Starbuck

You're welcome. Let me know how the 'Visual Studio 2015' reinstall goes and if it fixes the problem.

Hi Nuley, Sorry for the late reply.... have been really busy today. It's a new simpler routine that Farbar has added. FRST reads the fix from the clipboard. :) It seems that you're not alone with this 'Origin' problem, a lot have had this: Can't Open Origin on Windows 10 Windows 10 and Origin Both links agree that reinstalling the 'Visual C++ Redistributable for Visual Studio 2015' should fix the problem. Both links will explain the procedure. As you are running a 64bit system, you will need to reinstall both the 32bit and the 64bit versions. Is the system running any better after removing those leftover McAfee entries?

Definitely an odd one there Jimmy but I'm glad that you are all sorted now.

Is this in Google Play store? I see it's also available from: http://www.apkmonk.com/app/org.summitcu.MobileBanking/ I really can't see why it'll work on your phone but not on the tablet..... that's very strange.

Hi Nuley, Before we get around to the HP bloatware, I'd like you to run the following fix. Even after uninstalling McAfee and then running the removal tool, there's still a stupid amount of McAfee entries showing on your system. This is typical of some programs. Cleaning these entries may well help the system run better. This is a new simpler way of running a fix......... Copy the script within the quote box below: (make sure that you include Start:: and End:: as these are the clipboard notifiers. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. http://i.imgur.com/AZfCBHb.png It's as simple as that now. :) The tool will make a log in the same directory that FRST is run from (Fixlog.txt). Please post this in your next reply. You're right about the Microsoft Visual. First thing to try after the fix is, make sure you have all the available Windows Updates. If this doesn't make any difference, we'll try running SFC. Last resort would be to uninstall all of the Microsoft Visual C++ entries and reinstall them again. But let's take that one step at a time after running the fix and updating windows updates. Thanks

Hi Nuley, It would all depend on what updates have been installed. M$ has a habit of changing them all the time. I run 'Home' and 'Pro'.... they are slightly different. Ok, let's see what's installed and what's running at startup. Note: There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type. If you are unsure what you're system bit type is..... click Here for help. For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop. Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator When the tool opens click Yes to disclaimer. Make sure that Addition.txt is selected at the bottom Press Scan button. http://i.imgur.com/YO62v3X.png It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool also makes another log (Addition.txt). Please copy and paste it to your reply also. Thanks

Hi Jimmy, This normally means that Google cannot retrieve the carrier info from your device. Some possible causes for this are: The SIM card is not inserted, or inserted incorrectly/broken (can't use telephony feature) The SIM card is inserted correctly, but Google cannot identify it (e.g. an issue with Republic Wireless) The device doesn't have SIM card slot (e.g. tablet) But I doubt that your Tablet has a sim card slot anyway. As far as I know, the text "No carrier" is only an informational text to identify which device you are choosing, and it's not an error message. Regarding app installation, it may/may not affect the installation. Some apps are restricted to certain carriers. I take it that this app worked on the Tablet before being sent to be fixed. So what work did they do? If this app works on the phone but not the Tablet .... what Android version is the phone running?

Hi Jimmy, I take it then, this is the app you are referring to: http://i.imgur.com/bILdPnN.png Got this up on my PC, but couldn't find it in the play store... on mobile or tablet. Maybe it's a regional thing. Wow, that's old. mine is version 7.9.80 (phone and tablet) What is the version of Google Play on your mobile phone?

Hi Jimmy, What is the name of the banking app?

Hi nuley, You'll soon get the hang of it. I take it that you mean, you have problems finding the old add/remove list? I can explain the easy way. The slowdown may well be caused by McAfee... that's the first thing that I would remove. Also McAfee firewall may well be turned on, which could conflict with the windows firewall if that is also turned on. The built in Windows Defender on Win10 is pretty good for most types of surfing. ( that's all I'm using on this system) As this is a HP laptop, it'll probably have all sorts of bloatware factory installed. To remove McAfee products: Download the McAfee removal Tool and save it to your Desktop. Close all McAfee Application windows you may have open (normally by right clicking on the McAfee taskbar icon) Now right-click on MCPR.exe (removal tool) and select "Run as Administrator" to start the removal process. After the removal tool finishes, you should be prompted to restart your computer. Once the computer restarts, your McAfee product should be uninstalled. Now check that Windows Defender is turned on ( it doesn't always turn on automatically when a third party AV is removed). Right click on the Start button and select Settings from the menu that pops up. Tip.... remember this menu, it's really handy. http://i.imgur.com/nSLBei5.png Now click on Update & Security Click Windows Defender on the left hand side You can then check to see if it's turned on. Now check to see if the Windows Firewall is turned on. M$ have now removed the Control Panel from the pop up menu, so we have to start CP another way. Click on the Search box (on the Taskbar)and type in Control Panel. Click on the Control Panel option given at the top of the list. Scroll down the Control Panel list and click on Windows Firewall. The settings to turn it on and off are on the left hand side. Note: To get to the old add/remove list...... Use the right click on the Start button method, from the pop up menu click on Apps & Features at the top. Let me know how the system is running after removing McAfee and we'll take it from there.

