In Progress Malware suspicion

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
476
Hi, Quacu.

Let's try to import the Windows Defender service in Safe mode.

1. Restart with Safe mode
  • Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
  • Choose Update and Security.
  • From the menu at the left, choose Recovery.
  • Under the title Advanced startup at the right, choose Restart now.
  • From the window that will appear choose Troubleshoot and then Advanced options.
  • Choose Startup Settings and then Restart.
  • Press number 5, for choosing Safe mode with networking.
  • You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.
2. Restore missing services
  • Find Windows_Defender_Service.reg on your Desktop.
  • Double-click on the file, allow the information to be merged (Yes) and restart the computer.

If you are still getting the same error as before, please report back.

If the merge was successful, run the FSS scanner once more:
  • Right click on the tool icon and run it as administrator, as you did before.
  • Make sure all the options are checked.
  • Click on the Scan button.
  • It will create a log (FSS.txt) on your Desktop.
  • Copy and paste the log's content to your next reply.
 

Qwacu

Thread Starter
Joined
Apr 4, 2020
Messages
120
Farbar Service Scanner Version: 14-12-2019
Ran by Emmanuel (administrator) on 30-07-2020 at 16:18:54
Running from "C:\Users\Emmanuel\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc: "%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p".
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
476
Hi.

1. Enable Windows Security Service
  • Go to the Search area, type Services and press Enter.
  • From the Services list find Windows Security Service.
  • Right click and check if there is an option you can choose to enable it and make it run again (Start, Restart, Resume, Refresh).
  • Please report back what happened.
2. Restart and run FSS
  • Restart the computer.
  • Run the FSS tool as you did before and post the result.
2. Check Windows Defender
  • Go to Settings (Windows icon on the keyboard + i)
  • Select Privacy & Security
  • From the left pane, Windows Security
  • Open Windows Security
  • Please take a screenshot of what you see at the Security at a glance screen (Microsoft's instructions of how to take screenshots using snipping tool are here)
In your next reply please post:
1. What happened after you checked the Windows Security Service
2. The FSS log
3. The screenshot with Windows Defender status
 

Qwacu

Thread Starter
Joined
Apr 4, 2020
Messages
120
Please I find "windows security service" among the list
 

Qwacu

Thread Starter
Joined
Apr 4, 2020
Messages
120
the first step
Hi.

1. Enable Windows Security Service
  • Go to the Search area, type Services and press Enter.
  • From the Services list find Windows Security Service.
  • Right click and check if there is an option you can choose to enable it and make it run again (Start, Restart, Resume, Refresh).
  • Please report back what happened.
2. Restart and run FSS
  • Restart the computer.
  • Run the FSS tool as you did before and post the result.
2. Check Windows Defender
  • Go to Settings (Windows icon on the keyboard + i)
  • Select Privacy & Security
  • From the left pane, Windows Security
  • Open Windows Security
  • Please take a screenshot of what you see at the Security at a glance screen (Microsoft's instructions of how to take screenshots using snipping tool are here)
In your next reply please post:
1. What happened after you checked the Windows Security Service
2. The FSS log
3. The screenshot with Windows Defender status
the first step you gave here. I can't find the Windows Security Service in the list when i open the "services" on my computer
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
476
A, OK. I suspected that. We will need to add it too. But you will wait a bit. :)
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
476
Hi, Quacu.

1. Restart with Safe mode
  • Press the Windows icon on the keyboard together with the letter I, to get into the Settings.
  • Choose Update and Security.
  • From the menu at the left, choose Recovery.
  • Under the title Advanced startup at the right, choose Restart now.
  • From the window that will appear choose Troubleshoot and then Advanced options.
  • Choose Startup Settings and then Restart.
  • Press number 5, for choosing Safe mode with networking.
  • You will know that you are in Safe mode, if the background is black and Safe mode is written at the four corners of the screen.
2. Restore missing service
  • Download Windows_Security_Service and save it on your Desktop.
  • Double-click on the file, allow the information to be merged (Yes) and restart the computer.

If you got an error, please report back.

