nuley Posted June 25, 2017 Posted June 25, 2017 Hello friends I have a new laptop - Hp, running windows 10, x64 processor, 8GB RAM, AMD A9-9410 radeon R5 processor. It will be mostly used for 16-y-o's A level coursework, so some internet research, photos, music and Sims. It's running quite slowly already, although there's nothing much installed as yet. Microsoft edge is the standard browser. I haven't added any decent virus guard yet and was hoping for some advice please, but with some detailed instructions as to what I need to remove first as I've made that mistake before of having 2 virus or firewall things going at the same time and it was horrible. I think McAfee is on here, but I haven't got to grips with finding things under Windows 10. Could you help please, both with speeding it up and with the right virus / firewall system combination please? Thank you very much as ever! nuley Quote
KenB Posted June 25, 2017 Posted June 25, 2017 Hi nuley, I think Starbuck is the best one to advise you on Anti Virus Software. McAfee will suffice for the time being - but this will only be a 3 month trial [ probably ] and you will be asked to pay after that. If the machine seems slow straight out of the box I suggest that this may well be the best you are going to get - unless you have accessed the net with it and it may possibly be infected already. If Starbuck doesn't reply within 24 hours simply post here again and I will pick it up. Quote There is an email going around offering processed pork - gelatin - and salt in a can ......this is simply SPAM !! MiniToolBoxNetwork TestWireless Test
Starbuck Posted June 26, 2017 Posted June 26, 2017 Hi nuley, I think McAfee is on here, but I haven't got to grips with finding things under Windows 10.You'll soon get the hang of it. I take it that you mean, you have problems finding the old add/remove list? I can explain the easy way. The slowdown may well be caused by McAfee... that's the first thing that I would remove. Also McAfee firewall may well be turned on, which could conflict with the windows firewall if that is also turned on. The built in Windows Defender on Win10 is pretty good for most types of surfing. ( that's all I'm using on this system) As this is a HP laptop, it'll probably have all sorts of bloatware factory installed. To remove McAfee products: Download the McAfee removal Tool and save it to your Desktop. Close all McAfee Application windows you may have open (normally by right clicking on the McAfee taskbar icon) Now right-click on MCPR.exe (removal tool) and select "Run as Administrator" to start the removal process. After the removal tool finishes, you should be prompted to restart your computer. Once the computer restarts, your McAfee product should be uninstalled. Now check that Windows Defender is turned on ( it doesn't always turn on automatically when a third party AV is removed). Right click on the Start button and select Settings from the menu that pops up. Tip.... remember this menu, it's really handy. http://i.imgur.com/nSLBei5.png Now click on Update & Security Click Windows Defender on the left hand side You can then check to see if it's turned on. Now check to see if the Windows Firewall is turned on. M$ have now removed the Control Panel from the pop up menu, so we have to start CP another way. Click on the Search box (on the Taskbar)and type in Control Panel. Click on the Control Panel option given at the top of the list. Scroll down the Control Panel list and click on Windows Firewall. The settings to turn it on and off are on the left hand side. Note: To get to the old add/remove list...... Use the right click on the Start button method, from the pop up menu click on Apps & Features at the top. Let me know how the system is running after removing McAfee and we'll take it from there. Quote Member of:UNITE
nuley Posted July 2, 2017 Author Posted July 2, 2017 Dear Starbuck Thanks very much for this. So far so good. We got rid of McAfee and Windows Defender is on. It seems to be running a little faster, though start-up was slow on the reboot - but maybe that's normal. Our start menu looks different from yours - we are running Windows 10 Home and I'm wondering if that's the only difference, though I did manage to find everything eventually. [ATTACH=CONFIG]1540.vB5-legacyid=2637[/ATTACH] If we could remove some of the bloatware from hp, that would be great, thank you. All best Nuley Quote
Starbuck Posted July 2, 2017 Posted July 2, 2017 Hi Nuley, Our start menu looks different from yours - we are running Windows 10 Home and I'm wondering if that's the only differenceIt would all depend on what updates have been installed. M$ has a habit of changing them all the time. I run 'Home' and 'Pro'.... they are slightly different. If we could remove some of the bloatware from hp, that would be great, thank you. Ok, let's see what's installed and what's running at startup. Note: There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type. If you are unsure what you're system bit type is..... click Here for help. For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop. For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop. Double-click the downloaded icon to run the tool. Vista/Windows 7/8/10 users right-click and select Run As Administrator When the tool opens click Yes to disclaimer. Make sure that Addition.txt is selected at the bottom Press Scan button. http://i.imgur.com/YO62v3X.png It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool also makes another log (Addition.txt). Please copy and paste it to your reply also. Thanks Quote Member of:UNITE
