Jump to content


Photo

Need help checking PC Health


  • This topic is locked This topic is locked
31 replies to this topic

#1 Lorraine123

Lorraine123

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 09 March 2020 - 07:29 AM

I have a very slow laptop, I've defragged, run a virus scan but have no other ideas, I'm sure there are a lot of unnecessary files on there but I'm not sure what can safely deleted.

I've attached the logs of the programs requested … Mayware bytes and Farbar Recovery.

Any help or advise gratefully received.

Lorraine

x

_____________________

 

 

Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 09/03/2020
Scan Time: 12:49
Log File: 775dbbcc-6204-11ea-8b79-e4e7490927b5.json
-Software Information-
Version: 4.1.0.56
Components Version: 1.0.835
Update Package Version: 1.0.20438
Licence: Free
-System Information-
OS: Windows 10 (Build 18362.657)
CPU: x64
File System: NTFS
User: LAPTOP-JTE4PHKR\lorra
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 274365
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 8 min, 24 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)

(end)

___________________________

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2020
Ran by lorra (09-03-2020 13:09:00)
Running from C:\Users\lorra\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Windows 10 Home Version 1909 18363.657 (X64) (2020-02-14 19:54:49)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2643374830-1142200795-122349152-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2643374830-1142200795-122349152-503 - Limited - Disabled)
Guest (S-1-5-21-2643374830-1142200795-122349152-501 - Limited - Disabled)
lorra (S-1-5-21-2643374830-1142200795-122349152-1001 - Administrator - Enabled) => C:\Users\lorra
WDAGUtilityAccount (S-1-5-21-2643374830-1142200795-122349152-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {18A975F9-A60C-37D8-E30B-4BEF31AD3411}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AMD Radeon Settings (HKLM\...\WUCCCApp) (Version: 2018.1016.918.14930 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.)
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 20.1.3112 - AVG Technologies)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Epic Games Launcher (HKLM-x32\...\{DCE27B29-200D-491A-BBC5-98ECEFEC0843}) (Version: 1.1.257.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 80.0.3987.132 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.441 - Google LLC) Hidden
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.15.0 - HP Inc.)
HP DeskJet 3630 series Basic Device Software (HKLM\...\{2125FB8B-5542-495A-B0F7-CD6DDBE99C2A}) (Version: 40.11.1107.1739 - HP Inc.)
HP DeskJet 3630 series Help (HKLM-x32\...\{5F074370-FEB0-4477-820F-A59DF28A933E}) (Version: 35.0.0 - Hewlett Packard)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP ePrint SW (HKLM-x32\...\{cdb5f70f-5107-4613-bf69-15de903b5b5d}) (Version: 5.5.22560 - HP Inc.)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{3FC961DB-BD36-4D8D-B276-0C456A2BB638}) (Version: 1.4.0.441 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{F213102E-FD30-4E22-AF73-4C682D65FFEE}) (Version: 1.4.441.0 - HP Inc.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Support Assistant (HKLM-x32\...\{4AAC4B07-77EF-4BCF-88DC-D24E4DE683E8}) (Version: 8.8.24.33 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{63F82052-C045-4F97-A3CA-C41D2CCA1FFA}) (Version: 12.14.49.15 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{5D308D1F-E37B-431A-8D35-67D16287467D}) (Version: 1.4.28 - HP Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 4.1.0.56 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.1.0.56 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R17 - McAfee, Inc.)
Microsoft OneDrive (HKU\S-1-5-21-2643374830-1142200795-122349152-1001\...\OneDriveSetup.exe) (Version: 19.232.1124.0008 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Mozilla Firefox 73.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 73.0.1 (x64 en-GB)) (Version: 73.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 66.0.3 - Mozilla)
OEM Application Profile (HKLM-x32\...\{12C2AEB0-ED60-4CCF-DD83-C65BC7CCFB50}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Product Improvement Study for HP DeskJet 3630 series (HKLM\...\{416B7D0C-0AEC-4FE6-AE40-4E12857CCA55}) (Version: 40.11.1107.1739 - HP Inc.)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.88 - REALTEK Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8734.1 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.0.0.113 - REALTEK Semiconductor Corp.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}) (Version: 2.55.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Packages:
=========
Booking.com: Big savings on hotels in 96,000 destinations worldwide -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Booking.comBigsavingsonhot_1.4.4.0_x64__mgae2k3ys4ra0 [2019-01-12] (Priceline Partner Network)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.32.4.0_x86__kgqvnymyfvs32 [2020-03-04] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.1710.1.0_x86__kgqvnymyfvs32 [2020-02-27] (king.com)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.1.4081.0_x64__rz1tebttyb220 [2020-02-14] (Dolby Laboratories)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-01-18] (Dropbox Inc.)
Fitbit Coach -> C:\Program Files\WindowsApps\Fitbit.FitbitCoach_4.4.133.0_x64__6mqt6hf9g46tw [2019-01-06] (Fitbit)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.4.481.0_x86__v10z8vjag6ke6 [2018-11-11] (HP Inc.)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2019-01-12] (LinkedIn)
McAfee® Personal Security -> C:\Program Files\WindowsApps\5A894077.McAfeeSecurity_2.1.27.0_x64__wafk5atnkzcwy [2020-02-26] (McAfee LLC.)
Microsoft Access -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Access_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-03] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-12] (Microsoft Corporation) [MS Ad]
Microsoft Excel -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Excel_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-03] (Microsoft Corporation)
Microsoft News -> C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20583.0_x64__8wekyb3d8bbwe [2020-03-08] (Microsoft Corporation) [MS Ad]
Microsoft Office Desktop Apps -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-03] (Microsoft Corporation)
Microsoft Outlook -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-03] (Microsoft Corporation)
Microsoft PowerPoint -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.PowerPoint_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-03] (Microsoft Corporation)
Microsoft Publisher -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Publisher_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-03] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.5.12061.0_x64__8wekyb3d8bbwe [2019-12-19] (Microsoft Studios) [MS Ad]
Microsoft Word -> C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Word_16051.12527.20242.0_x86__8wekyb3d8bbwe [2020-03-03] (Microsoft Corporation)
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.36.20503.0_x64__8wekyb3d8bbwe [2020-03-06] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.95.602.0_x64__mcm4njqhnhss8 [2019-10-25] (Netflix, Inc.)
Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-03-02] (Microsoft Corporation)
Phototastic Collage -> C:\Program Files\WindowsApps\ThumbmunkeysLtd.PhototasticCollage_3.4.1.0_x64__nfy108tqq3p12 [2020-03-08] (Thumbmunkeys Ltd) [MS Ad]
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_6.18.78.0_x64__kx24dqmazqk8j [2020-03-03] (Random Salad Games LLC) [MS Ad]
Synaptics TouchPad -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynHPConsumerDApp_19005.35042.0.0_x64__807d65c4rvak2 [2020-02-14] (Synaptics Incorporated)
WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.82.0_x64__qt5r5pa5dyg8m [2019-12-23] (WildTangent Games)
Xbox One SmartGlass -> C:\Program Files\WindowsApps\Microsoft.XboxOneSmartGlass_2.2.1702.2004_x64__8wekyb3d8bbwe [2019-01-11] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-02-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\program files\mcafee\msc\mcctxmenufrmwrk.dll [2018-11-27] (McAfee, Inc. -> McAfee, Inc.)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-03-09] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-10-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShell.dll [2020-02-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-03-09] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\program files\mcafee\msc\mcctxmenufrmwrk.dll [2018-11-27] (McAfee, Inc. -> McAfee, Inc.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2020-02-20 00:34 - 2020-02-20 00:34 - 000138240 _____ ( ) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\803ddc517fb122da5941404364d527d7\Interop.IWshRuntimeLibrary.ni.dll
2020-03-06 18:50 - 2020-03-06 18:51 - 098275328 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2020-03-06 18:51 - 2020-03-06 18:51 - 000092672 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2020-03-06 18:51 - 2020-03-06 18:51 - 003922432 _____ () [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000015360 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 22:22 - 2018-04-24 22:22 - 002519040 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-10-16 07:46 - 2018-10-16 07:46 - 000017408 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\a4\AS4.NativeProxy.dll
2020-02-18 18:32 - 2020-02-18 18:32 - 000160768 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\106852b62f2dce48f68f823bb25b51bb\BRIDGECommon.ni.dll
2020-02-18 18:35 - 2020-02-18 18:35 - 000125440 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\512361b13bdadec3c76781ced2b9ba25\BridgeExtension.ni.dll
2020-02-20 00:30 - 2020-02-20 00:30 - 000395264 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\8a1af52831b2ac51f3246da60333b1d9\CleanStartController.ni.dll
2020-02-20 00:30 - 2020-02-20 00:30 - 000145920 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Registratio4eabc192#\0c4e7d4693b00c0677da9c65c0889302\RegistrationUtilities.ni.dll
2020-02-20 00:33 - 2020-02-20 00:33 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\4faa7a04101a97b05eff64101eb5eb70\Hardcodet.Wpf.TaskbarNotification.ni.dll
2020-02-18 18:35 - 2020-02-18 18:35 - 000136192 _____ (HP Inc.) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CommonPortable\661da84cbe3eb8c9142d35b54c52a1d9\CommonPortable.ni.dll
2020-02-20 00:34 - 2020-02-20 00:34 - 001701888 _____ (Mark Heath & Contributors) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\9e86bf19bde10a6d24242ac28ecf3ad6\NAudio.ni.dll
2020-02-18 18:33 - 2020-02-18 18:33 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\cbac7b8be40869c5395f0ef28ddabd0b\Newtonsoft.Json.ni.dll
2020-02-20 00:33 - 2020-02-20 00:33 - 003060736 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\f49f899040cee6804ea2c4a4d309f9a9\Newtonsoft.Json.ni.dll
2020-02-20 00:33 - 2020-02-20 00:33 - 000793088 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\4e37f9f72190581f516ebaf75e4fb60a\log4net.ni.dll
2020-03-06 18:50 - 2020-03-06 18:50 - 000547840 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\chrome_elf.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000032256 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qgif.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000039936 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qicns.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000034304 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qico.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000237056 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qjpeg.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qsvg.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000025600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qtga.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000024064 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwbmp.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000481792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\imageformats\qwebp.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 001336320 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\platforms\qwindows.dll
2018-10-16 09:16 - 2018-10-16 09:16 - 005766144 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2018-04-24 22:21 - 2018-04-24 22:21 - 006045184 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2018-04-24 22:21 - 2018-04-24 22:21 - 000964096 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2018-04-24 22:21 - 2018-04-24 22:21 - 000279552 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2018-04-24 22:21 - 2018-04-24 22:21 - 003233792 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 003406848 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000328704 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000109568 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000325632 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 069968896 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 005523456 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000282624 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000194560 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 003281408 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000049152 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000311296 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000089600 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2018-04-24 22:22 - 2018-04-24 22:22 - 000018432 _____ (The Qt Company Ltd) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\lorra\ntuser.ini:NTV [9390]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [486]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer trusted/restricted ==========
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-11 23:38 - 2018-04-11 23:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2643374830-1142200795-122349152-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{79188F12-D7AE-42E2-A0AC-81692A6DE1E2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{082368EB-7B1F-4368-A895-688206E9B948}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9B1A867F-BCD1-4A27-A953-58E6688B7ACD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BFE3F414-D97D-43E1-A591-2AD74E041A4D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{06124C85-CE47-4AF1-91A1-4EE9439EA2A1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B30A24B4-36A8-44A9-AC2B-53E790CF539C}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BF5C6BD2-9DE8-4024-AB2B-D0ABDBC39292}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{DC7F6FB2-1DFE-4650-B62A-03E853BE09CE}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{E6A936AE-3866-4AAE-948B-AB42AEEB0538}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc. -> McAfee, Inc.)
FirewallRules: [{980B94BA-300F-4C7A-BBC9-26C98632F650}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{6CF80D8B-9B3F-4486-B455-3C6BC72E0FE6}] => (Allow) LPort=5357
FirewallRules: [{7842B417-2658-472B-8F39-DBF0982EA3A9}] => (Allow) C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{93573EB5-0E1A-4315-A340-F17308F0139F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.12527.20242.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{12C39BA0-9CBD-482C-8347-0A209F71015B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
01-03-2020 01:00:02 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================
Application errors:
==================
Error: (03/09/2020 01:10:22 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9996,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (03/09/2020 01:01:27 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (14732,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (03/09/2020 12:25:51 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (15520,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (03/09/2020 12:15:35 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8460,R,98) TILEREPOSITORYS-1-5-18: Error -1023 (0xfffffc01) occurred while opening logfile C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (03/09/2020 07:04:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8797
Error: (03/09/2020 07:04:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8797
Error: (03/09/2020 07:04:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/09/2020 07:04:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7047

