Jump to content


  • Posts

  • Joined

  • Last visited

About nuley

  • Birthday 08/25/1970

Tech Info

  • Experience
  • System: windows_7_home_premium

nuley's Achievements


Newbie (1/14)



  1. Thanks Starbuck! I have removed McAfee and rebooted, and Windows Defender is running. Just one more question - it's asking me to turn on Reputation Based Protection, as part of the App and Browser Control. I have no idea what this is. Should I turn it on? Thanks again Nuley
  2. Dear friends I have a new computer! It is an HP slim desktop S01-aF0xxx running Windows 10 64-bit. We use it for the odd presentation or academics, and a bit of browsing, and emails, using Office 365. It has come with a free McAfee personal security thing but I'm not sure if I need an added anti-virus on top of what Windows already has. If I do need another thing on top, which would you recommend? I've used Eset and Avast in the past. Should I uninstall McAfee or just leave it to run out of its free trial period? or pay for it? Any help would, as ever, be gratefully received. I think this is now the 3rd desktop PC you've helped me manage, plus the (now adult) kids' laptops. Thank you so much! Nuley
  3. PS. I've tried to check whether everything is up to date with Windows, but I can't get the office updates to install properly. I notice it's wanting to install 32-bit stuff. Is that as it should be or is it an issue?
  4. Dear friends My main computer is running very slow. Internet is fine via Edge (better than it was with Firefox, actually), but File Explorer is almost not running at all, and copying photos from a memory stick to external hard drive is taking about 1 hour for 200 pics. I don't know if this is because my computer is just too old, or it occurred to me that maybe my anti-virus software doesn't like Defender? I've got Eset antivirus plus Defender - though I don't actually know if they're doing different things at the moment. Here's the computer info: Is there anything I can do to speed things up, please? Thank you as ever! Nuley
  5. Hi there and thanks for the new links which we'll follow. 16-y-o says it's working better now, thanks very much! nuley
  6. Hi again We've updated Windows. Unfortunately we're still getting the same error message: The program can't start because MSVCP120.dll is missing from the computer. Try reinstalling the program to fix this problem. All best nuley
  7. Thanks very much - that was so easy I thought you'd missed a bit out...! Here's the log: Fix result of Farbar Recovery Scan Tool (x64) Version: 03-07-2017 01 Ran by mayag (03-07-2017 20:27:03) Run:1 Running from C:\Users\mayag\Desktop Loaded Profiles: mayag (Available Profiles: defaultuser0 & mayag) Boot Mode: Normal ============================================== fixlist content: ***************** (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-01] (McAfee, Inc.) S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X] S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.) S3 mfeaack; C:\windows\System32\drivers\mfeaack.sys [419624 2016-08-02] (McAfee, Inc.) S3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.) S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.) S3 dbx; system32\DRIVERS\dbx.sys [X] 2017-07-02 13:47 - 2017-07-02 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2017-07-02 13:24 - 2017-07-02 13:45 - 03480040 _____ (McAfee, Inc.) C:\Users\mayag\Desktop\MCPR.exe 2017-07-02 14:25 - 2017-01-20 11:05 - 00000000 ____D C:\ProgramData\McAfee 2017-07-02 14:25 - 2017-01-20 11:05 - 00000000 ____D C:\Program Files\Common Files\McAfee 2017-07-02 14:07 - 2017-01-20 11:05 - 00000000 ____D C:\Program Files (x86)\McAfee 2017-07-02 13:24 - 2017-01-20 11:07 - 00003126 _____ C:\windows\System32\Tasks\McAfeeLogon 2017-07-02 13:24 - 2017-01-20 11:07 - 00000000 ____D C:\windows\System32\Tasks\McAfee AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} Task: {1081908A-52B5-44E4-859A-830937EA5446} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {3A3A512C-7E8D-4890-9054-1335669AD191} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0 \mcdatrep.exe Task: {3CB9AD2F-F2FA-4C4E-B0DA-E48EAF964732} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0 \mcdatrep.exe Task: {4673E3FD-FCD0-4BA8-9316-F42BD0C5B0E8} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-09-20] (McAfee, Inc.) Task: {B9FBA06F-2D91-4267-8EAA-240762DAFA03} - System32\Tasks\McAfee\McAfee Idle Detection Task 2017-07-02 13:22 - 2016-10-25 00:31 - 00508368 _____ () C:\Program Files\Common Files\McAfee\Sustainability\GenericPlugin.dll HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfemms => ""="Service" FirewallRules: [{E9CEE5EB-F88C-455B-9211-18CEEF58B198}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe CMD: ipconfig /flushdns Hosts: EmptyTemp: ***************** [2840] C:\Program Files\Common Files\McAfee\platform\McUICnt.exe => process closed successfully. [8492] C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe => process closed successfully. [10604] C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe => process closed successfully. [11788] C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe => process closed successfully. HKLM\Software\Classes\PROTOCOLS\Filter\application/x-mfe-ipt => key removed successfully HKLM\Software\Classes\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => key not found. HKLM\System\CurrentControlSet\Services\HomeNetSvc => key removed successfully HomeNetSvc => service removed successfully HKLM\System\CurrentControlSet\Services\McAPExe => key removed successfully McAPExe => service removed successfully HKLM\System\CurrentControlSet\Services\McAWFwk => key removed successfully McAWFwk => service removed successfully HKLM\System\CurrentControlSet\Services\McBootDelayStartSvc => key removed successfully McBootDelayStartSvc => service removed successfully HKLM\System\CurrentControlSet\Services\mccspsvc => key removed successfully mccspsvc => service removed successfully HKLM\System\CurrentControlSet\Services\McMPFSvc => key removed successfully McMPFSvc => service removed successfully HKLM\System\CurrentControlSet\Services\McNaiAnn => key removed successfully McNaiAnn => service removed successfully HKLM\System\CurrentControlSet\Services\McODS => key removed successfully McODS => service removed successfully HKLM\System\CurrentControlSet\Services\McProxy => key removed successfully McProxy => service removed successfully HKLM\System\CurrentControlSet\Services\ModuleCoreService => key removed successfully ModuleCoreService => service removed successfully HKLM\System\CurrentControlSet\Services\MSK80Service => key removed successfully MSK80Service => service removed successfully HKLM\System\CurrentControlSet\Services\mfemms => key removed successfully mfemms => service removed successfully HKLM\System\CurrentControlSet\Services\HipShieldK => key removed successfully HipShieldK => service removed successfully HKLM\System\CurrentControlSet\Services\mfeaack => key removed successfully mfeaack => service removed successfully HKLM\System\CurrentControlSet\Services\mfencbdc => key removed successfully mfencbdc => service removed successfully HKLM\System\CurrentControlSet\Services\mfencrk => key removed successfully mfencrk => service removed successfully HKLM\System\CurrentControlSet\Services\dbx => key removed successfully dbx => service removed successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee => moved successfully C:\Users\mayag\Desktop\MCPR.exe => moved successfully "C:\ProgramData\McAfee" folder move: Could not move "C:\ProgramData\McAfee" => Scheduled to move on reboot. C:\Program Files\Common Files\McAfee => moved successfully C:\Program Files (x86)\McAfee => moved successfully C:\windows\System32\Tasks\McAfeeLogon => moved successfully C:\windows\System32\Tasks\McAfee => moved successfully AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} => removed successfully AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} => removed successfully FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1081908A-52B5-44E4-859A-830937EA5446} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1081908A-52B5-44E4-859A-830937EA5446} => key removed successfully C:\windows\System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\McAfee Auto Maintenance Task Agent => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A3A512C-7E8D-4890-9054-1335669AD191} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A3A512C-7E8D-4890-9054-1335669AD191} => key removed successfully C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CB9AD2F-F2FA-4C4E-B0DA-E48EAF964732} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CB9AD2F-F2FA-4C4E-B0DA-E48EAF964732} => key removed successfully C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4673E3FD-FCD0-4BA8-9316-F42BD0C5B0E8} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4673E3FD-FCD0-4BA8-9316-F42BD0C5B0E8} => key removed successfully C:\windows\System32\Tasks\McAfeeLogon => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfeeLogon => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9FBA06F-2D91-4267-8EAA-240762DAFA03} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9FBA06F-2D91-4267-8EAA-240762DAFA03} => key removed successfully C:\windows\System32\Tasks\McAfee\McAfee Idle Detection Task => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\McAfee Idle Detection Task => key removed successfully "C:\Program Files\Common Files\McAfee\Sustainability\GenericPlugin.dll" => not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9CEE5EB-F88C-455B-9211-18CEEF58B198} => value removed successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 308208 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54712928 B Java, Flash, Steam htmlcache => 826 B Windows/system/drivers => 1991923 B Edge => 112272816 B Chrome => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 74 B systemprofile32 => 128 B LocalService => 4182 B NetworkService => 16254 B defaultuser0 => 1550762 B mayag => 84572637 B RecycleBin => 129211535 B EmptyTemp: => 366.8 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-07-2017 20:33:16) C:\ProgramData\McAfee => Is moved successfully ==== End of Fixlog 20:33:16 ==== We'll check on the Windows updates. Thanks again nuley
