:13:14, Info                  CSI    000001c0 [SR] Verify complete
2021-01-07 12:13:15, Info                  CSI    000001c1 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:13:15, Info                  CSI    000001c2 [SR] Beginning Verify and Repair transaction
2021-01-07 12:13:18, Info                  CSI    000001c4 [SR] Verify complete
2021-01-07 12:13:18, Info                  CSI    000001c5 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:13:18, Info                  CSI    000001c6 [SR] Beginning Verify and Repair transaction
2021-01-07 12:13:20, Info                  CSI    000001c8 [SR] Verify complete
2021-01-07 12:13:20, Info                  CSI    000001c9 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:13:20, Info                  CSI    000001ca [SR] Beginning Verify and Repair transaction
2021-01-07 12:13:25, Info                  CSI    000001cc [SR] Verify complete
2021-01-07 12:13:26, Info                  CSI    000001cd [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:13:26, Info                  CSI    000001ce [SR] Beginning Verify and Repair transaction
2021-01-07 12:13:35, Info                  CSI    000001d0 [SR] Verify complete
2021-01-07 12:13:36, Info                  CSI    000001d1 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:13:36, Info                  CSI    000001d2 [SR] Beginning Verify and Repair transaction
2021-01-07 12:13:41, Info                  CSI    000001d4 [SR] Verify complete
2021-01-07 12:13:41, Info                  CSI    000001d5 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:13:41, Info                  CSI    000001d6 [SR] Beginning Verify and Repair transaction
2021-01-07 12:13:44, Info                  CSI    000001d8 [SR] Verify complete
2021-01-07 12:13:44, Info                  CSI    000001d9 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:13:44, Info                  CSI    000001da [SR] Beginning Verify and Repair transaction
2021-01-07 12:13:49, Info                  CSI    000001dc [SR] Verify complete
2021-01-07 12:13:49, Info                  CSI    000001dd [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:13:49, Info                  CSI    000001de [SR] Beginning Verify and Repair transaction
2021-01-07 12:25:48, Info                  CSI    000001e0 [SR] Verify complete
2021-01-07 12:25:48, Info                  CSI    000001e1 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:25:48, Info                  CSI    000001e2 [SR] Beginning Verify and Repair transaction
2021-01-07 12:26:11, Info                  CSI    000001e4 [SR] Verify complete
2021-01-07 12:26:11, Info                  CSI    000001e5 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:26:11, Info                  CSI    000001e6 [SR] Beginning Verify and Repair transaction
2021-01-07 12:26:20, Info                  CSI    000001e8 [SR] Verify complete
2021-01-07 12:26:20, Info                  CSI    000001e9 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:26:20, Info                  CSI    000001ea [SR] Beginning Verify and Repair transaction
2021-01-07 12:26:24, Info                  CSI    000001ec [SR] Verify complete
2021-01-07 12:26:24, Info                  CSI    000001ed [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:26:24, Info                  CSI    000001ee [SR] Beginning Verify and Repair transaction
2021-01-07 12:26:27, Info                  CSI    000001f0 [SR] Verify complete
2021-01-07 12:26:27, Info                  CSI    000001f1 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:26:27, Info                  CSI    000001f2 [SR] Beginning Verify and Repair transaction
2021-01-07 12:26:30, Info                  CSI    000001f4 [SR] Verify complete
2021-01-07 12:26:30, Info                  CSI    000001f5 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:26:30, Info                  CSI    000001f6 [SR] Beginning Verify and Repair transaction
2021-01-07 12:26:35, Info                  CSI    000001f8 [SR] Verify complete
2021-01-07 12:26:35, Info                  CSI    000001f9 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:26:35, Info                  CSI    000001fa [SR] Beginning Verify and Repair transaction
2021-01-07 12:26:36, Info                  CSI    000001fc [SR] Verify complete
2021-01-07 12:26:37, Info                  CSI    000001fd [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:26:37, Info                  CSI    000001fe [SR] Beginning Verify and Repair transaction
2021-01-07 12:26:37, Info                  CSI    00000200 [SR] Verify complete
2021-01-07 12:26:38, Info                  CSI    00000201 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:26:38, Info                  CSI    00000202 [SR] Beginning Verify and Repair transaction