System errors:
=============
Error: (03/07/2020 07:52:22 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
Error: (03/07/2020 07:50:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AVG Antivirus service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (03/07/2020 07:50:29 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (45000 milliseconds) while waiting for the AVG Antivirus service to connect.
Error: (03/07/2020 07:49:37 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 19:08:15 on ‎07/‎03/‎2020 was unexpected.
Error: (03/07/2020 07:12:33 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Delivery Optimization service did not respond on starting.
Error: (03/07/2020 07:07:05 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following service-specific error:
%%2147943515 = A system shutdown is in progress.
Error: (03/07/2020 07:07:05 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start.  Error 2147943515.
Error: (03/07/2020 07:06:37 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {354FF91B-5E49-4BDC-A8E6-1CB6C6877182} did not register with DCOM within the required timeout.

Windows Defender:
===================================
Date: 2020-02-17 22:21:36.937
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C831E561-66B7-4680-AACF-20B465F67C3C}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-02-17 14:19:57.000
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {242A4C89-CA71-465F-9433-065C756252DF}
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2020-02-25 12:57:50.690
Description:
Windows Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.309.1568.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.16700.3
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
CodeIntegrity:
===================================
Date: 2020-03-09 12:48:02.204
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-03-09 12:47:56.828
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-03-09 12:47:44.486
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-03-09 12:47:44.454
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-03-09 12:47:44.375
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-03-09 12:47:42.366
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-03-09 12:47:42.260
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-03-09 12:47:42.131
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\mfeav\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Insyde F.11 08/20/2018
Motherboard: HP 84AC
Processor: AMD A6-9225 RADEON R4, 5 COMPUTE CORES 2C+3G
Percentage of memory in use: 76%
Total physical RAM: 3981.68 MB
Available physical RAM: 924.19 MB
Total Virtual: 9101.68 MB
Available Virtual: 3062.15 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:914.59 GB) (Free:789.59 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:15.69 GB) (Free:1.85 GB) NTFS ==>[system with boot components (obtained from drive)]
\\?\Volume{4182aadb-4669-4d9b-807d-d777f92e93ad}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.37 GB) NTFS
\\?\Volume{775f7715-e1cd-46d9-bad3-8fcd2ffd35fa}\ () (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: AEFD05AD)
Partition: GPT.
==================== End of Addition.txt =======================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-03-2020
Ran by lorra (administrator) on LAPTOP-JTE4PHKR (HP HP Laptop 15-db0xxx) (09-03-2020 13:04:42)
Running from C:\Users\lorra\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads
Loaded Profiles: lorra (Available Profiles: lorra)
Platform: Windows 10 Home Version 1909 18363.657 (X64) Language: English (United Kingdom)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0334924.inf_amd64_05abf00239dfc53b\B334881\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0334924.inf_amd64_05abf00239dfc53b\B334881\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\aswidsagent.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\wsc_proxy.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\csp\3.0.127.0\McCSPServiceHost.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\mmsshost\MMSSHOST.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\modulecore\ProtectedModuleHost.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\pef\CORE\PEFService.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\mcafee\VSCore_18_9\mcapexe.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\mfeav\MfeAVSvc.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\lorra\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.BingNews_4.36.20583.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12003.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20012.135.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy\PinningConfirmationDialog.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor Corp. -> Realtek) C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(WildTangent Inc -> ) C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg_Session] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506168 2019-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9277520 2019-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [325704 2020-02-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709152 2018-03-22] (HP Inc. -> HP Inc.)
HKLM-x32\...\Run: [RtlS5Wake] => C:\Program Files (x86)\Realtek\PCIE Wireless LAN\RtlS5Wake\RtlS5Wake.exe [2097600 2018-02-23] (Realtek Semiconductor Corp. -> Realtek)
HKU\S-1-5-21-2643374830-1142200795-122349152-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [31624080 2020-03-06] (Epic Games Inc. -> Epic Games, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.132\Installer\chrmstp.exe [2020-03-06] (Google LLC -> Google LLC)
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0A11EDF2-8EDB-4846-A51C-C7F0626F8119} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4552120 2020-01-06] (McAfee, LLC -> McAfee, LLC.)
Task: {16CC8F7F-8006-4633-A244-BC65C39B1A4E} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [69512 2018-10-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {1A96C27E-F228-4FE5-8FDD-70D118D0992F} - System32\Tasks\HPCeeScheduleForlorra => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [97656 2018-09-11] (HP Inc. -> HP Inc.)
Task: {2B55C38B-ECCE-42B3-BCE8-4821AB61D344} - System32\Tasks\AVG\Overseer => C:\Program Files\Common Files\AVG\Overseer\overseer.exe [1692296 2020-02-27] (AVG Technologies USA, LLC -> AVG Technologies)
Task: {312DBA5A-B417-42C6-AF72-5D8BB21B4AC9} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.122\DADUpdater.exe [4144776 2020-01-26] (McAfee, Inc. -> McAfee, LLC.)
Task: {3CDEE27E-06D6-4AC3-A23A-C8C0AC3504F2} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1022144 2018-11-07] (McAfee, Inc. -> McAfee, Inc.)
Task: {41F417E2-2ABA-4101-995C-6BFBDD111A16} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(1): schtasks.exe -> /Change /TN "\Antivirus Emergency Update" /ENABLE
Task: {41F417E2-2ABA-4101-995C-6BFBDD111A16} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(2): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineCore" /ENABLE
Task: {41F417E2-2ABA-4101-995C-6BFBDD111A16} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(3): schtasks.exe -> /Change /TN "\GoogleUpdateTaskMachineUA" /ENABLE
Task: {41F417E2-2ABA-4101-995C-6BFBDD111A16} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(4): schtasks.exe -> /Change /TN "\HPAudioSwitch" /ENABLE
Task: {41F417E2-2ABA-4101-995C-6BFBDD111A16} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(5): schtasks.exe -> /Change /TN "\HPCeeScheduleForlorra" /ENABLE
Task: {41F417E2-2ABA-4101-995C-6BFBDD111A16} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(6): schtasks.exe -> /Change /TN "\HPCustParticipation HP DeskJet 3630 series" /ENABLE
Task: {41F417E2-2ABA-4101-995C-6BFBDD111A16} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(7): schtasks.exe -> /Change /TN "\HPEA3JOBS" /ENABLE
Task: {41F417E2-2ABA-4101-995C-6BFBDD111A16} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(8): schtasks.exe -> /Change /TN "\HPJumpStartLaunch" /ENABLE
Task: {41F417E2-2ABA-4101-995C-6BFBDD111A16} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(9): schtasks.exe -> /Change /TN "\McAfee Remediation (Prepare)" /ENABLE
Task: {41F417E2-2ABA-4101-995C-6BFBDD111A16} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(10): schtasks.exe -> /Change /TN "\McAfeeLogon" /ENABLE