  8. Thanks very much. Here goes: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2017 Ran by mayag (administrator) on LAPTOP-ELFC69SF (02-07-2017 16:55:58) Running from C:\Users\mayag\Desktop Loaded Profiles: mayag (Available Profiles: defaultuser0 & mayag) Platform: Windows 10 Home Version 1607 (X64) Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe () C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\WpcMon.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe (HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe (HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-10-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Session] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-10-14] (Realtek Semiconductor) HKLM\...\Run: [startCN] => c:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-14] (Advanced Micro Devices, Inc.) HKLM\...\Run: [btServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corporation) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-21] (Microsoft Corporation) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc.) HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324488 2016-08-02] (HP) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-06-26] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP JumpStart Launch.lnk [2017-01-20] ShortcutTarget: HP JumpStart Launch.lnk -> c:\Windows\Installer\{B90CB0DE-2E60-41C4-9857-466EB98192BF}\HPlogo_blue.ico () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] Tcpip\..\Interfaces\{06dc94cc-4859-4e21-9df2-e43c3e80c5eb}: [DhcpNameServer] Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-1178048158-3526864474-3808934351-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-1178048158-3526864474-3808934351-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE SearchScopes: HKLM -> {5A99CDC0-90A7-4A15-A14C-2FCC707EC15B} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {5A99CDC0-90A7-4A15-A14C-2FCC707EC15B} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1178048158-3526864474-3808934351-1001 -> {5A99CDC0-90A7-4A15-A14C-2FCC707EC15B} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-23] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-23] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-05] (HP Inc.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-05] (HP Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-23] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-23] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-23] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-23] (Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File FireFox: ======== FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-07-02] [not signed] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-23] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] () ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-09-14] () [File not signed] R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2016-09-20] (Realtek Semiconductor Corp.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-03-21] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-03-21] (Dropbox, Inc.) R2 DbxSvc; C:\windows\system32\DbxSvc.exe [49992 2017-06-26] (Dropbox, Inc.) S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-01] (WildTangent) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1268736 2016-10-05] (HP Inc.) [File not signed] R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3316576 2016-08-09] (HP Inc.) R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [461848 2016-08-05] (HP Inc.) S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-01] (McAfee, Inc.) S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [317960 2016-10-14] (Realtek Semiconductor) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [258152 2016-08-25] (Synaptics Incorporated) R2 tbaseprovisioning; C:\windows\SysWOW64\tbaseprovisioning.exe [51224 2016-10-14] (Advanced Micro Devices, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\windows\System32\drivers\AmdAS4.sys [27376 2016-10-14] (Advanced Micro Devices, INC.) R3 amdgpio2; C:\windows\System32\drivers\amdgpio2.sys [34704 2016-10-14] (Advanced Micro Devices, Inc) R3 amdi2c; C:\windows\System32\drivers\amdi2c.sys [54160 2016-10-14] (Advanced Micro Devices, Inc) S3 amdkmcsp; C:\windows\system32\DRIVERS\amdkmcsp.sys [100752 2016-10-14] (Advanced Micro Devices, Inc. ) R3 amdkmdag; C:\windows\System32\DriverStore\FileRepository\c0307343.inf_amd64_48b2d31d9265e835\atikmdag.sys [26561552 2016-10-14] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\windows\System32\DriverStore\FileRepository\c0307343.inf_amd64_48b2d31d9265e835\atikmpag.sys [510992 2016-10-14] (Advanced Micro Devices, Inc.) R0 amdpsp; C:\windows\System32\DRIVERS\amdpsp.sys [254864 2016-10-14] (Advanced Micro Devices, Inc. ) R3 amduart; C:\windows\System32\drivers\amduart.sys [91672 2016-10-14] (Advanced Micro Devices, Inc) R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWT6.sys [101376 2016-10-14] (Advanced Micro Devices) S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.) S3 mfeaack; C:\windows\System32\drivers\mfeaack.sys [419624 2016-08-02] (McAfee, Inc.) S3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.) S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.) R1 MpKsl3bde92a8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A528650E-FE81-4611-B362-6DA859606BCC}\MpKsl3bde92a8.sys [44928 2017-07-02] (Microsoft Corporation) S3 NetAdapterCx; C:\windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 rt640x64; C:\windows\System32\drivers\rt640x64.sys [943112 2016-08-26] (Realtek ) R3 RtkBtFilter; C:\windows\system32\DRIVERS\RtkBtfilter.sys [710664 2016-10-10] (Realtek Semiconductor Corporation) S3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [418784 2016-09-23] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\windows\System32\drivers\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation ) R3 SmbDrv; C:\windows\system32\DRIVERS\Smb_driver_AMDASF.sys [60008 2016-08-25] (Synaptics Incorporated) S0 WdBoot; C:\windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R3 WirelessButtonDriver64; C:\windows\system32\DRIVERS\WirelessButtonDriver64.sys [32832 2016-07-31] (HP) S3 dbx; system32\DRIVERS\dbx.