If the merge was successful, run the FSS scanner once more:
  • Right click on the tool icon and run it as administrator, as you did before.
  • Make sure all the options are checked.
  • Click on the Scan button.
  • It will create a log (FSS.txt) on your Desktop.
  • Copy and paste the log's content to your next reply.
  • Also post the Windows Defender screenshot as you were instructed to do here.
 
Last edited:

Qwacu

Thread Starter
Joined
Apr 4, 2020
Messages
120
Farbar Service Scanner Version: 14-12-2019
Ran by Emmanuel (administrator) on 02-08-2020 at 21:54:46
Running from "C:\Users\Emmanuel\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 

DR.M

Malware Trainee
Joined
Sep 4, 2019
Messages
476
Everything looks perfect. (y)

Now I would like you to post fresh FRST logs (FRST and Addition) to take another look into the system.
 

Qwacu

Thread Starter
Joined
Apr 4, 2020
Messages
120
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2020
Ran by Emmanuel (02-08-2020 22:09:49)
Running from C:\Users\Emmanuel\Desktop
Windows 10 Home Version 2004 19041.388 (X64) (2020-06-24 19:27:52)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1935749414-41328414-3719181782-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1935749414-41328414-3719181782-503 - Limited - Disabled)
Emmanuel (S-1-5-21-1935749414-41328414-3719181782-1001 - Administrator - Enabled) => C:\Users\Emmanuel
Guest (S-1-5-21-1935749414-41328414-3719181782-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1935749414-41328414-3719181782-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Photoshop CC 2019 (HKLM-x32\...\PHSP_20_0) (Version: 20.0.0 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.4.2 - Advanced Micro Devices, Inc.)
Blender (HKLM\...\{053A73FE-DBF8-4674-8EC0-63BD07615695}) (Version: 2.81.0 - Blender Foundation)
Branding64 (HKLM\...\{856DA29A-EA4A-468B-BBC2-B5F60DD75BFE}) (Version: 1.00.0002 - Advanced Micro Devices, Inc.) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 84.0.522.50 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.133.5 - )
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1935749414-41328414-3719181782-1001\...\OneDriveSetup.exe) (Version: 20.124.0621.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Opera Stable 69.0.3686.95 (HKU\S-1-5-21-1935749414-41328414-3719181782-1001\...\Opera 69.0.3686.95) (Version: 69.0.3686.95 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8125 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.75 - Synaptics Incorporated)
Telegram Desktop version 2.1.13 (HKU\S-1-5-21-1935749414-41328414-3719181782-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 2.1.13 - Telegram FZ-LLC)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB4484289) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{F97B139A-D8BF-46FF-A6F6-50710FED8644}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
Zoom (HKU\S-1-5-21-1935749414-41328414-3719181782-1001\...\ZoomUMX) (Version: 5.1 - Zoom Video Communications, Inc.)