Hi Jimmy, Sorry for the late reply.... Turn your router off from the mains..... wait about 5 minutes, then turn it back on. Once the lights have settled try chrome again.

Has the fix made any difference to Chrome connecting?

Hi Jimmy, On looking into this problem it seemed that there was a few things that caused this. Incorrect Firewall rules Conflict with an old AV that hadn't been uninstalled correctly Also clearing the caches etc can sometimes help. The first 2 are the things I wanted to look into. The report shows that these are ok. The clearing of the caches we can deal with, within the fix. There are a few things that I'd like to mention about the findings.... File1 Package Manager Did you actually install this yourself? It does normally come bundled as a third party program with a legit program that you install. If you didn't install this yourself, I recommend that you remove it. Amazon Unbox Video This is a very old program and has actually been discontinued for a couple of years now. It's never wise to keep discontinued programs on your system. Amazon did give instructions on how to still see any downloaded videos. About Watching Videos Previously Downloaded to Your PC This is a bit of overkill. uBlock Origin would be all you need. Having the others may cause conflicts as they're all trying to do the same thing. There are a few things that should be removed with a fix..... Please download the attached fixlist.txt file (bottom of this post) and save it to C:\Users\Ray\Downloads. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. http://img.photobucket.com/albums/v708/starbuck50/frstfix_zps7db0c905.png The tool will make a log in the Download folder (Fixlog.txt). Please post this in your next reply. Thanks fixlist.txt

Hi Jimmy, There are a couple of things I'd like to look in to if you don't mind.... Note: There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type. If you are unsure what you're system bit type is..... click Here for help. For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop. Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator http://img.photobucket.com/albums/v708/starbuck50/frsticon_zpsdc3cbdc3.png When the tool opens click Yes to disclaimer. http://img.photobucket.com/albums/v708/starbuck50/frstdis_zps7f598f12.png Make sure that Addition.txt is selected at the bottom Press Scan button. http://img.photobucket.com/albums/v708/starbuck50/newfrst_zpsa63ffa3d.png It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also. please post both reports for me. Thanks

http://i.imgur.com/BZjk1wi.png Following the emergence of the WannaCry ransomware attack campaign last week, another, possibly bigger outbreak raging predominantly across the Ukraine is underway. The culprit? A new ransomware called XData. It was spotted over the weekend by security researcher MalwareHunter. MalwareHunter is one of the people behind the ID-Ransomware service that enables users to submit ransomware samples for analysis. XData was submitted via the service. The infections with XData across Ukraine have been increasing so rapidly it has raised XData to the second most active ransomware strain, second to the ever dominant Cerber. http://i.imgur.com/uY0RwSs.jpg XData caught the attention of the team due to its rapid spread across Ukraine where, in one day, XData made four times as many victims when compared with the total for the entire week of WannaCry’s reign. http://i.imgur.com/AhJcpn8.jpg WannaCry has already infected hundreds of thousands of systems across the globe, but if you consider the current rate of XData infection in Ukraine, Russia and Germany, the global impact of XData would far outshine that of WannaCry. Meet XData TheXData ransomware was initially spotted in May 2017 and while its distribution method is currently unknown, these are the files and processes currently found on an infected host: mssql.exe msdns.exe msdcom.exe mscomrpc.exe . XData utilises AES encryption to encrypt files, to which it changes the extension to~xdata~. For example, a file named photo.png becomes photo.png.~xdata~. http://i.imgur.com/DKEJyKj.jpg Source: Bleeping Computer Once the encryption process is complete, the following ransom note appears: http://i.imgur.com/sEqxgSs.jpg Source: Bleeping Computer Unfortunately, at this stage, there is no way to decrypt files locked by the XData ransomware. Researchers will continue to look into this latest outbreak. Source: http://blog.emsisoft.com/2017/05/22/xdata/