nuley Posted July 2, 2017 Author Posted July 2, 2017 Thanks very much. Here goes: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2017 Ran by mayag (administrator) on LAPTOP-ELFC69SF (02-07-2017 16:55:58) Running from C:\Users\mayag\Desktop Loaded Profiles: mayag (Available Profiles: defaultuser0 & mayag) Platform: Windows 10 Home Version 1607 (X64) Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe (AMD) C:\Windows\System32\atieclxx.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe () C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Windows\System32\WpcMon.exe (Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTServer.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe (HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe (HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8903176 2016-10-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Session] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-10-14] (Realtek Semiconductor) HKLM\...\Run: [startCN] => c:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-14] (Advanced Micro Devices, Inc.) HKLM\...\Run: [btServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [231640 2016-09-20] (Realtek Semiconductor Corporation) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-21] (Microsoft Corporation) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc.) HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324488 2016-08-02] (HP) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-06-26] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP JumpStart Launch.lnk [2017-01-20] ShortcutTarget: HP JumpStart Launch.lnk -> c:\Windows\Installer\{B90CB0DE-2E60-41C4-9857-466EB98192BF}\HPlogo_blue.ico () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{06dc94cc-4859-4e21-9df2-e43c3e80c5eb}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-1178048158-3526864474-3808934351-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-1178048158-3526864474-3808934351-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE SearchScopes: HKLM -> {5A99CDC0-90A7-4A15-A14C-2FCC707EC15B} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {5A99CDC0-90A7-4A15-A14C-2FCC707EC15B} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-1178048158-3526864474-3808934351-1001 -> {5A99CDC0-90A7-4A15-A14C-2FCC707EC15B} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-06-23] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-06-23] (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-05] (HP Inc.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-05] (HP Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-23] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-23] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-23] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-06-23] (Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File FireFox: ======== FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-07-02] [not signed] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-23] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] () ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2016-09-14] () [File not signed] R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [125656 2016-09-20] (Realtek Semiconductor Corp.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4122816 2017-06-10] (Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-03-21] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-03-21] (Dropbox, Inc.) R2 DbxSvc; C:\windows\system32\DbxSvc.exe [49992 2017-06-26] (Dropbox, Inc.) S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-01] (WildTangent) R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1268736 2016-10-05] (HP Inc.) [File not signed] R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3316576 2016-08-09] (HP Inc.) R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [461848 2016-08-05] (HP Inc.) S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-01] (McAfee, Inc.) S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [317960 2016-10-14] (Realtek Semiconductor) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [258152 2016-08-25] (Synaptics Incorporated) R2 tbaseprovisioning; C:\windows\SysWOW64\tbaseprovisioning.exe [51224 2016-10-14] (Advanced Micro Devices, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AmdAS4; C:\windows\System32\drivers\AmdAS4.sys [27376 2016-10-14] (Advanced Micro Devices, INC.) R3 amdgpio2; C:\windows\System32\drivers\amdgpio2.sys [34704 2016-10-14] (Advanced Micro Devices, Inc) R3 amdi2c; C:\windows\System32\drivers\amdi2c.sys [54160 2016-10-14] (Advanced Micro Devices, Inc) S3 amdkmcsp; C:\windows\system32\DRIVERS\amdkmcsp.sys [100752 2016-10-14] (Advanced Micro Devices, Inc. ) R3 amdkmdag; C:\windows\System32\DriverStore\FileRepository\c0307343.inf_amd64_48b2d31d9265e835\atikmdag.sys [26561552 2016-10-14] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\windows\System32\DriverStore\FileRepository\c0307343.inf_amd64_48b2d31d9265e835\atikmpag.sys [510992 2016-10-14] (Advanced Micro Devices, Inc.) R0 amdpsp; C:\windows\System32\DRIVERS\amdpsp.sys [254864 2016-10-14] (Advanced Micro Devices, Inc. ) R3 amduart; C:\windows\System32\drivers\amduart.sys [91672 2016-10-14] (Advanced Micro Devices, Inc) R3 AtiHDAudioService; C:\windows\system32\drivers\AtihdWT6.sys [101376 2016-10-14] (Advanced Micro Devices) S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.) S3 mfeaack; C:\windows\System32\drivers\mfeaack.sys [419624 2016-08-02] (McAfee, Inc.) S3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.) S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.) R1 MpKsl3bde92a8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A528650E-FE81-4611-B362-6DA859606BCC}\MpKsl3bde92a8.sys [44928 2017-07-02] (Microsoft Corporation) S3 NetAdapterCx; C:\windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 rt640x64; C:\windows\System32\drivers\rt640x64.sys [943112 2016-08-26] (Realtek ) R3 RtkBtFilter; C:\windows\system32\DRIVERS\RtkBtfilter.sys [710664 2016-10-10] (Realtek Semiconductor Corporation) S3 RTSUER; C:\windows\system32\Drivers\RtsUer.sys [418784 2016-09-23] (Realsil Semiconductor Corporation) R3 RTWlanE; C:\windows\System32\drivers\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corporation ) R3 SmbDrv; C:\windows\system32\DRIVERS\Smb_driver_AMDASF.sys [60008 2016-08-25] (Synaptics Incorporated) S0 WdBoot; C:\windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R3 WirelessButtonDriver64; C:\windows\system32\DRIVERS\WirelessButtonDriver64.sys [32832 2016-07-31] (HP) S3 dbx; system32\DRIVERS\dbx.