Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-03-2020 Ran by minij (administrator) on LAPTOP-EVIFAQQJ (HP HP 15 Notebook PC) (28-03-2020 14:15:36) Running from C:\Users\minij\Desktop Loaded Profiles: minij (Available Profiles: minij) Platform: Windows 10 Home Version 1703 15063.1387 (X64) Language: English (United States) Default browser: Edge Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (CyberLink Corp. -> CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Company -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe (Hewlett-Packard Company -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe (HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe (HP Inc. -> HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe (HP Inc.) [File not signed] C:\Program Files\HPCommRecovery\HPCommRecovery.exe (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel(R) Software -> Intel Corporation) C:\Windows\syswow64\esif_uf.exe (Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe (McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\3.0.127.0\McCSPServiceHost.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_18_9\mcapexe.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\mcafee\vul\McVulCtr.exe (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe (McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.12527.20278\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\minij\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Windows -> Microsoft Corporation) C:\$WINDOWS.~BT\Sources\SetupHost.exe (Microsoft Windows -> Microsoft Corporation) C:\$WINDOWS.~BT\Work\CB282C50-8144-4E9D-BBF0-436303134D7E\DismHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\rempl\sedlauncher.exe (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\72462f08ea165cd00a7ab75f7a538584\WindowsUpdateBox.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wimserv.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Skype) C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.1000_x64__kzf8qxf38zg5c\SkypeHost.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Windows -> Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843784 2016-08-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [705784 2016-06-20] (HP Inc. -> HP Inc.) HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324488 2016-08-02] (HP Inc. -> HP) HKLM\Software\Microsoft\Active Setup\Installed Components: [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] -> %SystemRoot%\inf\unregmp2.exe /ShowWMP Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP JumpStart Launch.lnk [2017-04-13] ShortcutTarget: HP JumpStart Launch.lnk -> c:\Windows\Installer\{B90CB0DE-2E60-41C4-9857-466EB98192BF}\HPlogo_blue.ico () [File not signed] ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {093A3C73-206D-4EE0-9084-DB1387230DB5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-24] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {15715373-7884-42CE-AC13-0675E347EE3D} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [744784 2018-07-13] (McAfee, Inc. -> McAfee, Inc.) Task: {1DD95ED7-12F0-41FD-A35A-B5992DB0F38C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-24] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {29B0450B-3692-4965-9849-FEBDC26F1BC4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.) Task: {2B403A11-46E7-4835-945C-E7AC6399E61C} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448480 2019-06-16] (Microsoft Corporation -> Microsoft Corporation) Task: {2B8E0383-547F-4E86-AFAA-32CAB61B7532} - System32\Tasks\HPJumpStartProvider => C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe [843800 2016-08-05] (HP Inc. -> ) Task: {35103FC1-BFB8-4FF5-8D43-398083F7F6EA} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1019584 2018-09-05] (McAfee, Inc. -> McAfee, Inc.) Task: {3512366A-0986-425C-9E6C-539F7C4918F7} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs] Task: {4173C4BE-D620-44CC-B323-6E21AAD0BC77} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [651400 2017-09-20] (Hewlett Packard -> HP Inc.) Task: {45C6B50C-6769-4567-9702-C97D6AFBA3CA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-24] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {4D779255-77B6-41B1-89C6-83031F6FAF28} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-04] (Dropbox, Inc -> Dropbox, Inc.) Task: {596CC529-3F85-446F-B446-3E0342F12F55} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [584488 2016-09-21] (Dropbox, Inc -> ) Task: {5E401520-7EF8-4D49-BB7B-6330C7C6FCDF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MpCmdRun.exe [480272 2020-03-24] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {6BB934B3-A648-4EBA-8534-19D979BEAB79} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [136056 2019-01-02] (HP Inc. -> HP Inc.) Task: {883E1B80-9B8F-477A-A3CD-876A93497607} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-04] (Dropbox, Inc -> Dropbox, Inc.) Task: {A147522D-5B5A-4310-86D5-ADCF632004D9} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2016-11-07] (HP Inc. -> HP Inc.) Task: {A3A9EA55-7057-4412-93C4-E2FE52C7EF98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1488248 2018-12-10] (HP Inc. -> HP Inc.) Task: {A5202459-5F5F-491A-B69F-004DDEE2794F} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [1448480 2019-06-16] (Microsoft Corporation -> Microsoft Corporation) Task: {ADA1C252-F3DF-4E05-A081-32AC9D640AE8} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1356008 2016-01-21] (Hewlett-Packard Company -> HP Development Company, L.P.) Task: {B1235930-A89E-4F19-A70F-5C208B595A85} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112664 2019-06-16] (Microsoft Corporation -> Microsoft Corporation) Task: {C0D9B6AD-2F12-4334-B7BA-A99A54EE8393} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26167288 2019-06-07] (Microsoft Corporation -> Microsoft Corporation) Task: {CB9511ED-F651-4B61-ABB3-A4C0D2B11BBD} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.122\DADUpdater.exe [4144776 2020-03-24] (McAfee, Inc. -> McAfee, LLC.) Task: {D0ADCC31-D1AF-4033-B321-D03D2AD48FBC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [217976 2018-11-08] (HP Inc. -> HP Inc.) Task: {D60F47EE-F3ED-4E6E-B555-18C38FC83B7D} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [112664 2019-06-16] (Microsoft Corporation -> Microsoft Corporation) Task: {E468094C-9EA9-46F7-8028-A784BFA373AA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26167288 2019-06-07] (Microsoft Corporation -> Microsoft Corporation) Task: {E92319D0-8220-4C8F-9DB6-C1AADDB4796D} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1019584 2018-09-05] (McAfee, Inc. -> McAfee, Inc.) Task: {F700FFB7-1A46-48E5-9B70-EA7407DD9346} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1658392 2016-08-24] (HP Inc. -> HP Inc.) Task: {F8FEE38E-C917-46D9-A510-DEFDB22F151D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.) Task: {F93F58F0-9AD0-47FA-B81D-C90388A323EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1073528 2019-04-02] (HP Inc. -> HP Inc.) Task: {FD656AE6-11F3-406D-A000-978D8B6577FD} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4552120 2020-01-06] (McAfee, LLC -> McAfee, LLC.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-31] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-31] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 209.18.47.63 209.18.47.62 Tcpip\..\Interfaces\{8cff600f-8926-484d-a0bc-588216a80a4f}: [DhcpNameServer] 40.23.1.12 Tcpip\..\Interfaces\{f3d7273a-6a58-479e-9058-c770f8f62a19}: [DhcpNameServer] 209.18.47.63 209.18.47.62 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-2197453201-3331448601-2838413165-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE HKU\S-1-5-21-2197453201-3331448601-2838413165-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2019-06-16] (Microsoft Corporation -> Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-23] (Hewlett-Packard Company -> HP Inc.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-23] (Hewlett-Packard Company -> HP Inc.) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-16] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2019-06-16] (Microsoft Corporation -> Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2018-09-28] (McAfee, Inc. -> McAfee, Inc.) Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2018-09-28] (McAfee, Inc. -> McAfee, Inc.) FireFox: ======== FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => not found FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2018-11-23] [Legacy] [not signed] FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2018-09-28] (McAfee, Inc. -> ) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-02] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-02] (Intel(R) Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2018-09-28] (McAfee, Inc. -> ) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2019-04-07] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2016-09-01] (WildTangent Inc -> ) ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 0165341554769044mcinstcleanup; C:\WINDOWS\TEMP\016534~1.EXE [904360 2018-09-16] (McAfee, Inc. -> McAfee, Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11146224 2019-06-06] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-04] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-04] (Dropbox, Inc -> Dropbox, Inc.) R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2016-07-12] (Intel(R) Software -> Intel Corporation) S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-09-01] (WildTangent Inc -> WildTangent) R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [897536 2016-09-09] (HP Inc.) [File not signed] R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3421616 2017-06-20] (HP Inc. -> HP Inc.) R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [461848 2016-08-05] (HP Inc. -> HP Inc.) R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-04] (Hewlett-Packard Company -> HP) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [347512 2018-12-06] (HP Inc. -> HP Inc.) R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc. -> HP Inc.) R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [350312 2016-07-12] (Intel Corporation - pGFX -> Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [887784 2015-09-03] (IntelĀ® Trusted Connect Service -> Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_18_9\McApExe.exe [729320 2018-10-05] (McAfee, Inc. -> McAfee, Inc.) S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-01] (McAfee, Inc. -> McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.0.127.0\\McCSPServiceHost.exe [2159464 2018-06-29] (McAfee, Inc. -> McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [366960 2018-08-27] (McAfee, Inc. -> McAfee, LLC) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [590712 2018-08-27] (McAfee, Inc. -> McAfee, LLC) R3 mfevtp; C:\windows\system32\mfevtps.exe [499576 2018-08-27] (McAfee, Inc. -> McAfee, LLC) R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1690976 2018-09-25] (McAfee, Inc. -> McAfee, Inc.) R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1316024 