Task: {41F417E2-2ABA-4101-995C-6BFBDD111A16} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(11): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task v2" /ENABLE
Task: {41F417E2-2ABA-4101-995C-6BFBDD111A16} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(12): schtasks.exe -> /Change /TN "\OneDrive Standalone Update Task-S-1-5-21-2643374830-1142200795-122349152-1001" /ENABLE
Task: {41F417E2-2ABA-4101-995C-6BFBDD111A16} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(13): schtasks.exe -> /Change /TN "\StartCN" /ENABLE
Task: {41F417E2-2ABA-4101-995C-6BFBDD111A16} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(14): schtasks.exe -> /Change /TN "\StartDVR" /ENABLE
Task: {41F417E2-2ABA-4101-995C-6BFBDD111A16} - System32\Tasks\AVAST Software\Gaming mode Task Scheduler recovery => Command(15): schtasks.exe -> /Change /TN "\AVAST Software\Gaming mode Task Scheduler recovery" /DISABLE
Task: {48394A74-5934-49F1-80C8-DF2CB6284159} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1116024 2020-02-26] (HP Inc. -> HP Inc.)
Task: {63ACDC09-7CA1-4AFA-8670-6F207BFE2124} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [756672 2018-11-13] (McAfee, Inc. -> McAfee, Inc.)
Task: {6F0E355A-CF63-4766-A810-FC70CFFD1F3B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
Task: {7477BCD0-0910-4780-AEA4-9BCA3D62F494} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-02-26] (Google Inc -> Google LLC)
Task: {948E8F86-95DC-4D69-80F6-B5FD7E2BFAF6} - System32\Tasks\HPCustParticipation HP DeskJet 3630 series => C:\Program Files\HP\HP DeskJet 3630 series\Bin\HPCustPartic.exe [6438536 2017-02-08] (Hewlett Packard -> HP Inc.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {981CF164-6D7E-4BEF-92E3-F7C39038CF09} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1022144 2018-11-07] (McAfee, Inc. -> McAfee, Inc.)
Task: {A7F26460-AF4E-4C8C-9B07-574F61574F86} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [3942704 2020-02-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
Task: {B524873D-5C03-4A32-A772-8D7785A6CCFF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN7824N1HT => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1116024 2020-02-26] (HP Inc. -> HP Inc.)
Task: {B8532484-D4D2-4EBA-B963-C26CA1282DE7} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)
Task: {BE0E3263-665C-4783-BFF9-009B5173E0CA} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {BF4C1691-B129-4D39-8231-0D47B76E4223} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [461824 2017-10-06] (HP Inc. -> HP Inc.)
Task: {C85E6F7F-7343-40EE-9874-1F258002EB8B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2020-02-26] (Google Inc -> Google LLC)
Task: {CA1948FE-0409-4717-ADCB-7A5FAFBF0821} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [655736 2019-07-31] (HP Inc. -> HP Inc.)
Task: {D2EF5901-A588-473A-86D2-31F10FA9AE0D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [145272 2019-10-31] (HP Inc. -> HP Inc.)
Task: {D900930A-9B12-4CEB-9FAC-70ED966CE956} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-09-27] (HP Inc. -> HP Inc.)
Task: {DE4968D1-7505-445D-A39E-D7AA3BCD4926} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [49544 2018-10-16] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {EE2E02FB-F49D-4FDD-AED9-BE2C9C01939E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [308088 2020-02-12] (HP Inc. -> HP Inc.)
Task: {EFC76796-C745-4A58-8E30-49AB695F0F01} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1116024 2020-02-26] (HP Inc. -> HP Inc.)
Task: {F883D350-34EA-4D33-81A6-DDF60024A3DC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506680 2019-06-14] (HP Inc. -> HP Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\HPCeeScheduleForlorra.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{7c51ce76-8592-4733-9561-7ea475db020a}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-2643374830-1142200795-122349152-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-2643374830-1142200795-122349152-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {E267D870-9B89-4A4F-B989-75F71E95216D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {E267D870-9B89-4A4F-B989-75F71E95216D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2643374830-1142200795-122349152-1001 -> {E267D870-9B89-4A4F-B989-75F71E95216D} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\mcsniepl64.dll [2018-11-27] (McAfee, Inc. -> McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files (x86)\mcafee\msc\mcsniepl.dll [2018-11-27] (McAfee, Inc. -> McAfee, Inc.)
Edge:
======
DownloadDir: C:\Users\lorra\Downloads
Edge Notifications: HKU\S-1-5-21-2643374830-1142200795-122349152-1001 -> hxxps://mail.google.com; hxxps://www.facebook.com
FireFox:
========
FF DefaultProfile: qwvr61u6.default
FF ProfilePath: C:\Users\lorra\AppData\Roaming\Mozilla\Firefox\Profiles\qwvr61u6.default [2020-03-09]
FF Notifications: Mozilla\Firefox\Profiles\qwvr61u6.default -> hxxps://www.facebook.com
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2019-01-12] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\program files\mcafee\msc\npmcsnffpl64.dll [2018-11-27] (McAfee, Inc. -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\program files (x86)\mcafee\msc\npmcsnffpl.dll [2018-11-27] (McAfee, Inc. -> )
Chrome:
=======
CHR Profile: C:\Users\lorra\AppData\Local\Google\Chrome\User Data\Default [2020-02-26]
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (Slides) - C:\Users\lorra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-02-26]
CHR Extension: (Docs) - C:\Users\lorra\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-02-26]
CHR Extension: (Google Drive) - C:\Users\lorra\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-02-26]
CHR Extension: (YouTube) - C:\Users\lorra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-02-26]
CHR Extension: (Sheets) - C:\Users\lorra\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-02-26]
CHR Extension: (Google Docs Offline) - C:\Users\lorra\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-02-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lorra\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-02-26]
CHR Extension: (Gmail) - C:\Users\lorra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-02-26]
CHR Extension: (Chrome Media Router) - C:\Users\lorra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-02-26]
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0334924.inf_amd64_05abf00239dfc53b\B334881\atiesrxx.exe [481768 2018-10-23] (Advanced Micro Devices, Inc. -> AMD)
R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [413544 2020-02-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\aswidsagent.exe [6094272 2020-02-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
R2 AvgWscReporter; C:\Program Files\AVG\Antivirus\wsc_proxy.exe [110608 2020-02-26] (AVG Technologies USA, LLC -> AVG Technologies CZ, s.r.o.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8469592 2020-03-06] (BattlEye Innovations e.K. -> )
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [679400 2018-04-02] (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1511728 2017-09-21] (McAfee, Inc. -> McAfee, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811120 2020-03-06] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321096 2018-09-28] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [477184 2017-10-06] (HP Inc. -> HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (Hewlett-Packard Company -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [361848 2019-12-06] (HP Inc. -> HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6933272 2020-03-09] (Malwarebytes Inc -> Malwarebytes)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_18_9\McApExe.exe [744312 2018-11-13] (McAfee, Inc. -> McAfee, Inc.)
S4 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [455584 2017-09-27] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.0.127.0\\McCSPServiceHost.exe [2159464 2018-06-29] (McAfee, Inc. -> McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [366960 2018-08-27] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [590712 2018-08-27] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\windows\system32\mfevtps.exe [499576 2018-08-27] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1705968 2018-11-15] (McAfee, Inc. -> McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1333064 2018-10-26] (McAfee, Inc. -> McAfee, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [267552 2019-06-20] (Realt