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-02 16:55 - 2017-07-02 16:56 - 00017049 _____ C:\Users\mayag\Desktop\FRST.txt 2017-07-02 16:55 - 2017-07-02 16:55 - 00000000 ____D C:\FRST 2017-07-02 16:53 - 2017-07-02 16:55 - 02435584 _____ (Farbar) C:\Users\mayag\Desktop\FRST64.exe 2017-07-02 16:20 - 2017-07-02 16:20 - 00002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk 2017-07-02 16:20 - 2017-07-02 16:20 - 00002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk 2017-07-02 16:20 - 2017-07-02 16:20 - 00002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk 2017-07-02 15:40 - 2017-07-02 15:40 - 00000000 ___HD C:\ProgramData\temp 2017-07-02 15:22 - 2017-07-02 15:22 - 00000000 ____D C:\Program Files (x86)\Origin Games 2017-07-02 15:19 - 2017-07-02 15:24 - 00000000 ____D C:\Users\mayag\AppData\Roaming\Origin 2017-07-02 15:01 - 2017-07-02 15:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2017-07-02 15:01 - 2017-07-02 15:01 - 00000000 ____D C:\Program Files (x86)\Origin 2017-07-02 14:52 - 2017-07-02 14:52 - 00000000 ____D C:\Users\mayag\.QtWebEngineProcess 2017-07-02 14:52 - 2017-07-02 14:52 - 00000000 ____D C:\Users\mayag\.Origin 2017-07-02 14:51 - 2017-07-02 15:34 - 00000000 ____D C:\ProgramData\Origin 2017-07-02 14:50 - 2017-07-02 15:23 - 00000000 ____D C:\Users\mayag\AppData\Local\Origin 2017-07-02 13:47 - 2017-07-02 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2017-07-02 13:24 - 2017-07-02 13:45 - 03480040 _____ (McAfee, Inc.) C:\Users\mayag\Desktop\MCPR.exe 2017-07-02 12:07 - 2017-07-02 13:24 - 00004020 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse 2017-07-02 12:07 - 2017-07-02 12:07 - 00004208 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse 2017-07-02 12:06 - 2017-07-02 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-06-26 11:27 - 2017-06-26 11:27 - 00049992 _____ (Dropbox, Inc.) C:\windows\system32\DbxSvc.exe 2017-06-26 11:27 - 2017-06-26 11:27 - 00045640 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-stable.sys 2017-06-26 11:27 - 2017-06-26 11:27 - 00045640 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-dev.sys 2017-06-26 11:27 - 2017-06-26 11:27 - 00045640 _____ (Dropbox, Inc.) C:\windows\system32\Drivers\dbx-canary.sys 2017-06-25 16:18 - 2017-06-25 16:24 - 00000000 ____D C:\windows\system32\MRT 2017-06-25 16:16 - 2017-06-25 16:16 - 133627792 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe 2017-06-23 21:05 - 2017-06-23 21:05 - 00000000 ____D C:\windows\system32\fed90208dcecda64292454d3b36bf654283d891ba8957..bin 2017-06-23 20:53 - 2017-06-23 20:53 - 00000000 ____D C:\ProgramData\AMD ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-07-02 16:56 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-07-02 16:56 - 2016-07-16 12:47 - 00000000 ____D C:\windows\AppReadiness 2017-07-02 16:52 - 2017-03-21 18:54 - 00000000 ____D C:\Users\mayag\AppData\Local\Packages 2017-07-02 16:37 - 2016-07-29 13:32 - 00000000 ____D C:\windows\system32\SleepStudy 2017-07-02 16:20 - 2016-10-21 08:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-07-02 15:45 - 2016-07-29 13:37 - 01121736 _____ C:\windows\system32\PerfStringBackup.INI 2017-07-02 15:45 - 2016-07-16 12:36 - 00000000 ____D C:\windows\CbsTemp 2017-07-02 15:40 - 2017-03-21 18:49 - 00000000 ____D C:\Users\mayag 2017-07-02 15:39 - 2016-07-29 13:32 - 00000006 ____H C:\windows\Tasks\SA.DAT 2017-07-02 14:25 - 2017-01-20 11:05 - 00000000 ____D C:\ProgramData\McAfee 2017-07-02 14:25 - 2017-01-20 11:05 - 00000000 ____D C:\Program Files\Common Files\McAfee 2017-07-02 14:24 - 2016-07-16 07:04 - 00524288 _____ C:\windows\system32\config\BBI 2017-07-02 14:16 - 2017-01-20 10:40 - 00065536 _____ C:\windows\psp_storage.bin 2017-07-02 14:07 - 2017-01-20 11:05 - 00000000 ____D C:\Program Files (x86)\McAfee 2017-07-02 13:40 - 2016-07-16 07:04 - 00032768 _____ C:\windows\system32\config\ELAM 2017-07-02 13:26 - 2016-07-16 12:45 - 00000000 ____D C:\windows\INF 2017-07-02 13:24 - 2017-01-20 11:07 - 00003126 _____ C:\windows\System32\Tasks\McAfeeLogon 2017-07-02 13:24 - 2017-01-20 11:07 - 00000000 ____D C:\windows\System32\Tasks\McAfee 2017-07-02 13:20 - 2016-10-21 08:04 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-06-25 16:16 - 2017-03-21 19:05 - 00000000 ____D C:\Users\mayag\AppData\Local\Dropbox 2017-06-25 12:42 - 2017-03-21 18:56 - 00000000 ____D C:\Users\mayag\AppData\Local\Comms 2017-06-25 12:40 - 2016-07-29 13:33 - 00000000 __RHD C:\Users\Public\AccountPictures 2017-06-25 12:35 - 2016-10-21 08:04 - 00000948 _____ C:\windows\Tasks\DropboxUpdateTaskMachineUA.job 2017-06-25 12:35 - 2016-10-21 08:04 - 00000944 _____ C:\windows\Tasks\DropboxUpdateTaskMachineCore.job 2017-06-25 12:28 - 2016-07-16 12:47 - 00000000 ____D C:\windows\system32\NDF 2017-06-23 20:56 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-06-23 20:31 - 2017-03-21 19:06 - 00000000 ___RD C:\Users\mayag\Dropbox 2017-06-23 20:27 - 2017-03-21 19:00 - 00003290 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task v2 2017-06-23 20:27 - 2016-07-16 12:47 - 00000000 ____D C:\windows\appcompat 2017-06-23 20:26 - 2017-03-21 18:58 - 00002374 _____ C:\Users\mayag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-06-23 20:26 - 2017-03-21 18:58 - 00000000 ___RD C:\Users\mayag\OneDrive 2017-06-23 20:24 - 2017-03-21 18:54 - 00000000 ____D C:\Users\mayag\AppData\Local\ConnectedDevicesPlatform 2017-06-03 07:36 - 2016-07-16 12:49 - 00835576 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2017-06-03 07:36 - 2016-07-16 12:49 - 00177656 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2017-03-21 18:54 - 2017-07-02 15:42 - 0046136 _____ () C:\Users\mayag\AppData\Local\BTServer.log Some files in TEMP: ==================== 2017-03-21 18:52 - 2016-12-01 10:31 - 0050720 _____ (HP Inc.) C:\Users\defaultuser0\AppData\Local\Temp\ACLMInstaller.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-29 13:32 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2017 Ran by mayag (02-07-2017 16:57:30) Running from C:\Users\mayag\Desktop Windows 10 Home Version 1607 (X64) (2017-03-21 17:45:40) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1178048158-3526864474-3808934351-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1178048158-3526864474-3808934351-503 - Limited - Disabled) defaultuser0 (S-1-5-21-1178048158-3526864474-3808934351-1000 - Limited - Disabled) => C:\Users\defaultuser0 Guest (S-1-5-21-1178048158-3526864474-3808934351-501 - Limited - Disabled) mayag (S-1-5-21-1178048158-3526864474-3808934351-1001 - Administrator - Enabled) => C:\Users\mayag ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Build-a-lot (HKLM-x32\...\WTA-2f64908a-a206-4137-b288-3018c2569658) (Version: 3.0.2.59 - WildTangent) Hidden Catalyst Control Center Next Localization BR (HKLM\...\{EEA7B16E-6BB8-C27B-A71D-14D82CD6F076}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (HKLM\...\{52BBA623-3EFE-8B7D-B863-1AD1370E303B}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (HKLM\...\{B78F7B76-BC7B-EE67-69CA-5014222377CD}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (HKLM\...