Packages:
=========
Advanced English Dictionary -> C:\Program Files\WindowsApps\12726CosmosChong.AdvancedEnglishDictionary_4.3.3.3_neutral__amge560j0aq9g [2020-07-03] (Cosmos Chong)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.39.4.0_x86__kgqvnymyfvs32 [2020-06-25] (king.com)
Easy Movie Maker -> C:\Program Files\WindowsApps\34697joal.EasyMovieMaker_2.5.20.0_x64__7xtp3aa6dt786 [2020-07-06] (joal)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.40.3.0_x86__kgqvnymyfvs32 [2020-06-25] (king.com)
Hd Video Downloader -> C:\Program Files\WindowsApps\34042Nishshreyahpatha.HdVideoDownloader_1.0.7.0_x64__719jvg2sjts14 [2020-07-30] (Nishshreyahpatha) [MS Ad]
Metronome10 -> C:\Program Files\WindowsApps\3983JEFBCreating.Metronomy_2.1.8.0_x64__vy786dcgg6jz4 [2020-07-11] (JEFBCreating) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x64__8wekyb3d8bbwe [2020-07-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1805.2.0_x86__8wekyb3d8bbwe [2020-07-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-06-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-06-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.7162.0_x64__8wekyb3d8bbwe [2020-07-30] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.23.31994.0_x64__8wekyb3d8bbwe [2020-07-30] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20714.0_x64__8wekyb3d8bbwe [2020-06-25] (Microsoft Corporation) [MS Ad]
PowerDirector 18 Essential -> C:\Program Files\WindowsApps\F508037F.PowerDirector18Essential_18.0.2815.0_x64__7j1xgptdajq4j [2020-07-06] (CyberLink Corp.)
Pulse Metronome -> C:\Program Files\WindowsApps\52781BeetRootSoftware.PulseMetronome_1.1.0.1_neutral__ddga268p0yg70 [2020-07-11] (BeetRoot Software)
Striker Zone -> C:\Program Files\WindowsApps\23866ExtremeDevelopers.StrikerZone_3.22.9.0_x64__zxxvj7ezs5pcc [2020-07-03] (Extreme Developers)
VidMate -> C:\Program Files\WindowsApps\29863YouTubeHD.VidMate_1.2.3.0_x64__b2zk0s1tabzra [2020-07-30] (Tubemate YouTube) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2020-05-15] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-07-18 11:30 - 2019-07-18 11:30 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000413696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000519168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 001431040 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2020-05-15 15:34 - 2020-05-15 15:34 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 001083904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000287232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000329216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000312320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2019-07-18 11:30 - 2019-07-18 11:30 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2020-05-15 15:34 - 2020-05-15 15:34 - 000085504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Emmanuel\Desktop\FSS.exe:SmartScreen [7]
AlternateDataStreams: C:\Users\Emmanuel\Downloads\blender-2.81-windows64.msi:SmartScreen [7]
AlternateDataStreams: C:\Users\Emmanuel\Downloads\lj2420_fw_util_08_120_4.exe:SmartScreen [7]
AlternateDataStreams: C:\Users\Emmanuel\Downloads\OperaSetup.exe:SmartScreen [7]
AlternateDataStreams: C:\Users\Emmanuel\Downloads\sp72163.exe:SmartScreen [7]
AlternateDataStreams: C:\Users\Emmanuel\Downloads\sp73250.exe:SmartScreen [7]
AlternateDataStreams: C:\Users\Emmanuel\Downloads\tsetup.2.1.10.exe:SmartScreen [7]
AlternateDataStreams: C:\Users\Emmanuel\Downloads\UnityHubSetup.exe:SmartScreen [7]
AlternateDataStreams: C:\Users\Emmanuel\Downloads\upd-pcl6-x64-6.9.0.24630.exe:SmartScreen [7]
AlternateDataStreams: C:\Users\Emmanuel\Downloads\ZoomInstaller.exe:SmartScreen [7]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1935749414-41328414-3719181782-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Emmanuel\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{310DFFFE-15F5-4F1E-BD71-6D4D41FA0333}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F0F769CD-0FE2-4627-A391-3A1834DA2814}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4D8FCA91-E40B-49C3-97AD-5B5DADC283C0}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{99566ECD-98B3-47D4-871A-1FD586ED9302}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FA248542-699B-4E20-9375-A7CA46C64051}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6A979FB0-33E3-443B-B247-E2EE7E085666}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{40DDD70A-AF32-4665-9E37-32445AAA5C62}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{976386A8-DBF4-4113-90A8-522181C8C940}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.61.100.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{B4561B47-BD61-42EC-9022-F18895D382B2}C:\users\emmanuel\appdata\local\programs\opera\69.0.3686.36\opera.exe] => (Block) C:\users\emmanuel\appdata\local\programs\opera\69.0.3686.36\opera.exe => No File
FirewallRules: [UDP Query User{EAF846A0-EF45-4D50-9DFD-B8B3B71846BF}C:\users\emmanuel\appdata\local\programs\opera\69.0.3686.36\opera.exe] => (Block) C:\users\emmanuel\appdata\local\programs\opera\69.0.3686.36\opera.exe => No File
FirewallRules: [TCP Query User{50CD24B7-6EED-44FF-A6B8-CEF3B8EB3643}C:\users\emmanuel\appdata\local\programs\opera\69.0.3686.36\opera.exe] => (Block) C:\users\emmanuel\appdata\local\programs\opera\69.0.3686.36\opera.exe => No File
FirewallRules: [UDP Query User{AA3FC3D0-548F-4D25-8D32-57D1BFC299BB}C:\users\emmanuel\appdata\local\programs\opera\69.0.3686.36\opera.exe] => (Block) C:\users\emmanuel\appdata\local\programs\opera\69.0.3686.36\opera.exe => No File
FirewallRules: [{48A9BE00-A973-4725-A61B-6EF959BD1765}] => (Allow) C:\Users\Emmanuel\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F0BB6F7A-502A-44A4-B1A8-568BF8016EC6}] => (Allow) C:\Users\Emmanuel\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [TCP Query User{BE5FAFC7-DA43-44E2-AFA4-ABF1345D38D6}C:\users\emmanuel\appdata\local\programs\opera\69.0.3686.77\opera.exe] => (Block) C:\users\emmanuel\appdata\local\programs\opera\69.0.3686.77\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{FBE6C153-A731-4826-A7E3-F0E1F49DF886}C:\users\emmanuel\appdata\local\programs\opera\69.0.3686.77\opera.exe] => (Block) C:\users\emmanuel\appdata\local\programs\opera\69.0.3686.77\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [TCP Query User{27BED5CC-EC72-4CE8-B23C-DB1353EF62BA}C:\users\emmanuel\appdata\local\programs\opera\69.0.3686.77\opera.exe] => (Block) C:\users\emmanuel\appdata\local\programs\opera\69.0.3686.77\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [UDP Query User{F6BDA2B3-B16E-4190-BD3F-94F5AD2E60BD}C:\users\emmanuel\appdata\local\programs\opera\69.0.3686.77\opera.exe] => (Block) C:\users\emmanuel\appdata\local\programs\opera\69.0.3686.77\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{632B2A48-52B7-4FDE-92D3-838CEB3BA5AA}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe => No File
FirewallRules: [{A0F8964A-8CC6-4694-8ADF-5B6C36222B3D}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe => No File