#2 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,573 posts

Posted 09 March 2020 - 10:05 AM

You should have received a validation email after you registered on the forum.  You need to complete that process in order to post on the actual forum.  This sub-forum is only for people who are not Members of the forum and is not even available to Members.  Please complete your registration and post your logs in Malware Removal.


Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#3 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,573 posts

Posted 09 March 2020 - 04:27 PM

Since you completed the validation process you are now a Member and I moved your topic to the Malware Removal forum so that you can get help.


Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#4 Lorraine123

Lorraine123

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 10 March 2020 - 01:14 AM

thank you Budfred



#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,359 posts

Posted 10 March 2020 - 06:13 AM

Hello, Welcome to SpywareInfoForum.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
No malware was found in your logs.
 
Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start
 
CreateRestorePoint:
CloseProcesses:
 
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
AlternateDataStreams: C:\Users\lorra\ntuser.ini:NTV [9390]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [486]
 
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD:  C:\Windows\SYSTEM32\lodctr.exe" /R
CMD:  C:\Windows\SysWOW64\lodctr.exe" /R
 
EmptyTemp:
 
End
 
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.
 
Run FRST and click Fix only once and wait.
 
The tool will create a log (Fixlog.txt) please post it to your reply.
===
 
Your computer slows down or freeze. Follow these directives.
 
Malwarebytes for Windows antivirus exclusions list
Execute the instructions on AVG, McAfee and Windows Defender.
 
Let me know if the problem persists.
 
p.s.
 
When did you install AVG and McAfee and why.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 Lorraine123

Lorraine123

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 10 March 2020 - 08:12 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-03-2020
Ran by lorra (10-03-2020 13:49:11) Run:1
Running from C:\Users\lorra\Downloads
Loaded Profiles: lorra (Available Profiles: lorra)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found
 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
AlternateDataStreams: C:\Users\lorra\ntuser.ini:NTV [9390]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [486]
 
CMD: netsh int ip reset
CMD: ipconfig /flushDNS
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD:  C:\Windows\SYSTEM32\lodctr.exe" /R
CMD:  C:\Windows\SysWOW64\lodctr.exe" /R
 
EmptyTemp:
 
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com" => removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avg => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avg => removed successfully
C:\Users\lorra\ntuser.ini => ":NTV" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully

========= netsh int ip reset =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= ipconfig /flushDNS =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


Error: Unable to rebuild performance counter setting from system backup store, error code is 2
========= End of CMD: =========


========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


Info: Successfully rebuilt performance counter setting from system backup store
========= End of CMD: =========


========= C:\Windows\SYSTEM32\lodctr.exe" /R =========


========= End of CMD: =========


========= C:\Windows\SysWOW64\lodctr.exe" /R =========


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 10772480 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15862442 B
Java, Flash, Steam htmlcache => 2037 B
Windows/system/drivers => 3285839 B
Edge => 100210627 B
Chrome => 12593771 B
Firefox => 599147298 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 1233474 B
systemprofile32 => 1233474 B
LocalService => 1299572 B
NetworkService => 1339354 B
lorra => 28827317 B

RecycleBin => 143883061 B
EmptyTemp: => 877.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 13:53:24 ====



#7 Lorraine123

Lorraine123

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 10 March 2020 - 08:17 AM

The McAfee came preinstalled with the laptop, I've just removed it.