\{9F170842-DA73-B445-9DE5-DC3B37C23B5B}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (HKLM\...\{1B4D3EB0-5512-821E-9F6C-62588BCFCBBA}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (HKLM\...\{FF797AC6-7555-EEFB-54BC-D6FCA9D73978}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (HKLM\...\{B8451D71-F3EC-FD50-5658-28DC8151904C}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (HKLM\...\{9F883441-E8F6-8290-F684-2D4BB48CBC0F}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (HKLM\...\{BB13CF69-FF35-5DC9-BE2C-F9ECBC190639}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (HKLM\...\{DB62C8CA-34FF-896B-75DD-5ABF002279E8}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (HKLM\...\{4A514AAA-7CF1-C368-A233-8DA09EC3CE8A}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (HKLM\...\{CC0C620D-BCFE-4D18-A670-A01B673FBE2A}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (HKLM\...\{854A45FD-75F6-1797-DBFD-83424A1F319F}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (HKLM\...\{243E9B62-B989-7CE6-EE58-5A382BBFCFD0}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (HKLM\...\{96662528-34BB-2386-EB4C-293BAA6FC7FE}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (HKLM\...\{14511619-128C-BA45-1E5B-BB4E85A16338}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (HKLM\...\{3A867597-6458-80B9-DB6A-46115E29BE0F}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (HKLM\...\{E3769A39-C80C-C6CD-DFB1-65467011630A}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (HKLM\...\{E51D28A5-E327-2CB2-D310-F80387094502}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (HKLM\...\{44527A55-38ED-DC9D-A971-9C2D58AD01A8}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (HKLM\...\{0E77DCCD-EE99-6877-EB83-047E3C23E7BE}) (Version: 2016.0914.2206.37949 - Advanced Micro Devices, Inc.) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Crazy Chicken Soccer (HKLM-x32\...\WTA-50cdd0b3-9338-4326-8a9f-740ebbdb7b77) (Version: 2.2.0.110 - WildTangent) Hidden CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.5.6909 - CyberLink Corp.) CyberLink PowerDirector 14 (HKLM-x32\...\{6BADCD73-E925-46F7-A295-FF2448632728}) (Version: 14.0.2.3309 - CyberLink Corp.) Dropbox (HKLM-x32\...\Dropbox) (Version: 29.4.20 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.) HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: 1.0.138.0 - HP Inc.) HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.) HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.) HP JumpStart Bridge (HKLM-x32\...\{9B252E0D-7B31-48A6-B01E-B5CCBA286E8E}) (Version: 1.1.0.168 - HP Inc.) HP JumpStart Launch (HKLM-x32\...\{B90CB0DE-2E60-41C4-9857-466EB98192BF}) (Version: 1.1.158.0 - HP Inc.) HP Orbit (HKLM-x32\...\{94fe0719-8e44-4833-a106-b54ad117949f}) (Version: 1.0.0.191 - HP Inc.) HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8357.5639 - HP Inc.) HP Support Assistant (HKLM-x32\...\{6FA09B91-5D97-45A9-95E9-50F635C98043}) (Version: 8.3.32.23 - HP Inc.) HP Support Solutions Framework (HKLM-x32\...\{C85AC2ED-2305-4137-A8BA-CC628F635C82}) (Version: 12.5.32.203 - HP Inc.) HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.29 - HP Inc.) HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.) HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: 1.1.18.1 - HP) Magic Heroes: Save Our Park (HKLM-x32\...\WTA-3b1b04b9-b686-4357-a22d-92053c8b4d30) (Version: 3.0.2.59 - WildTangent) Hidden Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.8201.2102 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1178048158-3526864474-3808934351-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation) OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8201.2102 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 10.4.13.6637 - Electronic Arts, Inc.) Polar Bowler 1st Frame (HKLM-x32\...\WTA-9d731d07-0663-41f3-ae33-e1146dc73d5d) (Version: 3.0.2.59 - WildTangent) Hidden Ranch Rush 2 - Premium Edition (HKLM-x32\...\WTA-b63c7969-eea4-4e97-ad73-8b8f73a50efe) (Version: 2.2.0.97 - WildTangent) Hidden REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.57 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7944 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.76 - REALTEK Semiconductor Corp.) Runefall (HKLM-x32\...\WTA-f7a47857-8cce-4e1d-9a28-d7e2a64bd5c1) (Version: 3.0.2.126 - WildTangent) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.37 - Synaptics Incorporated) Trinklit Supreme (HKLM-x32\...\WTA-965625f4-0082-49a0-9951-8c6abd97fc54) (Version: 2.2.0.98 - WildTangent) Hidden Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version: - WildTangent) Hidden Vulkan Run Time Libraries 1.0.24.0 (HKLM\...\VulkanRT1.0.24.0) (Version: 1.0.24.0 - LunarG, Inc.) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.0.28 - WildTangent) WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.1.1.14 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-26] (Dropbox, Inc.) ContextMenuHandlers01: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ContextMenuHandlers04: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => c:\Program Files\AMD\CNext\CNext\atiacm64.dll [2016-09-14] (Advanced Micro Devices, Inc.) ContextMenuHandlers05: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-26] (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0664CD05-BE11-4C85-9D17-ABFD78FF58FB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-23] () Task: {0AB4996D-3688-4A0A-BFB8-66E004487C72} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-08-05] (HP Inc.) Task: {0D9BDB0C-0082-4F01-AB22-CB5F62F15D8D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-05] (HP Inc.) Task: {1081908A-52B5-44E4-859A-830937EA5446} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {11E4B6F3-3806-40E5-8017-294B24590DDA} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation) Task: {203EC707-564D-4630-9E38-462CE2B33395} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-05] (HP Inc.) Task: {22889FF7-40CB-4C3F-89F6-6AE8F9EDF5DA} - System32\Tasks\HPJumpStartProvider => C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe [2016-08-05] () Task: {33CCAB65-30A6-43C2-9037-4F1EFCB3A07A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {38625090-AD39-4ED6-B622-60E04DD21052} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-08-05] (HP Inc.) Task: {3A3A512C-7E8D-4890-9054-1335669AD191} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe Task: {3CB9AD2F-F2FA-4C4E-B0DA-E48EAF964732} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe Task: {4673E3FD-FCD0-4BA8-9316-F42BD0C5B0E8} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-09-20] (McAfee, Inc.) Task: {559FEBB3-4551-44F1-AB07-AF326A03B3F3} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-05] (HP Inc.) Task: {5C381350-883E-4E10-807F-2E90D1659782} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-08-04] (HP Inc.) Task: {8B51F5C1-0EA4-40F9-88AD-3DE6D815FAF6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.) Task: {960F7C8F-5F53-4778-8ED5-C892CF995FAA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-03-21] (Dropbox, Inc.) Task: {9C8EBAD3-26A3-4A70-A59A-485558D6C2D9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {B9FBA06F-2D91-4267-8EAA-240762DAFA03} - System32\Tasks\McAfee\McAfee Idle Detection Task Task: {BFB96C48-5692-4635-8F4E-2B134452481D} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs] Task: {C31D19E1-7A60-4C7E-92A6-E6D9C621B220} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-05] (HP Inc.) Task: {C7A14B1A-09C8-496B-9EB2-E27D00BB9404} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {D9245206-DD45-44D5-8749-0F18121B44BE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {EA46CF6F-B08F-4B20-9DA2-FA52F8A55491} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-03-21] (Dropbox, Inc.) Task: {EBCB59D5-D99F-4D3D-AB76-D41F2E588E48} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-06-10] (Microsoft Corporation) Task: {FAB23F50-C43A-4CD1-863B-5293215736D1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-06-23] () Task: {FB8D27A9-417C-45E8-962A-8589957DA5B2} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2016-10-04] (HP Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk -> C:\Program Files (x86)\HP\Shared\WizLink.exe () -> hxxp://secure.rezserver.com/sdk/v1/LinkFwd?refid=7684&destination=booking&refclickid=square ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\windows\SYSTEM32\ism32k.dll 2016-10-21 16:37 - 2016-10-21 16:37 - 02681200 _____ () C:\windows\system32\CoreUIComponents.dll 2016-08-05 15:42 - 2016-08-05 15:42 - 00843800 _____ () C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe 2016-07-16 12:42 - 2016-07-16 12:42 - 00130048 _____ () C:\windows\SYSTEM32\CHARTV.dll 2016-10-21 16:37 - 2016-10-21 16:37 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-10-21 16:37 - 2016-10-21 16:37 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-10-21 16:37 - 2016-10-21 16:37 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-10-21 16:37 - 2016-10-21 16:37 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-10-21 16:37 - 2016-10-21 16:37 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-10-21 16:37 - 2016-10-21 16:37 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-10-21 16:37 - 2016-10-21 16:37 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-10-21 16:37 - 2016-10-21 16:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-09-14 23:05 - 2016-09-14 23:05 - 00138752 _____ () c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2015-06-25 18:34 - 2015-06-25 18:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2015-06-25 18:37 - 2015-06-25 18:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2015-06-25 18:35 - 2015-06-25 18:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2015-06-25 18:38 - 2015-06-25 18:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2015-06-25 17:53 - 2015-06-25 17:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll 2015-06-25 17:51 - 2015-06-25 17:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2017-07-02 13:22 - 2016-10-25 00:31 - 00508368 _____ () C:\Program Files\Common Files\McAfee\Sustainability\GenericPlugin.dll 2016-07-16 12:42 - 2016-07-16 12:42 - 00236488 _____ () c:\windows\system32\WerEtw.dll 2017-07-02 12:05 - 2017-06-26 11:27 - 00801600 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll 2017-07-02 12:05 - 2017-06-26 11:27 - 01787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll 2017-03-21 19:02 - 2017-06-26 11:26 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd 2017-03-21 19:02 - 2017-06-26 11:29 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd 2017-07-02 12:05 - 2017-06-26 11:28 - 00020824 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 01729360 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd 2017-07-02 12:05 - 2017-06-26 11:26 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd 2017-07-02 12:05 - 2017-06-26 11:26 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd 2017-07-02 12:05 - 2017-06-26 11:27 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll 2017-03-21 19:02 - 2017-06-26 11:26 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00060736 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00038712 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd 2017-07-02 12:05 - 2017-06-26 11:27 - 00392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll 2017-07-02 12:05 - 2017-06-26 11:26 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd 2017-03-21 19:02 - 2017-06-26 11:29 - 00392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd 2017-07-02 12:05 - 2017-06-26 11:28 - 00022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd 2017-06-23 20:31 - 2017-06-26 11:30 - 00082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd 2017-07-02 12:05 - 2017-06-26 11:28 - 00246608 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 03928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 01826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 01972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd 2017-03-21 19:02 - 2017-06-26 11:26 - 00349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd 2017-03-21 19:02 - 2017-06-26 11:30 - 00023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd 2017-07-02 12:05 - 2017-06-26 11:27 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2017-07-02 12:05 - 2017-06-26 11:29 - 00033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd 2017-07-02 12:05 - 2017-06-26 11:27 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2017-07-02 12:05 - 2017-06-26 11:29 - 00084288 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2017-03-21 19:02 - 2017-06-26 11:30 - 00030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd 2017-07-02 12:05 - 2017-06-26 11:27 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll 2017-07-02 12:05 - 2017-06-26 11:27 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2017-03-21 19:02 - 2017-06-26 11:30 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd 2017-06-23 20:31 - 2017-06-26 11:29 - 00023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd 2017-07-02 12:05 - 2017-06-26 11:29 - 00357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd 2017-01-20 10:48 - 2017-01-20 10:48 - 00133632 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\4416462b3a54ef2473cc832d5ed3304a\BRIDGECommon.ni.dll 2017-01-20 10:48 - 2017-01-20 10:48 - 00110592 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\BridgeExtension\96fd89505b3f5dce10e95613cb1c1e9b\BridgeExtension.ni.