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-02 16:55 - 2017-07-02 16:56 - 00017049 _____ C:\Users\mayag\Desktop\FRST.txt 2017-07-02 16:55 - 2017-07-02 16:55 - 00000000 ____D C:\FRST 2017-07-02 16:53 - 2017-07-02 16:55 - 02435584 _____ (Farbar) C:\Users\mayag\Desktop\FRST64.exe 2017-07-02 16:20 - 2017-07-02 16:20 - 00002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk 2017-07-02 16:20 - 2017-07-02 16:20 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk 2017-07-02 16:20 - 2017-07-02 16:20 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk 2017-07-02 15:40 - 2017-07-02 15:40 - 00000000 ___HD C:\ProgramData\temp 2017-07-02 15:22 - 2017-07-02 15:22 - 00000000 ____D C:\Program Files (x86)\Origin Games 2017-07-02 15:19 - 2017-07-02 15:24 - 00000000 ____D C:\Users\mayag\AppData\Roaming\Origin 2017-07-02 15:01 - 2017-07-02 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2017-07-02 15:01 - 2017-07-02 15:01 - 00000000 ____D C:\Program Files (x86)\Origin 2017-07-02 14:52 - 2017-07-02 14:52 - 00000000 ____D C:\Users\mayag\.QtWebEngineProcess 2017-07-02 14:52 - 2017-07-02 14:52 - 00000000 ____D C:\Users\mayag\.Origin 2017-07-02 14:51 - 2017-07-02 15:34 - 00000000 ____D C:\ProgramData\Origin 2017-07-02 14:50 - 2017-07-02 15:23 - 00000000 ____D C:\Users\mayag\AppData\Local\Origin 2017-07-02 13:47 - 2017-07-02 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2017-07-02 13:24 - 2017-07-02 13:45 - 03480040 _____ (McAfee, Inc.) C:\Users\mayag\Desktop\MCPR.exe 2017-07-02 12:07 - 2017-07-02 13:24 - 00004020 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse 2017-07-02 12:07 - 2017-07-02 12:07 - 00004208 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse 2017-07-02 12:06 - 2017-07-02 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-06-26 11:27 - 2017-06-26 11:27 - 00049992 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe 2017-06-26 11:27 - 2017-06-26 11:27 - 00045640 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys 2017-06-26 11:27 - 2017-06-26 11:27 - 00045640 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys 2017-06-26 11:27 - 2017-06-26 11:27 - 00045640 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys 2017-06-25 16:18 - 2017-06-25 16:24 - 00000000 ____D C:\windows\system32\MRT 2017-06-25 16:16 - 2017-06-25 16:16 - 133627792 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe 2017-06-23 21:05 - 2017-06-23 21:05 - 00000000 ____D C:\windows\system32\fed90208dcecda64292454d3b36bf654283d891ba8957..bin 2017-06-23 20:53 - 2017-06-23 20:53 - 00000000 ____D C:\ProgramData\AMD ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-02 16:56 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-07-02 16:56 - 2016-07-16 12:47 - 00000000 ____D C:\windows\AppReadiness 2017-07-02 16:52 - 2017-03-21 18:54 - 00000000 ____D C:\Users\mayag\AppData\Local\Packages 2017-07-02 16:37 - 2016-07-29 13:32 - 00000000 ____D C:\windows\system32\SleepStudy 2017-07-02 16:20 - 2016-10-21 08:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-07-02 15:45 - 2016-07-29 13:37 - 01121736 _____ C:\windows\system32\PerfStringBackup.INI 2017-07-02 15:45 - 2016-07-16 12:36 - 00000000 ____D C:\windows\CbsTemp 2017-07-02 15:40 - 2017-03-21 18:49 - 00000000 ____D C:\Users\mayag 2017-07-02 15:39 - 2016-07-29 13:32 - 00000006 ____H C:\windows\Tasks\SA.DAT 2017-07-02 14:25 - 2017-01-20 11:05 - 00000000 ____D C:\ProgramData\McAfee 2017-07-02 14:25 - 2017-01-20 11:05 - 00000000 ____D C:\Program Files\Common Files\McAfee 2017-07-02 14:24 - 2016-07-16 07:04 - 00524288 _____ C:\windows\system32\config\BBI 2017-07-02 14:16 - 2017-01-20 10:40 - 00065536 _____ C:\windows\psp_storage.bin 2017-07-02 14:07 - 2017-01-20 11:05 - 00000000 ____D C:\Program Files (x86)\McAfee 2017-07-02 13:40 - 2016-07-16 07:04 - 00032768 _____ C:\windows\system32\config\ELAM 2017-07-02 13:26 - 2016-07-16 12:45 - 00000000 ____D C:\windows\INF 2017-07-02 13:24 - 2017-01-20 11:07 - 00003126 _____ C:\windows\System32\Tasks\McAfeeLogon 2017-07-02 13:24 - 2017-01-20 11:07 - 00000000 ____D C:\windows\System32\Tasks\McAfee 2017-07-02 13:20 - 2016-10-21 08:04 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-06-25 16:16 - 2017-03-21 19:05 - 00000000 ____D C:\Users\mayag\AppData\Local\Dropbox 2017-06-25 12:42 - 2017-03-21 18:56 - 00000000 ____D C:\Users\mayag\AppData\Local\Comms 2017-06-25 12:40 - 2016-07-29 13:33 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-06-25 12:35 - 2016-10-21 08:04 - 00000948 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-06-25 12:35 - 2016-10-21 08:04 - 00000944 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-06-25 12:28 - 2016-07-16 12:47 - 00000000 ____D C:\windows\system32\NDF 2017-06-23 20:56 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-06-23 20:31 - 2017-03-21 19:06 - 00000000 ___RD C:\Users\mayag\Dropbox 2017-06-23 20:27 - 2017-03-21 19:00 - 00003290 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task v2 2017-06-23 20:27 - 2016-07-16 12:47 - 00000000 ____D C:\windows\appcompat 2017-06-23 20:26 - 2017-03-21 18:58 - 00002374 _____ C:\Users\mayag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-06-23 20:26 - 2017-03-21 18:58 - 00000000 ___RD C:\Users\mayag\OneDrive 2017-06-23 20:24 - 2017-03-21 18:54 - 00000000 ____D C:\Users\mayag\AppData\Local\ConnectedDevicesPlatform 2017-06-03 07:36 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2017-06-03 07:36 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2017-03-21 18:54 - 2017-07-02 15:42 - 0046136 _____ () C:\Users\mayag\AppData\Local\BTServer.log Some files in TEMP: ==================== 2017-03-21 18:52 - 2016-12-01 10:31 - 0050720 _____ (HP Inc.) C:\Users\defaultuser0\AppData\Local\Temp\ACLMInstaller.