2018-07-25] (McAfee, Inc. -> McAfee, Inc.) R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-03-23] (CyberLink Corp. -> CyberLink) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [314624 2016-08-15] (Realtek Semiconductor Corp -> Realtek Semiconductor) R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated -> Synaptics Incorporated) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\NisSrv.exe [3294680 2020-03-24] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2003.8-0\MsMpEng.exe [103168 2020-03-24] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [77120 2018-10-04] (McAfee, Inc. -> McAfee, LLC) R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2016-07-12] (Intel(R) Software -> Intel Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2016-07-12] (Intel(R) Software -> Intel Corporation) R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2016-07-12] (Intel(R) Software -> Intel Corporation) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [235784 2018-10-03] (McAfee, Inc. -> McAfee, Inc.) S3 iagpioe; C:\WINDOWS\System32\drivers\iagpioe.sys [41984 2015-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation) S3 iai2ce; C:\WINDOWS\System32\drivers\iai2ce.sys [90112 2015-07-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation) S3 iauarte; C:\WINDOWS\System32\drivers\iauarte.sys [112640 2015-06-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel(R) Corporation) R3 igfxLP; C:\WINDOWS\system32\DRIVERS\igdkmd64lp.sys [5744568 2016-07-12] (Intel Corporation - pGFX -> Intel Corporation) R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [508736 2018-10-04] (McAfee, Inc. -> McAfee, LLC) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [371520 2018-10-04] (McAfee, Inc. -> McAfee, LLC) S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85632 2018-10-04] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [515392 2018-10-04] (McAfee, Inc. -> McAfee, LLC) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [975168 2018-10-04] (McAfee, Inc. -> McAfee, LLC) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [560944 2018-10-02] (McAfee, Inc. -> McAfee LLC.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [108840 2018-10-02] (McAfee, Inc. -> McAfee LLC.) R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [117568 2018-10-04] (McAfee, Inc. -> McAfee, LLC) R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [253760 2018-10-04] (McAfee, Inc. -> McAfee, LLC) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-05] (Realtek Semiconductor Corp. -> Realtek ) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-12-21] (Realtek Semiconductor Corp. -> Realsil Semiconductor Corporation) R3 RTWlanE; C:\WINDOWS\system32\DRIVERS\rtwlane.sys [6804480 2017-05-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation ) S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] (Microsoft Windows -> ) R3 TXEIx64; C:\WINDOWS\System32\drivers\TXEIx64.sys [146200 2015-10-15] (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-03-24] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [391392 2020-03-24] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59104 2020-03-24] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP Inc. -> HP) U3 aspnet_state; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-03-28 14:29 - 2020-03-28 14:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2020-03-28 14:15 - 2020-03-28 14:23 - 000029695 _____ C:\Users\minij\Desktop\FRST.txt 2020-03-28 14:14 - 2020-03-28 14:14 - 000000000 ____D C:\Users\minij\Desktop\FRST-OlderVersion 2020-03-28 14:08 - 2020-03-28 14:08 - 002280448 _____ (Farbar) C:\Users\minij\Downloads\FRST64 (1).exe 2020-03-28 14:06 - 2020-03-28 14:06 - 002280448 _____ (Farbar) C:\Users\minij\Downloads\FRST64.exe ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-03-28 14:19 - 2019-04-07 15:12 - 000000000 ____D C:\FRST 2020-03-28 14:14 - 2019-04-07 15:11 - 002280448 _____ (Farbar) C:\Users\minij\Desktop\FRST64.exe 2020-03-28 14:07 - 2018-11-04 16:35 - 000000000 ____D C:\WINDOWS\AppReadiness 2020-03-28 14:06 - 2018-11-04 16:35 - 000000000 ___HD C:\Program Files\WindowsApps 2020-03-28 13:13 - 2018-11-04 19:21 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2020-03-28 13:13 - 2018-11-04 17:19 - 000000000 __SHD C:\Users\minij\IntelGraphicsProfiles 2020-03-24 21:43 - 2018-11-04 19:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2020-03-24 21:24 - 2018-11-23 00:43 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare) 2020-03-24 20:56 - 2019-01-14 11:32 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2020-03-24 20:27 - 2018-11-04 17:21 - 000000000 ____D C:\Users\minij\AppData\Local\Publishers 2020-03-24 20:13 - 2018-11-20 14:01 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2197453201-3331448601-2838413165-1001 2020-03-24 20:13 - 2018-11-20 13:48 - 000002374 _____ C:\Users\minij\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2020-03-24 20:13 - 2018-11-20 13:48 - 000000000 ___RD C:\Users\minij\OneDrive 2020-03-24 20:12 - 2018-11-04 19:52 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee 2020-03-24 20:11 - 2018-11-04 19:52 - 000004008 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA 2020-03-24 20:11 - 2018-11-04 19:52 - 000003776 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore 2020-03-24 20:11 - 2017-01-20 10:45 - 000000948 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2020-03-24 20:11 - 2017-01-20 10:45 - 000000944 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) LastRegBack: 2019-04-09 20:34 ==================== End of FRST.txt ========================