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-07-16 12:47 - 2016-07-16 12:45 - 00000824 _____ C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1178048158-3526864474-3808934351-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\mayag\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{e6e8562d-8532-4cb0-ac57-221a5ca0cd2a}.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{A6CC6F7D-7731-480E-9DE4-DD9214838590}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FFECA88B-C28B-416E-A42F-794DA8070EAC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{9906ACB5-5AD8-43B9-B291-B0E47B66E235}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{40B60F4C-90B9-4D2E-BE60-4152C9401457}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{56CCD1EA-CFAA-4413-B398-D04C9E1225BB}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe FirewallRules: [{7F7FD7E6-05EE-4D20-AA83-DF70CD3F4EB2}] => (Allow) LPort=13148 FirewallRules: [{A649D905-F247-4780-AC2B-853E2C473ED2}] => (Allow) C:\Program Files\CyberLink\PowerDirector14\PDR10.EXE FirewallRules: [{6AEC34D5-E365-4C8B-AE14-D60D7232A5FE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe FirewallRules: [{0548BD9E-FC03-43F8-B1D6-12571CBE00B7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe FirewallRules: [{3EF671FD-FBF7-4A9E-8A15-6101F704212A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe FirewallRules: [{96BDE879-6F27-41F4-902C-7156E1A7F804}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe FirewallRules: [{3D8DF37E-1EEB-453E-9D0E-2DE24B42BEE5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe FirewallRules: [{E9CEE5EB-F88C-455B-9211-18CEEF58B198}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{AF00083E-F58C-4DD5-9364-D91A0141500D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{2DE59B8B-8C49-42DC-AE7A-B8842DA49B71}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe ==================== Restore Points ========================= 25-06-2017 16:13:56 Windows Update 25-06-2017 16:15:15 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/02/2017 04:51:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-ELFC69SF) Description: Activation of application Microsoft.BingWeather_8wekyb3d8bbwe!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/02/2017 03:40:53 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (07/02/2017 03:40:53 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (07/02/2017 03:40:53 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (07/02/2017 03:40:53 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (07/02/2017 03:40:53 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (07/02/2017 03:40:53 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (07/02/2017 03:40:53 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (07/02/2017 03:40:53 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (07/02/2017 03:40:53 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) System errors: ============= Error: (07/02/2017 04:40:18 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The McAfee Personal Firewall Service service depends on the following service: MfeFire. This service might not be installed. Error: (07/02/2017 04:03:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Security Center service did not respond on starting. Error: (07/02/2017 04:01:35 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Cyberlink RichVideo64 Service(CRVS) service did not respond on starting. Error: (07/02/2017 03:59:30 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The McAfee Module Core Service service did not respond on starting. Error: (07/02/2017 03:57:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The McAfee Proxy Service service did not respond on starting. Error: (07/02/2017 03:54:59 PM) (Source: Service Control Manager) (EventID: 7003) (User: ) Description: The McAfee VirusScan Announcer service depends on the following service: mfevtp. This service might not be installed. Error: (07/02/2017 03:54:59 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Downloaded Maps Manager service did not respond on starting. Error: (07/02/2017 03:52:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The HP Support Solutions Framework Service service did not respond on starting. Error: (07/02/2017 03:50:40 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The HP Comm Recovery service did not respond on starting. Error: (07/02/2017 03:48:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The McAfee Home Network service did not respond on starting. CodeIntegrity: =================================== Date: 2017-07-02 16:54:00.322 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-07-02 16:54:00.050 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: AMD A9-9410 RADEON R5, 5 COMPUTE CORES 2C+3G Percentage of memory in use: 39% Total physical RAM: 7647.12 MB Available physical RAM: 4621.95 MB Total Virtual: 9503.12 MB Available Virtual: 6100.64 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:916.33 GB) (Free:877.1 GB) NTFS Drive d: (RECOVERY) (Fixed) (Total:13.95 GB) (Free:1.67 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: E8E3A7FE) Partition: GPT. ==================== End of Addition.txt ============================ One final thing: 16-y-o has tried to download Origin to play Sims and gets this error message, which is apparently something to do with Microsoft Visual Studio: The program can't start because MSVCP120.dll is missing from the computer. Try reinstalling the program to fix this problem. Is this a simple thing to do? Thanks as ever nuley Quote