2021-01-07 12:26:42, Info                  CSI    0000020a [SR] Verify complete
2021-01-07 12:26:43, Info                  CSI    0000020b [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:26:43, Info                  CSI    0000020c [SR] Beginning Verify and Repair transaction
2021-01-07 12:26:48, Info                  CSI    0000020e [SR] Verify complete
2021-01-07 12:26:48, Info                  CSI    0000020f [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:26:48, Info                  CSI    00000210 [SR] Beginning Verify and Repair transaction
2021-01-07 12:26:52, Info                  CSI    00000212 [SR] Verify complete
2021-01-07 12:26:52, Info                  CSI    00000213 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:26:52, Info                  CSI    00000214 [SR] Beginning Verify and Repair transaction
2021-01-07 12:26:55, Info                  CSI    00000216 [SR] Verify complete
2021-01-07 12:26:56, Info                  CSI    00000217 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:26:56, Info                  CSI    00000218 [SR] Beginning Verify and Repair transaction
2021-01-07 12:27:01, Info                  CSI    0000021a [SR] Verify complete
2021-01-07 12:27:02, Info                  CSI    0000021b [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:27:02, Info                  CSI    0000021c [SR] Beginning Verify and Repair transaction
2021-01-07 12:27:10, Info                  CSI    0000021f [SR] Verify complete
2021-01-07 12:27:10, Info                  CSI    00000220 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:27:10, Info                  CSI    00000221 [SR] Beginning Verify and Repair transaction
2021-01-07 12:27:12, Info                  CSI    00000223 [SR] Verify complete
2021-01-07 12:27:12, Info                  CSI    00000224 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:27:12, Info                  CSI    00000225 [SR] Beginning Verify and Repair transaction
2021-01-07 12:27:15, Info                  CSI    00000227 [SR] Verify complete
2021-01-07 12:27:16, Info                  CSI    00000228 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:27:16, Info                  CSI    00000229 [SR] Beginning Verify and Repair transaction
2021-01-07 12:27:28, Info                  CSI    0000022e [SR] Verify complete
2021-01-07 12:27:29, Info                  CSI    0000022f [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:27:29, Info                  CSI    00000230 [SR] Beginning Verify and Repair transaction
2021-01-07 12:27:41, Info                  CSI    00000233 [SR] Verify complete
2021-01-07 12:27:42, Info                  CSI    00000234 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:27:42, Info                  CSI    00000235 [SR] Beginning Verify and Repair transaction
2021-01-07 12:27:50, Info                  CSI    00000239 [SR] Verify complete
2021-01-07 12:27:51, Info                  CSI    0000023a [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:27:51, Info                  CSI    0000023b [SR] Beginning Verify and Repair transaction
2021-01-07 12:27:59, Info                  CSI    00000246 [SR] Verify complete
2021-01-07 12:28:00, Info                  CSI    00000247 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:28:00, Info                  CSI    00000248 [SR] Beginning Verify and Repair transaction
2021-01-07 12:28:11, Info                  CSI    0000024f [SR] Verify complete
2021-01-07 12:28:12, Info                  CSI    00000250 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:28:12, Info                  CSI    00000251 [SR] Beginning Verify and Repair transaction
2021-01-07 12:28:20, Info                  CSI    00000253 [SR] Verify complete
2021-01-07 12:28:21, Info                  CSI    00000254 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:28:21, Info                  CSI    00000255 [SR] Beginning Verify and Repair transaction
2021-01-07 12:28:27, Info                  CSI    00000259 [SR] Verify complete
2021-01-07 12:28:27, Info                  CSI    0000025a [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:28:27, Info                  CSI    0000025b [SR] Beginning Verify and Repair transaction
2021-01-07 12:28:34, Info                  CSI    0000025d [SR] Verify complete
2021-01-07 12:28:35, Info                  CSI    0000025e [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:28:35, Info                  CSI    0000025f [SR] Beginning Verify and Repair transaction
2021-01-07 12:28:42, Info                  CSI    00000284 [SR] Verify complete
2021-01-07 12:28:42, Info                  CSI    00000285 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:28:42, Info                  CSI    00000286 [SR] Beginning Verify and Repair transaction