The AVG was downloaded to run the free scan facility - should I uninstall that as well?



#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,359 posts

Posted 11 March 2020 - 06:20 AM

Hi,

 

McAfee does not let get easy. I suggest you run this complete Uninstaller.
Download and run their uninstaller tool from this site.
 
Restart the computer when the removal is completed.
------
 
How is the computer running?

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#9 Lorraine123

Lorraine123

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 12 March 2020 - 07:38 PM

Thank you for your help, I've run the McAfee uninstaller, so hopefully that's one gone.

 

The computer does seem a bit better, but sometimes it does run OK -  it's more that it kind of whirrs up and freezes while it's doing it - sometimes for a few minutes and then it's kind of OK again until it starts whirring again.  I know that's not a very good description but I don't know how else to describe it, my son says it's laggy :unknw:

 

I've tried to follow your instructions for the malwarebytes but couldn't seem to find the right files on my computer - should I delete the AVG as well? as it seems like there is a WIndows VS or does it need something else in addition?



#10 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,359 posts

Posted 13 March 2020 - 06:49 AM

Hi

 

Some files may not be installed on this computer.

 

 
Hi,
 
To add Malwarebytes to the AVG and Windows Defender exclusion list follow these directives
 
Excluding certain files or websites from scanning in AVG Antivirus
 
Add an exclusion to Windows Security
 
Add these entries in both programs.
Make sure that these entries are listed.
 

C:\Program Files\Malwarebytes
C:\ProgramData\Malwarebytes
 
C:\Windows\System32\drivers\mbamswissarmy.sys
C:\Windows\System32\drivers\mbamchameleon.sys
C:\Windows\System32\drivers\mbae64.sys (Only present on 64-bit machines.)
 

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#11 Lorraine123

Lorraine123

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 13 March 2020 - 07:32 AM

OK thank you, I think I've done that - will see how we go



#12 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,359 posts

Posted 16 March 2020 - 05:43 AM

How is the computer running now?


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#13 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,359 posts

Posted 19 March 2020 - 06:33 AM

Are you still with me?


nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#14 Lorraine123

Lorraine123

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 19 March 2020 - 08:38 AM

yes thank you, seems to be running OK at times, but then other times it's just so slow ... I've just printed two documents off from an email and it's taken about twenty minutes to open them and send to printer ... but now it's done that it's browing fine.

 

We are having a problem with our wifi I think, as we have been advised that some networks are struggling so maybe it's that



#15 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,359 posts

Posted 20 March 2020 - 06:24 AM

Hi,
 
Your Internet Provider is able to test your router.
 
Before you ask them reset the router.
 
How to Reset a Router Back to the Factory Default Settings
 
Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)
 
===
 
Reset for Linksys, Netgear, D-Link and Belkin Routers
 
====
How to tell if my Wireless is secure.
 
How to create a strong password.
 
Keep me posted.

nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#16 Lorraine123

Lorraine123

    Member

  • Full Member
  • Pip
  • 14 posts

Posted 28 March 2020 - 06:11 AM

Thanks for your reply, I think it might be a lost cause :wacko: would a factory reset help ... just start over again with it?



#17 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,359 posts

Posted 29 March 2020 - 06:30 AM

Hi,
 
It's been awhile since we talked.
 
What did the Internet provider say.
 
Before going to a full reset let's do this.
 
Repair these services.
 
Boot with Safe Mode with Networking. Execute the following.
 
Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click Repairs - Open Repairs in the bottom right corner
  • Uncheck the All repair button then select just the item(s) listed below
  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    16 - Repair Windows Updates
    20 - Repair MSI (Windows Installer)
    25 - Restore Important Windows Services
    26 - Set Windows Service to Default Startup
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.
  • ===
     
    Post the log(s) for my review.
     
    Let me know what problem persists.

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #18 Lorraine123

    Lorraine123

      Member

    • Full Member
    • Pip
    • 14 posts

    Posted 12 April 2020 - 09:34 AM

    Sorry it's taken me so long to get back to you, I haven't used the computer and it's so busy with work and kids off that I just haven't had time until today.

     

    I've run the scan as you suggested and have copied the resulting log below.

     

    Thanks again for your time and patience

    xx

    ----------------------------------

    Log:
    Tweaking.com - Windows Repair 2019 (v4.7.2)
    ────────────────────────────────────────────────────────────────────────────────

    System Variables
    ────────────────────────────────────────────────────────────────────────────────
    Running In Windows Safe Mode: True
    OS: Windows 10 Home
    OS Architecture: 64-bit
    OS Version: (1909) 10.0.18363.720
    OS Service Pack:
    Computer Name: LAPTOP-JTE4PHKR
    Windows Drive: C:\
    Windows Path: C:\WINDOWS
    Program Files: C:\Program Files
    Program Files (x86): C:\Program Files (x86)
    Current Profile: C:\Users\lorra
    Current Profile SID: S-1-5-21-2643374830-1142200795-122349152-1001
    Current Profile Classes: S-1-5-21-2643374830-1142200795-122349152-1001_Classes
    Profiles Location: C:\Users
    Profiles Location 2: C:\WINDOWS\ServiceProfiles
    Local Settings AppData: C:\Users\lorra\AppData\Local
    ────────────────────────────────────────────────────────────────────────────────

    System Information
    ────────────────────────────────────────────────────────────────────────────────
    System Up Time: 0 Days 00:18:17

    Process Count: 61
    Commit Total: 1.38 GB
    Commit Limit: 8.64 GB
    Commit Peak: 1.46 GB
    Handle Count: 22709
    Kernel Total: 339.49 MB
    Kernel Paged: 255.73 MB
    Kernel Non Paged: 83.76 MB
    System Cache: 1.57 GB
    Thread Count: 720
    ────────────────────────────────────────────────────────────────────────────────

    Memory Before Cleaning with CleanMem
    ────────────────────────────────────────────────────────────────────────────────
    Memory Total: 3.89 GB
    Memory Used: 1.76 GB(45.2234%)
    Memory Avail.: 2.13 GB
    ────────────────────────────────────────────────────────────────────────────────

    Cleaning Memory Before Starting Repairs...

    Memory After Cleaning with CleanMem
    ────────────────────────────────────────────────────────────────────────────────
    Memory Total: 3.89 GB
    Memory Used: 1.32 GB(33.827%)
    Memory Avail.: 2.57 GB
    ────────────────────────────────────────────────────────────────────────────────

    Starting Repairs...
       Started at (12/04/2020 16:10:46)

    Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
    Total Missing 'InstallDate' Fixed: 47
     
    01 - Reset Registry Permissions
       Restore Windows 7/8/10 Default Registry Permissions
       Start (12/04/2020 16:10:49)


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hku.7z
    Done,  0.5 seconds.


    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\hklm.7z
    Done,  7.66 seconds.