==================== Restore Points =========================

24-07-2020 21:58:05 Scheduled Checkpoint
29-07-2020 11:51:12 Windows Modules Installer

==================== Faulty Device Manager Devices ============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: ========================

Application errors:
==================
Error: (08/02/2020 01:32:46 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Music.UI.exe version 10.20032.1261.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: e34

Start Time: 01d668c03a9d4663

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20032.12611.0_x64__8wekyb3d8bbwe\Music.UI.exe

Report Id: 863d52e5-6abb-49b4-a420-574def72f23d

Faulting package full name: Microsoft.ZuneMusic_10.20032.12611.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: Microsoft.ZuneMusic

Hang type: Quiesce

Error: (08/01/2020 11:57:09 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (1516,R,98) SRUJet: Database recovery/restore failed with unexpected error -501.

Error: (08/01/2020 11:57:09 PM) (Source: ESENT) (EventID: 465) (User: )
Description: svchost (1516,R,98) SRUJet: Corruption was detected during soft recovery in logfile C:\Windows\system32\SRU\SRU01835.log. The failing checksum record is located at position . Data not matching the log-file fill pattern first appeared in sector isec 11 reason ValidSegmentAfterEmpty. This logfile has been damaged and is unusable.

Error: (08/01/2020 11:57:09 PM) (Source: ESENT) (EventID: 552) (User: )
Description: svchost (1516,R,98) SRUJet: The log file at "C:\Windows\system32\SRU\SRU01835.log" is corrupt with reason 'ValidSegmentAfterEmpty'. Last valid segment was 2, current segment is 11. The expected checksum was 2828022244026950676 (0x273f273f58212414) and the actual checksum was 2828022244026950676 (0x273f273f58212414). The read completed with error-code 0 (0x00000000). If this condition persists then please restore the logfile from a previous backup.

Error: (08/01/2020 11:57:07 PM) (Source: ESENT) (EventID: 465) (User: )
Description: svchost (1516,R,98) SRUJet: Corruption was detected during soft recovery in logfile C:\Windows\system32\SRU\SRU.log. The failing checksum record is located at position . Data not matching the log-file fill pattern first appeared in sector isec 8 reason BadSegmentLgpos. This logfile has been damaged and is unusable.