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-29 13:32 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2017 Ran by mayag (02-07-2017 16:57:30) Running from C:\Users\mayag\Desktop Windows 10 Home Version 1607 (X64) (2017-03-21 17:45:40) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1178048158-3526864474-3808934351-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1178048158-3526864474-3808934351-503 - Limited - Disabled) defaultuser0 (S-1-5-21-1178048158-3526864474-3808934351-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-1178048158-3526864474-3808934351-501 - Limited - Disabled) mayag (S-1-5-21-1178048158-3526864474-3808934351-1001 - Administrator - Enabled) => C:\Users\mayag ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: - Advanced Micro Devices, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: - Apple Inc.) Build-a-lot (HKLM-x32\...\WTA-2f64908a-a206-4137-b288-3018c2569658) (Version: - WildTangent) Hidden Catalyst Control Center Next Localization BR (HKLM\...\{EEA7B16E-6BB8-C27B-A71D-14D82CD6F076}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{52BBA623-3EFE-8B7D-B863-1AD1370E303B}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{B78F7B76-BC7B-EE67-69CA-5014222377CD}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (HKLM\...\{9F170842-DA73-B445-9DE5-DC3B37C23B5B}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{1B4D3EB0-5512-821E-9F6C-62588BCFCBBA}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{FF797AC6-7555-EEFB-54BC-D6FCA9D73978}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{B8451D71-F3EC-FD50-5658-28DC8151904C}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{9F883441-E8F6-8290-F684-2D4BB48CBC0F}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{BB13CF69-FF35-5DC9-BE2C-F9ECBC190639}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{DB62C8CA-34FF-896B-75DD-5ABF002279E8}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{4A514AAA-7CF1-C368-A233-8DA09EC3CE8A}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{CC0C620D-BCFE-4D18-A670-A01B673FBE2A}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{854A45FD-75F6-1797-DBFD-83424A1F319F}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{243E9B62-B989-7CE6-EE58-5A382BBFCFD0}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{96662528-34BB-2386-EB4C-293BAA6FC7FE}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{14511619-128C-BA45-1E5B-BB4E85A16338}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{3A867597-6458-80B9-DB6A-46115E29BE0F}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{E3769A39-C80C-C6CD-DFB1-65467011630A}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{E51D28A5-E327-2CB2-D310-F80387094502}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{44527A55-38ED-DC9D-A971-9C2D58AD01A8}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{0E77DCCD-EE99-6877-EB83-047E3C23E7BE}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Crazy Chicken Soccer (HKLM-x32\...\WTA-50cdd0b3-9338-4326-8a9f-740ebbdb7b77) (Version: - WildTangent) Hidden CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: - CyberLink Corp.) CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: - CyberLink Corp.) Dropbox (HKLM-x32\...\Dropbox) (Version: 29.4.20 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: - Dropbox, Inc.) Hidden Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.) HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: - HP Inc.) HP Documentation (HKLM\...\HP_Documentation) (Version: - HP Inc.) HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.) HP JumpStart Bridge (HKLM-x32\...\{9B252E0D-7B31-48A6-B01E-B5CCBA286E8E}) (Version: - HP Inc.) HP JumpStart Launch (HKLM-x32\...\{B90CB0DE-2E60-41C4-9857-466EB98192BF}) (Version: - HP Inc.) HP Orbit (HKLM-x32\...\{94fe0719-8e44-4833-a106-b54ad117949f}) (Version: - HP Inc.) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8357.5639 - HP Inc.) HP Support Assistant (HKLM-x32\...\{6FA09B91-5D97-45A9-95E9-50F635C98043}) (Version: - HP Inc.) HP Support Solutions Framework (HKLM-x32\...\{C85AC2ED-2305-4137-A8BA-CC628F635C82}) (Version: - HP Inc.) HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: - HP Inc.) HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.) HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: - HP) Magic Heroes: Save Our Park (HKLM-x32\...\WTA-3b1b04b9-b686-4357-a22d-92053c8b4d30) (Version: - WildTangent) Hidden Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8201.2102 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1178048158-3526864474-3808934351-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: - Electronic Arts, Inc.) Polar Bowler 1st Frame (HKLM-x32\...\WTA-9d731d07-0663-41f3-ae33-e1146dc73d5d) (Version: - WildTangent) Hidden Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-b63c7969-eea4-4e97-ad73-8b8f73a50efe) (Version: - WildTangent) Hidden REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: - REALTEK Semiconductor Corp.) Runefall (HKLM-x32\...\WTA-f7a47857-8cce-4e1d-9a28-d7e2a64bd5c1) (Version: - WildTangent) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: - Synaptics Incorporated) Trinklit Supreme (HKLM-x32\...\WTA-965625f4-0082-49a0-9951-8c6abd97fc54) (Version: - WildTangent) Hidden Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden Vulkan Run Time Libraries (HKLM\...\VulkanRT1.0.24.0) (Version: - LunarG, Inc.) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: - WildTangent) WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-09-14] (Advanced Micro Devices, Inc.) ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0664CD05-BE11-4C85-9D17-ABFD78FF58FB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-23] () Task: {0AB4996D-3688-4A0A-BFB8-66E004487C72} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-08-05] (HP Inc.) Task: {0D9BDB0C-0082-4F01-AB22-CB5F62F15D8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-05] (HP Inc.) Task: {1081908A-52B5-44E4-859A-830937EA5446} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {11E4B6F3-3806-40E5-8017-294B24590DDA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation) Task: {203EC707-564D-4630-9E38-462CE2B33395} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-05] (HP Inc.) Task: {22889FF7-40CB-4C3F-89F6-6AE8F9EDF5DA} - System32\Tasks\HPJumpStartProvider => C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe [2016-08-05] () Task: {33CCAB65-30A6-43C2-9037-4F1EFCB3A07A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {38625090-AD39-4ED6-B622-60E04DD21052} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-08-05] (HP Inc.) Task: {3A3A512C-7E8D-4890-9054-1335669AD191} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe Task: {3CB9AD2F-F2FA-4C4E-B0DA-E48EAF964732} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe Task: {4673E3FD-FCD0-4BA8-9316-F42BD0C5B0E8} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-09-20] (McAfee, Inc.) Task: {559FEBB3-4551-44F1-AB07-AF326A03B3F3} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-05] (HP Inc.) Task: {5C381350-883E-4E10-807F-2E90D1659782} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-08-04] (HP Inc.) Task: {8B51F5C1-0EA4-40F9-88AD-3DE6D815FAF6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {960F7C8F-5F53-4778-8ED5-C892CF995FAA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-03-21] (Dropbox, Inc.) Task: {9C8EBAD3-26A3-4A70-A59A-485558D6C2D9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {B9FBA06F-2D91-4267-8EAA-240762DAFA03} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {BFB96C48-5692-4635-8F4E-2B134452481D} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs] Task: {C31D19E1-7A60-4C7E-92A6-E6D9C621B220} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-05] (HP Inc.) Task: {C7A14B1A-09C8-496B-9EB2-E27D00BB9404} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {D9245206-DD45-44D5-8749-0F18121B44BE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {EA46CF6F-B08F-4B20-9DA2-FA52F8A55491} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-03-21] (Dropbox, Inc.) Task: {EBCB59D5-D99F-4D3D-AB76-D41F2E588E48} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation) Task: {FAB23F50-C43A-4CD1-863B-5293215736D1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-23] () Task: {FB8D27A9-417C-45E8-962A-8589957DA5B2} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2016-10-04] (HP Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=booking&refclickid=square ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\windows\SYSTEM32\ism32k.dll 2016-10-21 16:37 - 2016-10-21 16:37 - 02681200 _____ () C:\windows\system32\CoreUIComponents.dll 2016-08-05 15:42 - 2016-08-05 15:42 - 00843800 _____ () C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe 2016-07-16 12:42 - 2016-07-16 12:42 - 00130048 _____ () C:\windows\SYSTEM32\CHARTV.dll 2016-10-21 16:37 - 2016-10-21 16:37 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-10-21 16:37 - 2016-10-21 16:37 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-10-21 16:37 - 2016-10-21 16:37 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-10-21 16:37 - 2016-10-21 16:37 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-10-21 16:37 - 2016-10-21 16:37 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-10-21 16:37 - 2016-10-21 16:37 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-10-21 16:37 - 2016-10-21 16:37 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-10-21 16:37 - 2016-10-21 16:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-09-14 23:05 - 2016-09-14 23:05 - 00138752 _____ () c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2015-06-25 18:34 - 2015-06-25 18:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2015-06-25 18:37 - 2015-06-25 18:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-06-25 18:35 - 2015-06-25 18:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2015-06-25 18:38 - 2015-06-25 18:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-06-25 17:53 - 2015-06-25 17:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll 2015-06-25 17:51 - 2015-06-25 17:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2017-07-02 13:22 - 2016-10-25 00:31 - 00508368 _____ () C:\Program Files\Common Files\McAfee\Sustainability\GenericPlugin.dll 2016-07-16 12:42 - 2016-07-16 12:42 - 00236488 _____ () c:\windows\system32\WerEtw.dll 2017-07-02 12:05 - 2017-06-26 11:27 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll 2017-07-02 12:05 - 2017-06-26 11:27 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll 2017-03-21 19:02 - 2017-06-26 11:26 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2017-03-21 19:02 - 2017-06-26 11:29 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2017-07-02 12:05 - 2017-06-26 11:28 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2017-07-02 12:05 - 2017-06-26 11:26 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2017-07-02 12:05 - 2017-06-26 11:26 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2017-07-02 12:05 - 2017-06-26 