       Running Repair Under System Account
       Done (12/04/2020 16:12:05)

    03 - Reset Service Permissions
       Start (12/04/2020 16:12:05)

       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (12/04/2020 16:12:44)

    04 - Register System Files
       Start (12/04/2020 16:12:44)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (12/04/2020 16:14:28)

    05 - Repair WMI
       Start (12/04/2020 16:14:28)

       Starting Security Center So We Can Export The Security Info.

       Exporting Antivirus Info...
       Windows Defender Exported.
       AVG Antivirus Exported.

       Exporting AntiSpyware Info...
       Windows Defender Exported.
       McAfee VirusScan Exported.

       Exporting 3rd Party Firewall Info...
       No Firewall Products Reported.

       Running Repair Under Current User Account
       Done (12/04/2020 16:21:41)

    10 - Remove Policies Set By Infections
       Start (12/04/2020 16:21:41)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (12/04/2020 16:21:46)

    16 - Repair Windows Updates
       Start (12/04/2020 16:21:46)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
    Done,  0.25 seconds.

       Running Repair Under Current User Account
       Running Repair Under System Account
       Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
       Done (12/04/2020 16:22:25)

    20 - Repair MSI (Windows Installer)
       Start (12/04/2020 16:22:25)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
    Done,  0.25 seconds.

       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (12/04/2020 16:22:39)

    25 - Restore Important Windows Services
       Start (12/04/2020 16:22:39)

    Decompressing & Updating Windows Permission File C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\permissions\10\services.7z
    Done,  0.25 seconds.

       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (12/04/2020 16:22:53)

    26 - Set Windows Services To Default Startup
       Start (12/04/2020 16:22:53)
       Running Repair Under Current User Account
       Running Repair Under System Account
       Done (12/04/2020 16:23:06)

    Cleaning up empty logs...

    All Selected Repairs Done.
       Done at (12/04/2020 16:23:06)
       Total Repair Time: 00:12:22


    ...YOU MUST RESTART YOUR SYSTEM...



    #19 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,359 posts

    Posted 13 April 2020 - 04:54 AM

    Hi,
     
    We are still here.
    Your computer must still be as slow as before.
     
    Run this fix.
     
    Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
    Type Notepad and and click the OK key.
    Please copy the entire contents of the code box below to the a new file.
     
    start
     
    CreateRestorePoint:
    CloseProcesses:
     
    CMD: netsh int ip reset
    CMD: ipconfig /flushDNS
    CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
    CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
    CMD:  C:\Windows\SYSTEM32\lodctr.exe" /R
    CMD:  C:\Windows\SysWOW64\lodctr.exe" /R
     
    cmd: sfc /scannow
    cmd: DISM.exe /Online /Cleanup-image /Restorehealth
    CMD: ECHO Y|CHKDSK C: /F
     
    EmptyTemp:
     
    End
    
     
    Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
    The location is listed in the 3rd line of the Farbar log you have submitted.
     
    Run FRST and click Fix only once and wait.
     
    After the restart the tool will create a log (Fixlog.txt) please post it to your reply.
    ===
     
    Let me know how the computer is running now.

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #20 Lorraine123

    Lorraine123

      Member

    • Full Member
    • Pip
    • 14 posts

    Posted 13 April 2020 - 09:02 AM

    OK think I've managed that  ... log below

     

    xx

     

    Fix result of Farbar Recovery Scan Tool (x64) Version: 13-04-2020
    Ran by lorra (13-04-2020 15:13:30) Run:2
    Running from C:\Users\lorra\Downloads\FRST-OlderVersion
    Loaded Profiles: lorra (Available Profiles: lorra)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
     
    CreateRestorePoint:
    CloseProcesses:
     
    CMD: netsh int ip reset
    CMD: ipconfig /flushDNS
    CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
    CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
    CMD:  C:\Windows\SYSTEM32\lodctr.exe" /R
    CMD:  C:\Windows\SysWOW64\lodctr.exe" /R
     
    cmd: sfc /scannow
    cmd: DISM.exe /Online /Cleanup-image /Restorehealth
    CMD: ECHO Y|CHKDSK C: /F
     
    EmptyTemp:
     
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.

    ========= netsh int ip reset =========

    Resetting Compartment Forwarding, OK!
    Resetting Compartment, OK!
    Resetting Control Protocol, OK!
    Resetting Echo Sequence Request, OK!
    Resetting Global, OK!
    Resetting Interface, OK!
    Resetting Anycast Address, OK!
    Resetting Multicast Address, OK!
    Resetting Unicast Address, OK!
    Resetting Neighbor, OK!
    Resetting Path, OK!
    Resetting Potential, OK!
    Resetting Prefix Policy, OK!
    Resetting Proxy Neighbor, OK!
    Resetting Route, OK!
    Resetting Site Prefix, OK!
    Resetting Subinterface, OK!
    Resetting Wakeup Pattern, OK!
    Resetting Resolve Neighbor, OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , failed.
    Access is denied.

    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Resetting , OK!
    Restart the computer to complete this action.


    ========= End of CMD: =========


    ========= ipconfig /flushDNS =========


    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========


    ========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========


    Info: Successfully rebuilt performance counter setting from system backup store
    ========= End of CMD: =========


    ========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========


    Info: Successfully rebuilt performance counter setting from system backup store
    ========= End of CMD: =========


    ========= C:\Windows\SYSTEM32\lodctr.exe" /R =========


    ========= End of CMD: =========


    ========= C:\Windows\SysWOW64\lodctr.exe" /R =========


    ========= End of CMD: =========


    ========= sfc /scannow =========



    Beginning system scan.  This process will take some time.



    Beginning verification phase of system scan.