Error: (08/01/2020 11:57:07 PM) (Source: ESENT) (EventID: 552) (User: )
Description: svchost (1516,R,98) SRUJet: The log file at "C:\Windows\system32\SRU\SRU.log" is corrupt with reason 'BadSegmentLgpos'. Last valid segment was 7, current segment is 8. The expected checksum was 5256324246497842894 (0x48f2370d90c6d6ce) and the actual checksum was 5256324246497842894 (0x48f2370d90c6d6ce). The read completed with error-code 0 (0x00000000). If this condition persists then please restore the logfile from a previous backup.

Error: (08/01/2020 11:53:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.19041.388 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 278

Start Time: 01d6680c36b97f80

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: e0c338a1-505b-41a8-982f-003673633e86

Faulting package full name:

Faulting package-relative application ID:

Hang type: Cross-process

Error: (08/01/2020 11:51:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchApp.exe, version: 10.0.19041.153, time stamp: 0x0ba6e048
Faulting module name: KERNELBASE.dll, version: 10.0.19041.388, time stamp: 0x3cc24707
Exception code: 0xc000027b
Fault offset: 0x000000000010b37c
Faulting process ID: 0x142c
Faulting application start time: 0x01d66855c9627d79
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report ID: 18753941-e1b8-486d-94e7-035fde5d4301
Faulting package full name: Microsoft.Windows.Search_1.14.0.19041_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI


System errors:
=============
Error: (08/02/2020 09:51:43 PM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY)
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (08/02/2020 09:50:52 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-E8KFRRS)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/02/2020 09:50:48 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-E8KFRRS)
Description: DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server:
Windows.Internal.CapabilityAccess.CapabilityAccess

Error: (08/02/2020 09:50:48 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (08/02/2020 09:50:28 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-E8KFRRS)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/02/2020 09:50:12 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-E8KFRRS)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/02/2020 09:50:11 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-E8KFRRS)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (08/02/2020 09:48:45 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-E8KFRRS)
Description: DCOM got error "1084" attempting to start the service BthAvctpSvc with arguments "Unavailable" in order to run the server:
{6E1F7F3E-760E-45F3-AA8F-5761ABDA272A}


Windows Defender:
===================================
Date: 2020-08-02 00:17:51.6160000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {32AF6331-3350-49ED-95B8-B48E196393F4}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-01 13:03:57.4880000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {610C12D7-C08B-48CE-8827-12E7902A9868}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-01 12:21:22.2650000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {3F1F18B9-D5A3-4EEF-99E2-E142DD021E5B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-01 11:36:58.2160000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {35F2A133-4F1C-446C-9DFC-A65F04CF1F7D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-07-31 23:34:05.4400000Z
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {96E0776C-1FA8-44A7-9045-86FB97AAAD9D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-08-02 21:48:02.8700000Z
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2020-08-02 21:36:57.3040000Z
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2020-08-02 12:36:35.2670000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.400.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2020-08-02 12:17:41.3790000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.400.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2020-08-02 06:12:38.4210000Z
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.321.400.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.17300.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

==================== Memory info ===========================

BIOS: American Megatrends Inc. F.34 12/07/2015
Motherboard: HP 8015
Processor: AMD A8-7410 APU with AMD Radeon R5 Graphics
Percentage of memory in use: 81%
Total physical RAM: 3519.02 MB
Available physical RAM: 644.42 MB
Total Virtual: 7615.02 MB
Available Virtual: 2936.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:129.28 GB) (Free:66.67 GB) NTFS
Drive d: (Hey) (Fixed) (Total:43.46 GB) (Free:32.99 GB) NTFS
Drive e: (Emma) (Fixed) (Total:292.97 GB) (Free:127.05 GB) NTFS

\\?\Volume{8f286e92-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 8F286E92)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=129.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=293 GB) - (Type=0F Extended)
Partition 4: (Not Active) - (Size=43.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
 

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top