The company has a fix for your Internet problems http://i.imgur.com/wmArRKL.jpg Last week, an update made to Avast's security solution took down the Internet for users. Now, the company has released a fix for all your problems. The fix, according to Avast, is being distributed via a micro-update to Avast Web Shield. If you want to download the fix, you'll have to turn off the Avast Web Shield which, in turn, will allow your Internet to work again. This, of course, was known from back when the problem occurred, as the company's forums were full of this solution. You'll then have to go to Protections >> Antivirus from the user interface and turn the Web Shield OFF. Alternatively, you can right-click the Avast tray icon, go to Avast shield control, and choose "disable permanently" so you can turn off all shields. Then, you'll have to go to your Avast installation folder, which can usually be found in C:\Program Files\AVAST Software\Avast. There you'll need to double-click on the AvEmUpdate.exe file and confirm the prompt. The fix will be applied silently. A few minutes of wait-time are required and then you'll need to restart your computer. Repeat the process to turn the Web Shield back on and you'll be safe again and be able to access the Internet once more. Previous solutions worked too The version that worked to solve the issue last week involved uninstalling the entire software from your computer and installing a fresh copy since the fix didn't apply via the regular update method. Other options involved disabling the Web Shield or disabling Avast completely, but that put users at risk of getting infected. With WannaCry running rampant these days, it's probably not a good idea to nix security software on your device. Source: http://news.softpedia.com/news/how-to-update-avast-with-fix-for-internet-connectivity-problem-515726.shtml

Security researchers have discovered several variants http://i.imgur.com/msdzLOJ.png As expected, the WannaCry ransomware is not even close to being done, despite one researcher discovering a convenient kill switch. Other variants have already been discovered in the wild, some with a different kill switch, some with none at all. After security researcher going by the Twitter handle MalwareTech discovered that by purchasing a random domain name the initial spread of the WannaCry ransomware was stopped, it was expected that the attackers would simply remove this domain from the code, add another or just leave the code free of such an easy way out. Multiple researchers have confirmed that such variants are available online and coming after Internet users everywhere. http://i.imgur.com/hN9Op0M.jpg “New variants today are now spreading with a modified kill-switch domain. Someone, likely different to the original attackers, made a very small change to the malware so it connects to a slightly different domain. That allowed it to continue propagating again," Chris Doman, security researcher at AlienVault, told us. “Thankfully some researchers are already registering the new domains as they identify them. The cat-and-mouse will likely continue until someone makes a larger change to the malware, removing the kill-switch functionality completely. At that point, it will be harder to stop new variants." What is WannaCry? WannaCry is a ransomware that is a lot stronger than other similar malware due to the worm component that helps it spread through networks. This is the main reason why computers in the NHS network went down one after another, or why Renault had to stop production at multiple sites. Once one computer in a network it infected, it's only a matter of time before the rest are too. Other companies have also suffered, including FedEx and Telefonica, as well as Germany's railway system. At this point in time, over 200,000 computers have been affected in over 150 countries, despite the kill switch. The only solution to block this attack is to update your operating system or to make sure you have an anti-malware solution installed to protect you from the malware. Even though this is a nasty ransomware, it's still detectable and, therefore, easy to block. Microsoft has released a patch to fix the vulnerability back in April. This vulnerability was actually exposed by a hacker group called Shadow Brokers who dumped online a series of documents belonging to the NSA which detailed a zero-day exploit. Security researchers warned at the time that it wouldn't be too long before an attack was deployed. Following the launch of the WannaCry attack, Microsoft went ahead and released a patch for Windows XP and Server 2003, even though both were no longer supported. Source: http://news.softpedia.com/news/wannacry-ransomware-variant-with-no-kill-switch-discovered-515693.shtml