    Verification 0% complete.
    Verification 1% complete.
    Verification 1% complete.
    Verification 2% complete.
    Verification 3% complete.
    Verification 3% complete.
    Verification 4% complete.
    Verification 5% complete.
    Verification 5% complete.
    Verification 6% complete.
    Verification 6% complete.
    Verification 7% complete.
    Verification 8% complete.
    Verification 8% complete.
    Verification 9% complete.
    Verification 10% complete.
    Verification 10% complete.
    Verification 11% complete.
    Verification 11% complete.
    Verification 12% complete.
    Verification 13% complete.
    Verification 13% complete.
    Verification 14% complete.
    Verification 15% complete.
    Verification 15% complete.
    Verification 16% complete.
    Verification 17% complete.
    Verification 17% complete.
    Verification 18% complete.
    Verification 18% complete.
    Verification 19% complete.
    Verification 20% complete.
    Verification 20% complete.
    Verification 21% complete.
    Verification 22% complete.
    Verification 22% complete.
    Verification 23% complete.
    Verification 23% complete.
    Verification 24% complete.
    Verification 25% complete.
    Verification 25% complete.
    Verification 26% complete.
    Verification 27% complete.
    Verification 27% complete.
    Verification 28% complete.
    Verification 29% complete.
    Verification 29% complete.
    Verification 30% complete.
    Verification 30% complete.
    Verification 31% complete.
    Verification 32% complete.
    Verification 32% complete.
    Verification 33% complete.
    Verification 34% complete.
    Verification 34% complete.
    Verification 35% complete.
    Verification 35% complete.
    Verification 36% complete.
    Verification 37% complete.
    Verification 37% complete.
    Verification 38% complete.
    Verification 39% complete.
    Verification 39% complete.
    Verification 40% complete.
    Verification 40% complete.
    Verification 41% complete.
    Verification 42% complete.
    Verification 42% complete.
    Verification 43% complete.
    Verification 44% complete.
    Verification 44% complete.
    Verification 45% complete.
    Verification 46% complete.
    Verification 46% complete.
    Verification 47% complete.
    Verification 47% complete.
    Verification 48% complete.
    Verification 49% complete.
    Verification 49% complete.
    Verification 50% complete.
    Verification 51% complete.
    Verification 51% complete.
    Verification 52% complete.
    Verification 52% complete.
    Verification 53% complete.
    Verification 54% complete.
    Verification 54% complete.
    Verification 55% complete.
    Verification 56% complete.
    Verification 56% complete.
    Verification 57% complete.
    Verification 58% complete.
    Verification 58% complete.
    Verification 59% complete.
    Verification 59% complete.
    Verification 60% complete.
    Verification 61% complete.
    Verification 61% complete.
    Verification 62% complete.
    Verification 63% complete.
    Verification 63% complete.
    Verification 64% complete.
    Verification 64% complete.
    Verification 65% complete.
    Verification 66% complete.
    Verification 66% complete.
    Verification 67% complete.
    Verification 68% complete.
    Verification 68% complete.
    Verification 69% complete.
    Verification 69% complete.
    Verification 70% complete.
    Verification 71% complete.
    Verification 71% complete.
    Verification 72% complete.
    Verification 73% complete.
    Verification 73% complete.
    Verification 74% complete.
    Verification 75% complete.
    Verification 75% complete.
    Verification 76% complete.
    Verification 76% complete.
    Verification 77% complete.
    Verification 78% complete.
    Verification 78% complete.
    Verification 79% complete.
    Verification 80% complete.
    Verification 80% complete.
    Verification 81% complete.
    Verification 81% complete.
    Verification 82% complete.
    Verification 83% complete.
    Verification 83% complete.
    Verification 84% complete.
    Verification 85% complete.
    Verification 85% complete.
    Verification 86% complete.
    Verification 87% complete.
    Verification 87% complete.
    Verification 88% complete.
    Verification 88% complete.
    Verification 89% complete.
    Verification 90% complete.
    Verification 90% complete.
    Verification 91% complete.
    Verification 92% complete.
    Verification 92% complete.
    Verification 93% complete.
    Verification 93% complete.
    Verification 94% complete.
    Verification 95% complete.
    Verification 95% complete.
    Verification 96% complete.
    Verification 97% complete.
    Verification 97% complete.
    Verification 98% complete.
    Verification 99% complete.
    Verification 99% complete.
    Verification 100% complete.


    Windows Resource Protection did not find any integrity violations.


    ========= End of CMD: =========


    ========= DISM.exe /Online /Cleanup-image /Restorehealth =========


    Deployment Image Servicing and Management tool
    Version: 10.0.18362.1

    Image Version: 10.0.18363.720


    [==                         4.5%                           ]

    [==                         4.6%                           ]

    [==                         4.8%                           ]

    [==                         5.0%                           ]

    [==                         5.0%                           ]

    [===                        5.2%                           ]

    [===                        5.3%                           ]

    [===                        5.4%                           ]

    [===                        5.5%                           ]

    [===                        5.6%                           ]

    [===                        5.7%                           ]

    [===                        5.8%                           ]

    [===                        5.9%                           ]

    [===                        6.0%                           ]

    [===                        6.2%                           ]

    [===                        6.2%                           ]

    [===                        6.3%                           ]

    [===                        6.3%                           ]

    [===                        6.6%                           ]

    [===                        6.7%                           ]

    [===                        6.7%                           ]

    [===                        6.8%                           ]

    [====                       6.9%                           ]

    [====                       7.0%                           ]

    [====                       7.0%                           ]

    [====                       7.1%                           ]

    [====                       7.2%                           ]

    [====                       7.3%                           ]

    [====                       7.4%                           ]

    [====                       7.5%                           ]

    [====                       7.5%                           ]

    [====                       7.5%                           ]

    [====                       7.5%                           ]

    [====                       7.5%                           ]

    [====                       7.6%                           ]

    [====                       7.6%                           ]

    [====                       7.6%                           ]

    [====                       7.7%                           ]

    [====                       7.7%                           ]

    [====                       7.7%                           ]

    [====                       7.8%                           ]

    [====                       7.8%                           ]

    [====                       7.8%                           ]

    [====                       7.8%                           ]

    [====                       7.8%                           ]

    [====                       7.8%                           ]

    [====                       7.8%                           ]

    [====                       7.8%                           ]

    [====                       7.9%                           ]

    [====                       7.9%                           ]

    [====                       7.9%                           ]

    [====                       8.0%                           ]

    [====                       8.1%                           ]

    [====                       8.1%                           ]

    [====                       8.2%                           ]

    [====                       8.3%                           ]

    [====                       8.3%                           ]

    [====                       8.4%                           ]

    [====                       8.5%                           ]

    [====                       8.5%                           ]

    [====                       8.5%                           ]

    [=====                      8.7%                           ]

    [=====                      8.8%                           ]

    [=====                      9.0%                           ]

    [=====                      9.1%                           ]

    [=====                      9.3%                           ]

    [=====                      9.4%                           ]

    [=====                      9.5%                           ]

    [=====                      9.6%                           ]

    [=====                      9.8%                           ]

    [=====                      10.0%                          ]

    [=====                      10.1%                          ]

    [=====                      10.3%                          ]

    [======                     10.5%                          ]

    [======                     10.6%                          ]

    [======                     10.9%                          ]

    [======                     11.3%                          ]

    [======                     11.4%                          ]

    [======                     11.5%                          ]

    [======                     11.5%                          ]

    [======                     11.6%                          ]

    [======                     11.8%                          ]

    [======                     11.9%                          ]

    [=======                    12.1%                          ]

    [=======                    12.2%                          ]

    [=======                    12.3%                          ]

    [=======                    12.5%                          ]

    [=======                    12.5%                          ]

    [=======                    12.6%                          ]

    [=======                    12.9%                          ]

    [=======                    13.0%                          ]

    [=======                    13.1%                          ]

    [=======                    13.3%                          ]

    [=======                    13.5%                          ]

    [=======                    13.5%                          ]

    [=======                    13.5%                          ]

    [=======                    13.7%                          ]

    [========                   13.8%                          ]

    [========                   13.9%                          ]

    [========                   14.0%                          ]

    [========                   14.2%                          ]

    [========                   14.3%                          ]

    [========                   14.5%                          ]

    [========                   14.5%                          ]

    [========                   14.6%                          ]

    [========                   14.8%                          ]

    [========                   14.9%                          ]

    [========                   15.1%                          ]

    [========                   15.2%                          ]

    [========                   15.4%                          ]

    [=========                  15.5%                          ]

    [=========                  15.6%                          ]

    [=========                  15.8%                          ]

    [=========                  16.0%                          ]

    [=========                  16.2%                          ]

    [=========                  16.3%                          ]

    [=========                  16.5%                          ]

    [=========                  16.6%                          ]

    [=========                  16.7%                          ]

    [=========                  16.8%                          ]

    [=========                  16.9%                          ]

    [=========                  17.0%                          ]

    [==========                 17.3%                          ]

    [==========                 17.4%                          ]

    [==========                 17.4%                          ]

    [==========                 17.5%                          ]

    [==========                 17.6%                          ]

    [==========                 17.8%                          ]

    [==========                 17.9%                          ]

    [==========                 18.0%                          ]

    [==========                 18.1%                          ]

    [==========                 18.3%                          ]