11:27 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2017-03-21 19:02 - 2017-06-26 11:26 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2017-07-02 12:05 - 2017-06-26 11:27 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2017-07-02 12:05 - 2017-06-26 11:26 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2017-03-21 19:02 - 2017-06-26 11:29 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2017-07-02 12:05 - 2017-06-26 11:28 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2017-06-23 20:31 - 2017-06-26 11:30 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2017-07-02 12:05 - 2017-06-26 11:28 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2017-07-02 12:05 - 2017-06-26 11:27 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2017-07-02 12:05 - 2017-06-26 11:29 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2017-07-02 12:05 - 2017-06-26 11:27 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2017-07-02 12:05 - 2017-06-26 11:29 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2017-03-21 19:02 - 2017-06-26 11:30 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd 2017-07-02 12:05 - 2017-06-26 11:27 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll 2017-07-02 12:05 - 2017-06-26 11:27 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2017-03-21 19:02 - 2017-06-26 11:30 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2017-06-23 20:31 - 2017-06-26 11:29 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2017-01-20 10:48 - 2017-01-20 10:48 - 00133632 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\4416462b3a54ef2473cc832d5ed3304a\BRIDGECommon.ni.dll 2017-01-20 10:48 - 2017-01-20 10:48 - 00110592 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\BridgeExtension\96fd89505b3f5dce10e95613cb1c1e9b\BridgeExtension.ni.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-07-16 12:47 - 2016-07-16 12:45 - 00000824 _____ C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1178048158-3526864474-3808934351-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mayag\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{e6e8562d-8532-4cb0-ac57-221a5ca0cd2a}.jpg DNS Servers: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{A6CC6F7D-7731-480E-9DE4-DD9214838590}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FFECA88B-C28B-416E-A42F-794DA8070EAC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9906ACB5-5AD8-43B9-B291-B0E47B66E235}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{40B60F4C-90B9-4D2E-BE60-4152C9401457}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{56CCD1EA-CFAA-4413-B398-D04C9E1225BB}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe FirewallRules: [{7F7FD7E6-05EE-4D20-AA83-DF70CD3F4EB2}] => (Allow) LPort=13148 FirewallRules: [{A649D905-F247-4780-AC2B-853E2C473ED2}] => (Allow) C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE FirewallRules: [{6AEC34D5-E365-4C8B-AE14-D60D7232A5FE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe FirewallRules: [{0548BD9E-FC03-43F8-B1D6-12571CBE00B7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe FirewallRules: [{3EF671FD-FBF7-4A9E-8A15-6101F704212A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe FirewallRules: [{96BDE879-6F27-41F4-902C-7156E1A7F804}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe FirewallRules: [{3D8DF37E-1EEB-453E-9D0E-2DE24B42BEE5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe FirewallRules: [{E9CEE5EB-F88C-455B-9211-18CEEF58B198}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{AF00083E-F58C-4DD5-9364-D91A0141500D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{2DE59B8B-8C49-42DC-AE7A-B8842DA49B71}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe ==================== Restore Points ========================= 25-06-2017 16:13:56 Windows Update 25-06-2017 16:15:15 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/02/2017 04:51:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-ELFC69SF) Description: Activation of application Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/02/2017 03:40:53 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (07/02/2017 03:40:53 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (07/02/2017 03:40:53 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (07/02/2017 03:40:53 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (07/02/2017 03:40:53 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (07/02/2017 03:40:53 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (07/02/2017 03:40:53 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (07/02/2017 03:40:53 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (07/02/2017 03:40:53 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) System errors: ============= Error: (07/02/2017 04:40:18 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The McAfee Personal Firewall Service service depends on the following service: MfeFire. This service might not be installed. Error: (07/02/2017 04:03:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Security Center service did not respond on starting. Error: (07/02/2017 04:01:35 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Cyberlink RichVideo64 Service(CRVS) service did not respond on starting. Error: (07/02/2017 03:59:30 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The McAfee Module Core Service service did not respond on starting. Error: (07/02/2017 03:57:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The McAfee Proxy Service service did not respond on starting. Error: (07/02/2017 03:54:59 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The McAfee VirusScan Announcer service depends on the following service: mfevtp. This service might not be installed. Error: (07/02/2017 03:54:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Downloaded Maps Manager service did not respond on starting. Error: (07/02/2017 03:52:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The HP Support Solutions Framework Service service did not respond on starting. Error: (07/02/2017 03:50:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The HP Comm Recovery service did not respond on starting. Error: (07/02/2017 03:48:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The McAfee Home Network service did not respond on starting. CodeIntegrity: =================================== Date: 2017-07-02 16:54:00.322 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-02 16:54:00.050 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD A9-9410 RADEON R5, 5 COMPUTE CORES 2C+3G Percentage of memory in use: 39% Total physical RAM: 7647.12 MB Available physical RAM: 4621.95 MB Total Virtual: 9503.12 MB Available Virtual: 6100.64 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:916.33 GB) (Free:877.1 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:13.95 GB) (Free:1.67 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: E8E3A7FE) Partition: GPT. ==================== End of Addition.txt ============================ One final thing: 16-y-o has tried to download Origin to play Sims and gets this error message, which is apparently something to do with Microsoft Visual Studio: The program can't start because MSVCP120.dll is missing from the computer. Try reinstalling the program to fix this problem. Is this a simple thing to do? Thanks as ever nuley
  9. Dear Starbuck Thanks very much for this. So far so good. We got rid of McAfee and Windows Defender is on. It seems to be running a little faster, though start-up was slow on the reboot - but maybe that's normal. Our start menu looks different from yours - we are running Windows 10 Home and I'm wondering if that's the only difference, though I did manage to find everything eventually. [ATTACH=CONFIG]1540.vB5-legacyid=2637[/ATTACH] If we could remove some of the bloatware from hp, that would be great, thank you. All best Nuley
  10. Hello friends I have a new laptop - Hp, running windows 10, x64 processor, 8GB RAM, AMD A9-9410 radeon R5 processor. It will be mostly used for 16-y-o's A level coursework, so some internet research, photos, music and Sims. It's running quite slowly already, although there's nothing much installed as yet. Microsoft edge is the standard browser. I haven't added any decent virus guard yet and was hoping for some advice please, but with some detailed instructions as to what I need to remove first as I've made that mistake before of having 2 virus or firewall things going at the same time and it was horrible. I think McAfee is on here, but I haven't got to grips with finding things under Windows 10. Could you help please, both with speeding it up and with the right virus / firewall system combination please? Thank you very much as ever! nuley
  11. Thank you Ken. I have been trying to do the one-key recovery which I thought was called a system restore. I haven't tried to re-install anything as it all came pre-loaded, and I've nothing to re-install. I will contact John Lewis! many thanks nuley
  12. Hi there Thanks for your input. I've been putting it off for months as it's so frustrating... I have had another go today, making sure I was following instructions to the letter, asking it to restore from initial backup. It went through the entire process and seemed to be restoring things. It then said it had completed and offered me the choice of shutting down or rebooting. When I rebooted, it went back to the same black screen which says 'no bootable device -- insert boot disk and press any key'. Do you have any advice, please? thanks very much nuley
  13. Hi there No luck so far. I did the system restore which didn't work, so I have just done it again, and it still didn't work. From reading a bit further on the Lenovo website, I am wondering if I needed to create and save some sort of recovery point on a USB stick when the laptop was new. Which I didn't do, unfortunately. There is an option to buy recovery disks from Lenovo which I think is probably the next step, unless you have any better advice? Thanks again for all the help! Nuley
  14. Thanks for this. The disk is out but windows doesn't start - I simply get the black screen with the unbootable message. I'll try the onekey recovery Starbuck suggests. Thanks all the same.
  15. Dear friends 12-y-o son has a fairly new Lenovo G510 laptop, intel core i3, 4GB ram, 500 GB which has worked brilliantly running, I think, windows 8? until he bought a second hand King Kong PC game (I looked, it was published in 2005 and is completely wrong for this OS) and stuck the disk into the disk drive. Now the only message appearing on the screen after the Lenovo logo is: No bootable device -- insert boot disk and press any key I don't think it came with a boot disk, I think when I bought it I just opened it and it worked. (Probably appropriate for my level of expertise.) If the worst comes to the worst, it was from John Lewis about 7 months ago so it should be under guarantee, but I'm hoping it might be simpler than that...? Any help would be gratefully received! Thank you as ever. All best Nuley
  • Create New...