Starbuck Posted July 2, 2017 Posted July 2, 2017 Hi Nuley, Before we get around to the HP bloatware, I'd like you to run the following fix. Even after uninstalling McAfee and then running the removal tool, there's still a stupid amount of McAfee entries showing on your system. This is typical of some programs. Cleaning these entries may well help the system run better. This is a new simpler way of running a fix......... Copy the script within the quote box below: (make sure that you include Start:: and End:: as these are the clipboard notifiers. Start:: (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-01] (McAfee, Inc.) S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X] S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.) S3 mfeaack; C:\windows\System32\drivers\mfeaack.sys [419624 2016-08-02] (McAfee, Inc.) S3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.) S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.) S3 dbx; system32\DRIVERS\dbx.sys [X] 2017-07-02 13:47 - 2017-07-02 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2017-07-02 13:24 - 2017-07-02 13:45 - 03480040 _____ (McAfee, Inc.) C:\Users\mayag\Desktop\MCPR.exe 2017-07-02 14:25 - 2017-01-20 11:05 - 00000000 ____D C:\ProgramData\McAfee 2017-07-02 14:25 - 2017-01-20 11:05 - 00000000 ____D C:\Program Files\Common Files\McAfee 2017-07-02 14:07 - 2017-01-20 11:05 - 00000000 ____D C:\Program Files (x86)\McAfee 2017-07-02 13:24 - 2017-01-20 11:07 - 00003126 _____ C:\windows\System32\Tasks\McAfeeLogon 2017-07-02 13:24 - 2017-01-20 11:07 - 00000000 ____D C:\windows\System32\Tasks\McAfee AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} Task: {1081908A-52B5-44E4-859A-830937EA5446} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {3A3A512C-7E8D-4890-9054-1335669AD191} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0 \mcdatrep.exe Task: {3CB9AD2F-F2FA-4C4E-B0DA-E48EAF964732} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0 \mcdatrep.exe Task: {4673E3FD-FCD0-4BA8-9316-F42BD0C5B0E8} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-09-20] (McAfee, Inc.) Task: {B9FBA06F-2D91-4267-8EAA-240762DAFA03} - System32\Tasks\McAfee\McAfee Idle Detection Task 2017-07-02 13:22 - 2016-10-25 00:31 - 00508368 _____ () C:\Program Files\Common Files\McAfee\Sustainability\GenericPlugin.dll HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" FirewallRules: [{E9CEE5EB-F88C-455B-9211-18CEEF58B198}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe CMD: ipconfig /flushdns Hosts: EmptyTemp: End:: NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. http://i.imgur.com/AZfCBHb.png It's as simple as that now. :) The tool will make a log in the same directory that FRST is run from (Fixlog.txt). Please post this in your next reply. The program can't start because MSVCP120.dll is missing from the computer.You're right about the Microsoft Visual. First thing to try after the fix is, make sure you have all the available Windows Updates. If this doesn't make any difference, we'll try running SFC. Last resort would be to uninstall all of the Microsoft Visual C++ entries and reinstall them again. But let's take that one step at a time after running the fix and updating windows updates. Thanks Quote Member of:UNITE
nuley Posted July 3, 2017 Author Posted July 3, 2017 Thanks very much - that was so easy I thought you'd missed a bit out...! Here's the log: Fix result of Farbar Recovery Scan Tool (x64) Version: 03-07-2017 01 Ran by mayag (03-07-2017 20:27:03) Run:1 Running from C:\Users\mayag\Desktop Loaded Profiles: mayag (Available Profiles: defaultuser0 & mayag) Boot Mode: Normal ============================================== fixlist content: ***************** (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-01] (McAfee, Inc.) S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 mfemms; "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" [X] S3 HipShieldK; C:\windows\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.) S3 mfeaack; C:\windows\System32\drivers\mfeaack.sys [419624 2016-08-02] (McAfee, Inc.) S3 mfencbdc; C:\windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.) S3 mfencrk; C:\windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.) S3 dbx; system32\DRIVERS\dbx.sys [X] 2017-07-02 13:47 - 2017-07-02 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2017-07-02 13:24 - 2017-07-02 13:45 - 03480040 _____ (McAfee, Inc.) C:\Users\mayag\Desktop\MCPR.exe 2017-07-02 14:25 - 2017-01-20 11:05 - 00000000 ____D C:\ProgramData\McAfee 2017-07-02 14:25 - 2017-01-20 11:05 - 00000000 ____D C:\Program Files\Common Files\McAfee 2017-07-02 14:07 - 2017-01-20 11:05 - 00000000 ____D C:\Program Files (x86)\McAfee 2017-07-02 13:24 - 2017-01-20 11:07 - 00003126 _____ C:\windows\System32\Tasks\McAfeeLogon 2017-07-02 13:24 - 2017-01-20 11:07 - 00000000 ____D C:\windows\System32\Tasks\McAfee AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} Task: {1081908A-52B5-44E4-859A-830937EA5446} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent Task: {3A3A512C-7E8D-4890-9054-1335669AD191} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0 \mcdatrep.exe Task: {3CB9AD2F-F2FA-4C4E-B0DA-E48EAF964732} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0 \mcdatrep.exe Task: {4673E3FD-FCD0-4BA8-9316-F42BD0C5B0E8} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-09-20] (McAfee, Inc.) Task: {B9FBA06F-2D91-4267-8EAA-240762DAFA03} - System32\Tasks\McAfee\McAfee Idle Detection Task 2017-07-02 13:22 - 2016-10-25 00:31 - 00508368 _____ () C:\Program Files\Common Files\McAfee\Sustainability\GenericPlugin.dll HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mcapexe => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\mfemms => ""="Service" FirewallRules: [{E9CEE5EB-F88C-455B-9211-18CEEF58B198}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe CMD: ipconfig /flushdns Hosts: EmptyTemp: ***************** [2840] C:\Program Files\Common Files\McAfee\platform\McUICnt.exe => process closed successfully. [8492] C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe => process closed successfully. [10604] C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe => process closed successfully. [11788] C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe => process closed successfully. HKLM\Software\Classes\PROTOCOLS\Filter\application/x-mfe-ipt => key removed successfully HKLM\Software\Classes\CLSID\{3EF5086B-5478-4598-A054-786C45D75692} => key not found. HKLM\System\CurrentControlSet\Services\HomeNetSvc => key removed successfully HomeNetSvc => service removed successfully HKLM\System\CurrentControlSet\Services\McAPExe => key removed successfully McAPExe => service removed successfully HKLM\System\CurrentControlSet\Services\McAWFwk => key removed successfully McAWFwk => service removed successfully HKLM\System\CurrentControlSet\Services\McBootDelayStartSvc => key removed successfully McBootDelayStartSvc => service removed successfully HKLM\System\CurrentControlSet\Services\mccspsvc => key removed successfully mccspsvc => service removed successfully HKLM\System\CurrentControlSet\Services\McMPFSvc => key removed successfully McMPFSvc => service removed successfully HKLM\System\CurrentControlSet\Services\McNaiAnn => key removed successfully McNaiAnn => service removed successfully HKLM\System\CurrentControlSet\Services\McODS => key removed successfully McODS => service removed successfully HKLM\System\CurrentControlSet\Services\McProxy => key removed successfully McProxy => service removed successfully HKLM\System\CurrentControlSet\Services\ModuleCoreService => key removed successfully ModuleCoreService => service removed successfully HKLM\System\CurrentControlSet\Services\MSK80Service => key removed successfully MSK80Service => service removed successfully HKLM\System\CurrentControlSet\Services\mfemms => key removed successfully mfemms => service removed successfully HKLM\System\CurrentControlSet\Services\HipShieldK => key removed successfully HipShieldK => service removed successfully HKLM\System\CurrentControlSet\Services\mfeaack => key removed successfully mfeaack => service removed successfully HKLM\System\CurrentControlSet\Services\mfencbdc => key removed successfully mfencbdc => service removed successfully HKLM\System\CurrentControlSet\Services\mfencrk => key removed successfully mfencrk => service removed successfully HKLM\System\CurrentControlSet\Services\dbx => key removed successfully dbx => service removed successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee => moved successfully C:\Users\mayag\Desktop\MCPR.exe => moved successfully "C:\ProgramData\McAfee" folder move: Could not move "C:\ProgramData\McAfee" => Scheduled to move on reboot. C:\Program Files\Common Files\McAfee => moved successfully C:\Program Files (x86)\McAfee => moved successfully C:\windows\System32\Tasks\McAfeeLogon => moved successfully C:\windows\System32\Tasks\McAfee => moved successfully AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} => removed successfully AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} => removed successfully FW: McAfee Firewall (Disabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} => removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1081908A-52B5-44E4-859A-830937EA5446} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1081908A-52B5-44E4-859A-830937EA5446} => key removed successfully C:\windows\System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\McAfee Auto Maintenance Task Agent => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A3A512C-7E8D-4890-9054-1335669AD191} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A3A512C-7E8D-4890-9054-1335669AD191} => key removed successfully C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CB9AD2F-F2FA-4C4E-B0DA-E48EAF964732} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CB9AD2F-F2FA-4C4E-B0DA-E48EAF964732} => key removed successfully C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4673E3FD-FCD0-4BA8-9316-F42BD0C5B0E8} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4673E3FD-FCD0-4BA8-9316-F42BD0C5B0E8} => key removed successfully C:\windows\System32\Tasks\McAfeeLogon => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfeeLogon => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B9FBA06F-2D91-4267-8EAA-240762DAFA03} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9FBA06F-2D91-4267-8EAA-240762DAFA03} => key removed successfully C:\windows\System32\Tasks\McAfee\McAfee Idle Detection Task => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee\McAfee Idle Detection Task => key removed successfully "C:\Program Files\Common Files\McAfee\Sustainability\GenericPlugin.dll" => not found. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E9CEE5EB-F88C-455B-9211-18CEEF58B198} => value removed successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. =========== EmptyTemp: ========== BITS transfer queue => 308208 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 54712928 B Java, Flash, Steam htmlcache => 826 B Windows/system/drivers => 1991923 B Edge => 112272816 B Chrome => 0 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 74 B systemprofile32 => 128 B LocalService => 4182 B NetworkService => 16254 B defaultuser0 => 1550762 B mayag => 84572637 B RecycleBin => 129211535 B EmptyTemp: => 366.8 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 03-07-2017 20:33:16) C:\ProgramData\McAfee => Is moved successfully ==== End of Fixlog 20:33:16 ==== We'll check on the Windows updates. Thanks again nuley Quote
nuley Posted July 4, 2017 Author Posted July 4, 2017 Hi again We've updated Windows. Unfortunately we're still getting the same error message: The program can't start because MSVCP120.dll is missing from the computer. Try reinstalling the program to fix this problem. All best nuley Quote
Starbuck Posted July 4, 2017 Posted July 4, 2017 Hi Nuley, Sorry for the late reply.... have been really busy today. That was so easy I thought you'd missed a bit out...! It's a new simpler routine that Farbar has added. FRST reads the fix from the clipboard. :) It seems that you're not alone with this 'Origin' problem, a lot have had this: Can't Open Origin on Windows 10 Windows 10 and Origin Both links agree that reinstalling the 'Visual C++ Redistributable for Visual Studio 2015' should fix the problem. Both links will explain the procedure. As you are running a 64bit system, you will need to reinstall both the 32bit and the 64bit versions. Is the system running any better after removing those leftover McAfee entries? Quote Member of:UNITE
nuley Posted July 5, 2017 Author Posted July 5, 2017 Hi there and thanks for the new links which we'll follow. 16-y-o says it's working better now, thanks very much! nuley Quote
Starbuck Posted July 5, 2017 Posted July 5, 2017 16-y-o says it's working better now, thanks very much! You're welcome. Let me know how the 'Visual Studio 2015' reinstall goes and if it fixes the problem. Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.