Microsoft takes unusual step of providing direct support to unsupported systems as targets in 74 countries - including vast swathes of UK hospitals - have been impacted by ransomware attack across the globe http://i.imgur.com/vILdc4K.jpg Microsoft has taken the unprecedented step of issuing patches for unsupported operating systems - like Windows XP - in the wake of the massive WannaCrypt ransomware attacks against organisations across the globe. Businesses, governments and individuals in 74 countries across the globe have been victims of more than 45,000 attacks by this one strain of ransomware in the space of just a few hours. Wannacrypt ransomware demands $300 in Bitcoin for unlocking encrypted files - a price which doubles after three days. Users are also threatened with having all their files permanently deleted if the ransom isn't paid in a week. Hospitals across the UK have had systems knocked offline by the ransomware attack, with patient appointments cancelled and doctors and nurses resorting to pen and paper and NHS England declaring the cyberattack as a 'major incident' - a total of 45 NHS organisations are now own to be affected. Cybersecurity researchers have suggested the ransomware attacks are so potent because they exploit a a known software flaw dubbed EternalBlue. This Windows flaw is one of many zero-days which apparently was known by the NSA -- before being leaked by the Shadow Brokers hacking collective. Microsoft released a patch for the vulnerability earlier this year - but only for the most recent operating systems. One thing many of the targets have in common is that they're running old Windows operating systems like Windows XP, Windows 8 and Windows Server 2003, which now only usually receive patches if the organisation using them are receiving special custom support. However, in order to ensure as many systems as possible are protected against WannaCrypt ransomware and other attacks, Microsoft has made security patches for Windows XP and other operating systems broadly available to download. "This decision was made based on an assessment of this situation, with the principle of protecting our customer ecosystem overall, firmly in mind," the company told customers in a blog post. Customers can now download security updates for Windows Server 2003 SP2 x64 Windows Server 2003 SP2 x86 Windows XP SP2 x64 Windows XP SP3 x86 Windows XP Embedded SP3 x86 Windows 8 x86 and Windows 8 x64. Microsoft is continuing to work with customers to provide assistance as the situation evolves. In response to the attacks against the UK's National Health Service, Home Secretary Amber Rudd is set to chair an emergency Cobra crisis-committee meeting to coordinate a government response to the incident. Meanwhile,. The National Cyber Security Centre has issued a statement to say it is "working round the clock with UK and international partners and with private sector experts to lead the response to these cyber attacks". Ciaran Martin, CEO of the National Cyber Security Centre, said that in order to protect against this sort of attack, organisations should "make sure your security software patches are up to date" and "make sure that you are running proper anti-virus software" Source: http://www.zdnet.com/article/wannacrypt-ransomware-microsoft-issues-patch-for-windows-xp-and-other-old-systems/#ftag=RSSbaffb68

Hi tismehi The non-UEFI option will boot the device in the legacy BIOS mode. If you have a Win7/8/10 DVD it can be booted in either BIOS or UEFI mode. If you have a GPT partitioned boot drive then you need to install Windows in UEFI mode. UEFI mode is supposed to have advantages such as helping boot up faster, support for Secure Boot (with Win8 etc) and so on. Also, it's required for booting off GPT drives larger than 2TB (GPT also doesn't have the 4 primary partition limit that MBR does). Other than that Windows itself won't exhibit any difference in behaviour. These links may help you to understand better: UEFI boot: how does that actually work, then? What is the difference in “Boot with BIOS” and “Boot with UEFI”

Hi tismehi It's not as silly as you think. It is quite possible to set up a dual boot with the 2 operating systems. Not as straight forward as 2 windows operating systems.... but still possible. These links will explain everything you need to know. Dual boot Android Marshmallow 6.0 and Windows 7/8/8.1/10 Dual boot Windows 10 & Android Nougat 7.0

Hi joddle, After searching around, I see the problem you are having. These batteries are not easy to come by. I also see that M$ have had a lot of problems with these batteries. Have you seen these links: Microsoft publishes 6 step fix for Surface RT owners with battery issues after updating to Windows 8.1 Surface battery won’t charge

Wait for Windows Update to ensure your hardware works properly, Microsoft says. http://i.imgur.com/UTLVXBL.jpg Microsoft would prefer it if you didn't try to install the Windows 10 Creators Update yourself. Instead, the company is encouraging everyone but advanced users to wait for the Creators Update to become available via Windows Update. That means workarounds for excited users, like the Media Creation Tool or the Windows Update Assistant, are discouraged. The reason for all this hesitation, according to Microsoft, is that the company wants to iron out any issues for specific hardware configurations before making the upgrade available to affected PCs via Windows Update. Microsoft is doing this using the feedback mechanisms in Windows Insider builds, as well as general feedback from users currently running the Creators Update. Microsoft says it usually takes one of three steps when there's a problematic issue in the Creators Update: Document the issue and provide some troubleshooting advice on places like the company's forums. Add a fix to Windows or work with a hardware maker to make a driver change. Block impacted devices from receiving the Creators Update via Windows Update. . One issue that Microsoft cites as an example is a problem with certain Broadcom bluetooth radios that are having connectivity issues. Microsoft posted some troubleshooting advice on the company's forums once the issue was identified. The company also temporarily blocked anyone else with the same radio from getting the Creators Update over Windows Update. The company plans to remove the block once a solution is found. The story behind the story: Microsoft's old school software testing team was greatly reduced a few years ago, and it's pretty clear that the Windows Insider program isn't picking up the slack in full. So it's not surprising to see Microsoft encourage patience for those who want to upgrade. The Anniversary Update also had several issues in its early days, such as Kindle devices triggering the dreaded BSOD, broken webcams, and the infamous freezing issue. Annoying, undiscovered bugs are likely the new normal for the early days of Windows feature releases. As a result, most users should get used to waiting a little longer than expected for Microsoft's latest and greatest. Source: http://www.pcworld.com/article/3192588/windows/dont-install-the-windows-10-creators-update-on-your-own-microsoft-advises.html#tk.rss_windows