2021-01-07 12:28:49, Info                  CSI    00000288 [SR] Verify complete
2021-01-07 12:28:49, Info                  CSI    00000289 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:28:49, Info                  CSI    0000028a [SR] Beginning Verify and Repair transaction
2021-01-07 12:28:54, Info                  CSI    0000028c [SR] Verify complete
2021-01-07 12:28:54, Info                  CSI    0000028d [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:28:54, Info                  CSI    0000028e [SR] Beginning Verify and Repair transaction
2021-01-07 12:29:00, Info                  CSI    00000290 [SR] Verify complete
2021-01-07 12:29:01, Info                  CSI    00000291 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:29:01, Info                  CSI    00000292 [SR] Beginning Verify and Repair transaction
2021-01-07 12:29:06, Info                  CSI    000002a0 [SR] Verify complete
2021-01-07 12:29:07, Info                  CSI    000002a1 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:29:07, Info                  CSI    000002a2 [SR] Beginning Verify and Repair transaction
2021-01-07 12:29:16, Info                  CSI    000002a4 [SR] Verify complete
2021-01-07 12:29:17, Info                  CSI    000002a5 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:29:17, Info                  CSI    000002a6 [SR] Beginning Verify and Repair transaction
2021-01-07 12:29:24, Info                  CSI    000002b4 [SR] Verify complete
2021-01-07 12:29:25, Info                  CSI    000002b5 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:29:25, Info                  CSI    000002b6 [SR] Beginning Verify and Repair transaction
2021-01-07 12:29:28, Info                  CSI    000002b8 [SR] Verify complete
2021-01-07 12:29:29, Info                  CSI    000002b9 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:29:29, Info                  CSI    000002ba [SR] Beginning Verify and Repair transaction
2021-01-07 12:29:33, Info                  CSI    000002bc [SR] Verify complete
2021-01-07 12:29:35, Info                  CSI    000002bd [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:29:35, Info                  CSI    000002be [SR] Beginning Verify and Repair transaction
2021-01-07 12:29:42, Info                  CSI    000002c1 [SR] Verify complete
2021-01-07 12:29:42, Info                  CSI    000002c2 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:29:42, Info                  CSI    000002c3 [SR] Beginning Verify and Repair transaction
2021-01-07 12:29:46, Info                  CSI    000002c5 [SR] Verify complete
2021-01-07 12:29:46, Info                  CSI    000002c6 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:29:46, Info                  CSI    000002c7 [SR] Beginning Verify and Repair transaction
2021-01-07 12:29:55, Info                  CSI    000002c9 [SR] Verify complete
2021-01-07 12:29:56, Info                  CSI    000002ca [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:29:56, Info                  CSI    000002cb [SR] Beginning Verify and Repair transaction
2021-01-07 12:30:02, Info                  CSI    000002cd [SR] Verify complete
2021-01-07 12:30:03, Info                  CSI    000002ce [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:30:03, Info                  CSI    000002cf [SR] Beginning Verify and Repair transaction
2021-01-07 12:30:11, Info                  CSI    000002d1 [SR] Verify complete
2021-01-07 12:30:12, Info                  CSI    000002d2 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:30:12, Info                  CSI    000002d3 [SR] Beginning Verify and Repair transaction
2021-01-07 12:30:19, Info                  CSI    000002ed [SR] Verify complete
2021-01-07 12:30:19, Info                  CSI    000002ee [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:30:19, Info                  CSI    000002ef [SR] Beginning Verify and Repair transaction
2021-01-07 12:30:34, Info                  CSI    000002f1 [SR] Verify complete
2021-01-07 12:30:35, Info                  CSI    000002f2 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:30:35, Info                  CSI    000002f3 [SR] Beginning Verify and Repair transaction
2021-01-07 12:30:42, Info                  CSI    000002f5 [SR] Verify complete
2021-01-07 12:30:43, Info                  CSI    000002f6 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:30:43, Info                  CSI    000002f7 [SR] Beginning Verify and Repair transaction
2021-01-07 12:30:47, Info                  CSI    000002f9 [SR] Verify complete
2021-01-07 12:30:48, Info                  CSI    000002fa [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:30:48, Info                  CSI    000002fb [SR] Beginning Verify and Repair transaction