    [==========                 18.4%                          ]

    [==========                 18.5%                          ]

    [==========                 18.6%                          ]

    [==========                 18.7%                          ]

    [==========                 18.9%                          ]

    [===========                19.0%                          ]

    [===========                19.1%                          ]

    [===========                19.2%                          ]

    [===========                19.4%                          ]

    [===========                19.5%                          ]

    [===========                19.6%                          ]

    [===========                19.8%                          ]

    [===========                19.9%                          ]

    [===========                20.0%                          ]

    [===========                20.1%                          ]

    [===========                20.2%                          ]

    [===========                20.3%                          ]

    [===========                20.5%                          ]

    [===========                20.5%                          ]

    [===========                20.6%                          ]

    [============               20.8%                          ]

    [============               20.9%                          ]

    [============               21.1%                          ]

    [============               21.2%                          ]

    [============               21.2%                          ]

    [============               21.3%                          ]

    [============               21.4%                          ]

    [============               21.4%                          ]

    [============               21.5%                          ]

    [============               21.6%                          ]

    [============               21.7%                          ]

    [============               21.9%                          ]

    [============               21.9%                          ]

    [============               22.0%                          ]

    [============               22.1%                          ]

    [============               22.2%                          ]

    [============               22.2%                          ]

    [============               22.3%                          ]

    [============               22.4%                          ]

    [=============              22.5%                          ]

    [=============              23.2%                          ]

    [=============              23.8%                          ]

    [==============             24.8%                          ]

    [==============             25.3%                          ]

    [===============            26.0%                          ]

    [===============            26.5%                          ]

    [===============            27.4%                          ]

    [================           28.4%                          ]

    [================           29.1%                          ]

    [=================          30.1%                          ]

    [==================         31.1%                          ]

    [==================         31.2%                          ]

    [==================         31.3%                          ]

    [==================         31.5%                          ]

    [==================         31.5%                          ]

    [==================         31.5%                          ]

    [==================         31.5%                          ]

    [==================         31.5%                          ]

    [==================         31.5%                          ]

    [==================         31.6%                          ]

    [==================         31.6%                          ]

    [==================         31.6%                          ]

    [==================         31.6%                          ]

    [==================         31.6%                          ]

    [==================         31.7%                          ]

    [==================         31.7%                          ]

    [==================         31.8%                          ]

    [==================         31.9%                          ]

    [==================         31.9%                       


    #21 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,359 posts

    Posted 14 April 2020 - 06:21 AM

    I hope that all is well.

     

    Stay safe.


    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #22 Lorraine123

    Lorraine123

      Member

    • Full Member
    • Pip
    • 14 posts

    Posted 20 April 2020 - 11:37 AM

    Having a quick bruzz around on the computer and it does finally seem to be working better and quicker :hyper:

     

    So just wondered what your advise would be going forward to keep it running smoother? Are there things I should run regularly? Programmes I should avoid using ...noticed that I have Internet Explorer, Chrome and  Firefox ... would it be advisable to delete two?  

     

    Any suggestions gratefully received.

     

    xx



    #23 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,359 posts

    Posted 20 April 2020 - 12:57 PM

    Hi,
     
    --RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
  • =======
     
    Download   Farbar's Service Scanner utility
    and Save to your Desktop.
    If using Windows 7 or above, Right-Click on fss.exe and select Run As Administrator.
    If using XP, double-click to start.
    Answer Yes to ok when prompted.
    If your firewall then puts out a prompt, again, allow it to run.
    Once FSS is on-screen, be sure the following items are checkmarked:
    Internet Services
    Windows Firewall
    System Restore
    Security Center/Action Center
    Windows Update
    Windows Defender
    Other Services
      
    Click on "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Copy & Paste contents of FSS.txt into your reply.
    ===
     
    Run the Farbar program and post fresh logs for my review.

    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #24 Lorraine123

    Lorraine123

      Member

    • Full Member
    • Pip
    • 14 posts

    Posted 26 April 2020 - 08:09 AM

    RogueKiller Anti-Malware V14.4.0.0 (x64) [Apr 1 2020] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/d...ad/roguekiller/
    Operating System : Windows 10 (10.0.18363) 64 bits
    Started in : Normal mode
    User : lorra [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Signatures : 20200424_130303, Driver : Loaded
    Mode : Standard Scan, Scan -- Date : 2020/04/26 14:18:26 (Duration : 00:42:45)
    Switches : -minimize

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    #25 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,359 posts

    Posted 27 April 2020 - 05:00 AM

    Hi,

     

    Nice to see that you are back.

     

    Are you going to run the Download   Farbar's Service Scanner utility ?

     

    How is the computer running?


    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #26 Lorraine123

    Lorraine123

      Member

    • Full Member
    • Pip
    • 14 posts

    Posted 17 May 2020 - 11:54 AM

    Apologies, I thought I had already run this but obviously hadn't ... sorry.  I haven't used the computer, apart from following you're information,  it's just so frustrating it's easier to use my phone for browsing and emails,  I'm sure it's mainly user error but as an example it has taken 50 minutes and a turn it off and on again to get this scan run and posted :wacko:

     

     

     

     

    Farbar Service Scanner Version: 14-12-2019
    Ran by lorra (administrator) on 17-05-2020 at 18:43:08
    Running from "C:\Users\lorra\Downloads"
    Microsoft Windows 10 Home  (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****



    #27 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,359 posts

    Posted 18 May 2020 - 05:37 AM

    Hi,

     

    Do a Factory Reset.

     

    How To:

    https://www.laptopma...t-windows-10-pc

     

    Read the topic.

     

    Make sure you keep your files as suggested.

     

    When completed Install all the Security Updates.

     

    Under this section of the topic.

    1. Navigate to Settings.  

     

    Select 

    2. Select "Update & security"

     

    Select Windows Updates

     

    How is the computer running now?


    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #28 Lorraine123

    Lorraine123

      Member

    • Full Member
    • Pip
    • 14 posts

    Posted 28 May 2020 - 05:11 PM

    OK think I've done that, although I think it's cleared everything as I've had to set it windows again, no worries as there was nothing saved on there as I've only ever used it for browsing and stuff, so no photos or files on there. 

     

    Will see how it goes - fingers crossed.



    #29 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,359 posts

    Posted 29 May 2020 - 05:39 AM

    Stay safe.


    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #30 Lorraine123

    Lorraine123

      Member

    • Full Member
    • Pip
    • 14 posts

    Posted 03 June 2020 - 01:37 AM

    Thank you nasdaq, I've used it a few times now and it does seem to be working a lot better. Do you have any idea what the problem was ... is it something I can avoid in future?



    #31 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,359 posts

    Posted 03 June 2020 - 05:29 AM

    Hi,

     

    Hard to pin point the cause.

    Might have been caused by a bad Microsoft updates. Not sure.

     

    It was not malware.


    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760

    #32 nasdaq

    nasdaq

      Forum Deity

    • Global Moderator
    • PipPipPipPipPip
    • 49,359 posts

    Posted 11 June 2020 - 05:41 AM

    Since the issue appears to be resolved this Topic is closed.

    If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
    nasdaq

    Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
    [ Housecall online virus scan ] [ Bitdefender online virus scan ]
    [ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

    My help is free, but if we have helped you in anyway,please considerDonating ,
    see this topic for details.
    We need members like you.

    ========
    Shouldn't water be worth more than diamonds?
    Adam Smith Glasgow, 1760




    Member of UNITE
    Support SpywareInfo Forum - click the button