Webroot fixes faulty antivirus update that mistakenly flagged Windows as malware

Windows' system files were flagged as malicious, and Facebook was marked as a phishing site. http://i.imgur.com/bv0ZRuR.jpg A malware signature update issued by the company on Monday triggered the software into mistakenly flagging Windows system files as malware, melting down millions of managed systems around the world. The problem began in the afternoon on the US east coast when the antivirus product began falsely marking those files as W32.Trojan.Gen, otherwise known as generic malware. That moved crucial system files essential to the operating system's effective functioning to quarantine, making them unavailable to Windows. A thread on the company's website is already nine pages deep at the time of publishing, and news of the meltdown was evident on Twitter. Many independent tweets confirmed that several major websites, including Bloomberg and Facebook, were also marked as phishing sites, preventing users from accessing their pages. Security commentator SwiftOnSecurity tweeted that the Webroot issue was only live for 13 minutes, but the company's efforts to remediate the problem were getting stalled due to the sheer volume of clients requiring a fix. The company, which claims to have more than 30 million users, has so far suggested fixes for the Home edition and its Business edition software, but the company has yet to offer anything universal or concrete for its entire affected user base at the time of writing. A Webroot spokesperson confirmed the issue and that the company is "in the process of creating a fix," but did not say when it would arrive. It looks like it might end up being a long night for a lot of IT folk. Source: http://www.zdnet.com/article/webroot-antivirus-mistakenly-flags-windows-system-files-as-malware/

After a mysterious disappearance, Locky has reemerged -- and is borrowing attack techniques from Dridex. http://i.imgur.com/1zKT5Od.jpg The ransomware that drove last year's boom in file-encrypting malware is back, and this time it's even harder to detect. Ransomware cost its victims some $1bn during 2016, with Locky one of the most widespread variants, infecting organisations across the globe. However, the start of 2017 saw a sudden decline in the distribution of Locky, to such an extent that another form of ransomware -- Cerber -- has usurped Locky's dominance. But after being all but written off, Locky is staging a comeback. Cybersecurity researchers at Cisco Talos have observed a surge in emails distributing Locky, with over 35 thousand emails sent in just a few hours. This surge in distribution is being attributed to the Necurs botnet, which until recently focused on spamming pump-and-dump stockmarket scams. This time, however, the Locky campaign is harnessing an infection technique associated with the Dridex botnet, in an effort to boost the chance of compromising targets. As noted by cybersecurity researchers at PhishMe, this new form of Locky begins by using a familiar tactic -- a phishing email with an attached file the message claims is a document detailing a payment or scanned documents. But rather than the more common practice of attaching a compromised Office document, an infected-PDF is sent instead. http://i.imgur.com/WqLFDXF.jpg It's not the first time this technique has been used, with infected PDF documents commonly used to distribute the Dridex malware botnet. Cybersecurity researchers say Locky is leveraging PDF documents for one simple reason: more cyberattackers are exploiting Office macros to distribute malware, raising awareness of potential threats. Upon opening the infected document, the victim is prompted to give the PDF reader permission to open a second file. This second file is a Word document that asks for permission to run macros, which it uses to download the Locky ransomware. This two-step infection process is a simple evasion technique, but increases the chances of victims installing ransomware. The Locky payload still operates much as it always has, seeking out and encrypting critical files on victims' machines and demanding a Bitcoin ransom in exchange for restoring the system. One difference from previous Locky versions is that the ransomware asks victims to install the Tor browser in order to view the ransom payment site, which researchers suggest is down to Tor proxy services frequently being blocked and the burden of maintaining a dedicated Tor2Web proxy site. Currently, this version of Locky is demanding a ransom of one Bitcoin, which equates to $1200, €1100 or £935. It's a much more ambitious ransom demand, but cybercriminals are aware that many organisations are willing to give in and pay to avoid losing business-critical files. Source: http://www.zdnet.com/article/the-godfather-of-ransomware-returns-locky-is-back-and-sneakier-than-ever/#ftag=RSSbaffb68