2021-01-07 12:30:53, Info                  CSI    000002ff [SR] Verify complete
2021-01-07 12:30:54, Info                  CSI    00000300 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:30:54, Info                  CSI    00000301 [SR] Beginning Verify and Repair transaction
2021-01-07 12:31:00, Info                  CSI    00000303 [SR] Verify complete
2021-01-07 12:31:01, Info                  CSI    00000304 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:31:01, Info                  CSI    00000305 [SR] Beginning Verify and Repair transaction
2021-01-07 12:31:08, Info                  CSI    00000307 [SR] Verify complete
2021-01-07 12:31:08, Info                  CSI    00000308 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:31:08, Info                  CSI    00000309 [SR] Beginning Verify and Repair transaction
2021-01-07 12:31:14, Info                  CSI    0000030b [SR] Verify complete
2021-01-07 12:31:15, Info                  CSI    0000030c [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:31:15, Info                  CSI    0000030d [SR] Beginning Verify and Repair transaction
2021-01-07 12:31:21, Info                  CSI    00000310 [SR] Verify complete
2021-01-07 12:31:22, Info                  CSI    00000311 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:31:22, Info                  CSI    00000312 [SR] Beginning Verify and Repair transaction
2021-01-07 12:31:28, Info                  CSI    00000314 [SR] Verify complete
2021-01-07 12:31:29, Info                  CSI    00000315 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:31:29, Info                  CSI    00000316 [SR] Beginning Verify and Repair transaction
2021-01-07 12:31:36, Info                  CSI    00000318 [SR] Verify complete
2021-01-07 12:31:36, Info                  CSI    00000319 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:31:36, Info                  CSI    0000031a [SR] Beginning Verify and Repair transaction
2021-01-07 12:31:43, Info                  CSI    0000031c [SR] Verify complete
2021-01-07 12:31:44, Info                  CSI    0000031d [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:31:44, Info                  CSI    0000031e [SR] Beginning Verify and Repair transaction
2021-01-07 12:31:50, Info                  CSI    00000321 [SR] Verify complete
2021-01-07 12:31:51, Info                  CSI    00000322 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:31:51, Info                  CSI    00000323 [SR] Beginning Verify and Repair transaction
2021-01-07 12:31:58, Info                  CSI    00000325 [SR] Verify complete
2021-01-07 12:31:59, Info                  CSI    00000326 [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:31:59, Info                  CSI    00000327 [SR] Beginning Verify and Repair transaction
2021-01-07 12:32:06, Info                  CSI    00000329 [SR] Verify complete
2021-01-07 12:32:07, Info                  CSI    0000032a [SR] Verifying 100 (0x0000000000000064) components
2021-01-07 12:32:07, Info                  CSI    0000032b [SR] Beginning Verify and Repair transaction
2021-01-07 12:32:12, Info                  CSI    0000032d [SR] Verify complete
2021-01-07 12:32:13, Info                  CSI    0000032e [SR] Verifying 54 (0x0000000000000036) components
2021-01-07 12:32:13, Info                  CSI    0000032f [SR] Beginning Verify and Repair transaction
2021-01-07 12:32:16, Info                  CSI    00000331 [SR] Verify complete
2021-01-07 12:32:16, Info                  CSI    00000332 [SR] Repairing 0 components
2021-01-07 12:32:16, Info                  CSI    00000333 [SR] Beginning Verify and Repair transaction
2021-01-07 12:32:16, Info                  CSI    00000335 [SR] Repair complete

========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========


========= End of CMD: =========



The system needed a reboot.

==== End of Fixlog 12:32:43 ====


  • 0

#28
smittyd

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Also I tried to uninstall Superantispyware.  I went to the uninstall section in Control Panel, but it's not showing up there.  I can't find another name for it.


  • 0

#29
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,580 posts
  • MVP

That's not the latest fixlog.  That's from several days ago + it seems to be confused with tcpview's log.  Perhaps your hard drive is having problems.

 

I see you have Speccy so make a log & Attach it:

 

 Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.


  • 0

#30
smittyd

smittyd

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 130 posts

Try this...

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP