Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer is running very slowly [Solved]

Started by scotto62 , Oct 26 2020 05:57 PM

  • This topic is locked This topic is locked

#1
scotto62
Posted 26 October 2020 - 05:57 PM

scotto62

    Member

  • Member
  • PipPip
  • 43 posts

Hello,  my computer responds very slowly, takes forever to boot up or to open applications.  Frequently it seems to stall out and I have to reboot.  I don't get ads or other popups, just very slow response.  Any help would be appreciated.  Here are the results of my Farbar scan. Thanks!  Allan

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-10-2020
Ran by katch (administrator) on LAPTOP-0I4945HA (HP HP Pavilion Laptop 15-cc1xx) (26-10-2020 15:07:59)
Running from C:\Users\katch\OneDrive\Desktop
Loaded Profiles: katch
Platform: Windows 10 Home Version 2004 19041.508 (X64) Language: English (United States)
Default browser: Edge
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <30>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
(HP Inc. -> ) C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
(HP Inc. -> HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(HP Inc. -> HP) C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126950.inf_amd64_fa7f56314967630d\igfxCUIService.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126950.inf_amd64_fa7f56314967630d\igfxEM.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126950.inf_amd64_fa7f56314967630d\IntelCpHDCPSvc.exe
(Intel® pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki126950.inf_amd64_fa7f56314967630d\IntelCpHeciSvc.exe
(Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel® Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\mcafee\amcore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\mcafee\csp\3.8.106.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\mcafee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\mcafee\modulecore\ModuleCoreService.exe <2>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\mcafee\modulecore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\mcafee\VSCore_20_6\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.504_none_e781e76525fb2269\TiWorker.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
 
==================== Registry (Whitelisted) ===================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3657408 2017-06-05] (ELAN Microelectronics Corporation -> ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [709152 2018-03-22] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\Run: [Google Update] => C:\Users\katch\AppData\Local\Google\Update\1.3.36.32\GoogleUpdateCore.exe [219592 2020-10-15] (Google LLC -> Google LLC)
HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\Run: [EPSON13B4CC (Epson Stylus NX430)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [232448 2011-01-20] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\Run: [BlueJeans.Detector] => C:\Users\katch\AppData\Local\BlueJeans\BlueJeans.Detector.exe [204512 2020-05-14] (Blue Jeans Network, Inc. -> BlueJeans)
HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe [23924016 2020-10-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\katch\AppData\Local\Microsoft\Teams\Update.exe [2452152 2020-10-05] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\hpcpp165: C:\Windows\System32\spool\prtprocs\x64\hpcpp165.DLL [602912 2014-02-19] (Hewlett-Packard Company -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\EPSON NX430 Series 64MonitorBA: C:\WINDOWS\system32\E_ILMHBA.DLL [118784 2008-11-11] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\HP D711 Status Monitor: C:\WINDOWS\system32\hpinkstsD711LM.dll [393352 2017-03-27] (Hewlett Packard -> HP Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.111\Installer\chrmstp.exe [2020-10-26] (Google LLC -> Google LLC)
 
==================== Scheduled Tasks (Whitelisted) ============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C90A7D1-D36B-4C3C-90C2-F815A3A67099} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {0D62D10F-7EC6-4B1D-9652-EB5725BFCF14} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1153944 2020-10-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {0DDC46B3-8AF2-452A-BE5B-CA57870DFD69} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {0E006E32-393E-4A86-8587-CCF6F9052C9D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [345944 2020-09-18] (HP Inc. -> HP Inc.)
Task: {171B78B6-6A59-4A5F-B4F3-2A1E80290939} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - resources updates => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {1F7D8ED8-3A50-41B8-9AF4-232E940019AA} - System32\Tasks\HPJumpStartLaunch => C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe [459680 2017-09-12] (HP Inc. -> )
Task: {20B3EE89-1376-4654-B097-4AC3497F6646} - System32\Tasks\G2MUpdateTask-S-1-5-21-3042792064-3823080371-1606204181-1001 => C:\Users\katch\AppData\Local\GoToMeeting\18962\g2mupdate.exe [31320 2020-10-21] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {2134A028-45D2-4C99-977A-DA937F6AFC59} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4011448 2020-10-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {21ED05CF-B46C-4126-B0AB-CAC550676D91} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [1362464 2017-03-13] (HP Inc. -> HP Development Company, L.P.)
Task: {26118084-81C1-4770-8AF8-536708E050C6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22855048 2020-10-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {2E9465EC-F72F-4C76-834A-6F120D144B58} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\BingPopup\BingPopup.exe [524120 2020-10-01] (HP Inc. -> HP Inc.)
Task: {44333A51-A3BD-45BD-839A-FB0FDC280A43} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [135000 2020-06-22] (HP Inc. -> HP Inc.)
Task: {45D5063E-64C3-4DCF-A8BF-E1B944461726} - System32\Tasks\G2MUploadTask-S-1-5-21-3042792064-3823080371-1606204181-1001 => C:\Users\katch\AppData\Local\GoToMeeting\18962\g2mupload.exe [31320 2020-10-21] (LogMeIn, Inc. -> LogMeIn, Inc.)
"C:\Windows\System32\Tasks\McAfee\McAfee Idle Detection Task" was unlocked. <==== ATTENTION
Task: {4D98209C-E7AC-4F1B-BED6-7D81E614372A} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1090800 2020-08-14] (McAfee, LLC -> McAfee, LLC)
Task: {4F42D78D-A4C5-41BD-BF49-7B815A1CDB9D} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [4603200 2020-08-16] (McAfee, LLC -> McAfee, LLC)
Task: {50A37FED-CC69-4B67-8DAB-82E12EA06172} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {586B9482-E76B-4CCA-AFD0-F374720C22C7} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [764640 2020-06-09] (McAfee, LLC -> McAfee, LLC)
Task: {5DB0C8C0-87ED-48F7-A9A9-098511003709} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_TH69H4M0WH => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {73070996-E262-457D-BC91-93924750C533} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [4011448 2020-10-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {79414C52-2A62-4FF3-B61A-27114D7A467D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-14] (Google Inc -> Google Inc.)
Task: {89F9F7FD-7263-47BD-A2EA-F4F88FB6D104} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9269296 2018-10-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {8F47324B-9045-423D-A24C-CA70820DCC41} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3042792064-3823080371-1606204181-1001UA => C:\Users\katch\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2018-08-14] (Google Inc -> Google Inc.)
Task: {9BD8955D-816C-4F65-997F-8841B321318A} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644960 2017-02-02] (HP Inc. -> HP Inc.)
Task: {9D770850-4483-4DB2-819E-683137405025} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.4.160\DADUpdater.exe [4194672 2020-09-30] (McAfee, LLC -> McAfee, LLC) [File not signed]
Task: {9F36D411-289A-4DC6-A00E-E3B2158D3C51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-08-14] (Google Inc -> Google Inc.)
Task: {B1B197EE-3499-448A-84DC-C49488F85E13} - System32\Tasks\Agent Activation Runtime\S-1-5-21-3042792064-3823080371-1606204181-1001 => C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe [13312 2020-08-27] (Microsoft Windows -> )
Task: {B21C5274-A702-4FEE-A68F-2D2B9C6B18ED} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {B350364B-1170-4CEC-B5C7-897E27BD0410} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1090800 2020-08-14] (McAfee, LLC -> McAfee, LLC)
Task: {B946FB51-4CAC-44D3-9A81-77DB71E3F8AB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [117584 2020-10-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {C262F693-2B36-4682-B60F-8EEB563ABBAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [1506648 2020-08-20] (HP Inc. -> HP Inc.)
Task: {CA56D087-8811-4BD9-B9F4-9640043ACAB9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1136984 2020-09-17] (HP Inc. -> HP Inc.)
Task: {CDA2CC12-66F1-4223-955E-7D76BB99D2F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22855048 2020-10-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {E1C0E4B2-B70C-4006-8C17-A3E63FD1F936} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3042792064-3823080371-1606204181-1001Core => C:\Users\katch\AppData\Local\Google\Update\GoogleUpdate.exe [153168 2018-08-14] (Google Inc -> Google Inc.)
Task: {E2711EBC-DC8E-483B-929C-ED6D23FA0FF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {F057CA7C-762C-422A-8E9C-FFF6942A99F8} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [198696 2017-04-07] (HP Inc. -> HP Inc.)
Task: {F9B98F27-3CD7-4008-9E44-255D8218B97D} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [117584 2020-10-19] (Microsoft Corporation -> Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3042792064-3823080371-1606204181-1001.job => C:\Users\katch\AppData\Local\GoToMeeting\18962\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3042792064-3823080371-1606204181-1001.job => C:\Users\katch\AppData\Local\GoToMeeting\18962\g2mupload.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{42b1491e-4b69-4c25-96e7-3834f82d66cb}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{640734c7-7e2d-4b06-b1e7-2d4c498167b9}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d1560fb4-a8bb-4fc7-b6ad-41cf95a90466}: [DhcpNameServer] 40.23.1.11
 
Edge: 
======
DownloadDir: C:\Users\katch\Downloads
Edge DefaultProfile: Default
Edge Profile: C:\Users\katch\AppData\Local\Microsoft\Edge\User Data\Default [2020-10-14]
Edge DownloadDir: C:\Users\katch\Downloads
Edge HomePage: Default -> hxxp://google.com/
Edge StartupUrls: Default -> "hxxps://www.google.com/"
Edge Profile: C:\Users\katch\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2020-06-29]
 
FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSKHKLM => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2020-10-08] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-08-21] (McAfee, LLC -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-08-21] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3042792064-3823080371-1606204181-1001: LWAPlugin15.8 -> C:\Users\katch\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll [2013-03-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\katch\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll [2018-06-05]
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\katch\AppData\Local\Google\Chrome\User Data\Default [2020-10-26]
CHR Notifications: Default -> hxxps://icscallcenter.awsapps.com; hxxps://teams.microsoft.com; hxxps://www.facebook.com; hxxps://www.harryanddavid.com
CHR Extension: (Slides) - C:\Users\katch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-14]
CHR Extension: (Docs) - C:\Users\katch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-15]
CHR Extension: (Google Drive) - C:\Users\katch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-25]
CHR Extension: (YouTube) - C:\Users\katch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-15]
CHR Extension: (Sheets) - C:\Users\katch\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-14]
CHR Extension: (Google Docs Offline) - C:\Users\katch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-10-25]
CHR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\katch\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2020-05-07]
CHR Extension: (Cisco Webex Extension) - C:\Users\katch\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2020-07-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\katch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-12-20]
CHR Extension: (Gmail) - C:\Users\katch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-26]
CHR Extension: (Chrome Media Router) - C:\Users\katch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-14]
CHR Profile: C:\Users\katch\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-02-15]
CHR Profile: C:\Users\katch\AppData\Local\Google\Chrome\User Data\System Profile [2019-02-15]
 
==================== Services (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8945512 2020-10-08] (Microsoft Corporation -> Microsoft Corporation)
S3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1508656 2018-05-31] (McAfee, Inc. -> McAfee, Inc.)
S2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [1321096 2018-09-28] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [472576 2017-09-12] (HP Inc. -> HP Inc.)
R3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1077752 2016-09-28] (HP Inc. -> HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
S2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [628768 2017-07-13] (HP Inc. -> HP Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_6\McApExe.exe [768256 2020-09-11] (McAfee, LLC -> McAfee, LLC)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe [454560 2016-11-15] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.8.106.0\\McCSPServiceHost.exe [2726312 2020-08-13] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-06-02] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1745400 2020-08-14] (McAfee, LLC -> McAfee, LLC)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-15] (Hewlett-Packard) [File not signed]
S2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [4221040 2020-07-29] (McAfee, LLC -> McAfee, LLC)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-15] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.2-0\NisSrv.exe [2372048 2020-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 WildTangentHelper; C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe [1556328 2018-09-17] (WildTangent Inc -> )
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.2-0\MsMpEng.exe [128360 2020-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
 
===================== Drivers (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [75704 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [218960 2020-05-26] (McAfee, LLC -> McAfee, Inc.)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [529848 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [382392 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [85928 2020-06-09] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [521656 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [1006008 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [595896 2020-06-07] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107960 2020-06-07] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [116664 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252344 2020-06-09] (McAfee, Inc. -> McAfee, LLC)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-09-17] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [428264 2020-09-17] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69864 2020-09-17] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [35392 2020-06-08] (HP Inc. -> HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One month (created) ===================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-10-26 15:07 - 2020-10-26 15:09 - 000000000 ____D C:\FRST
2020-10-16 08:33 - 2020-10-16 10:07 - 000349384 _____ C:\WINDOWS\ntbtlog.txt
2020-10-16 08:33 - 2020-10-16 08:33 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2020-10-12 16:46 - 2020-10-12 16:48 - 000000000 ___RD C:\Users\katch\OneDrive\Documents\Scanned Documents
2020-10-05 20:33 - 2020-10-05 20:33 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
 
==================== One month (modified) ==================
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2020-10-26 14:46 - 2018-08-14 22:55 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-26 14:46 - 2018-08-14 22:55 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-10-26 14:46 - 2018-08-14 22:55 - 000002267 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-10-26 14:43 - 2019-12-07 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2020-10-26 14:43 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-10-26 14:42 - 2020-06-16 00:31 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-10-26 14:42 - 2020-06-16 00:31 - 000002266 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2020-10-26 14:42 - 2020-06-16 00:31 - 000002266 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2020-10-26 14:42 - 2019-12-07 02:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-10-26 14:38 - 2019-12-07 02:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-10-26 14:24 - 2018-06-05 20:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2020-10-26 14:23 - 2020-08-27 11:21 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-10-26 14:23 - 2020-08-27 11:21 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-10-26 14:22 - 2018-04-23 20:46 - 000000000 __SHD C:\Users\katch\IntelGraphicsProfiles
2020-10-26 14:20 - 2020-08-27 10:43 - 000000000 ____D C:\Users\katch
2020-10-26 14:16 - 2020-08-27 11:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-10-26 14:16 - 2020-08-27 10:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-10-26 14:16 - 2020-08-27 10:36 - 000008192 ___SH C:\DumpStack.log.tmp
2020-10-26 14:16 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\ServiceState
2020-10-25 10:15 - 2019-12-07 02:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2020-10-25 10:04 - 2020-08-27 11:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\McAfee
2020-10-25 09:49 - 2019-03-02 12:47 - 000000000 ____D C:\Users\katch\AppData\Local\D3DSCache
2020-10-25 09:44 - 2017-11-17 23:15 - 000000000 ____D C:\ProgramData\mcafee
2020-10-25 09:34 - 2020-08-27 10:37 - 000455080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-10-25 09:34 - 2019-12-07 02:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2020-10-25 09:33 - 2020-05-14 12:04 - 000000666 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3042792064-3823080371-1606204181-1001.job
2020-10-25 09:33 - 2020-05-14 12:04 - 000000570 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3042792064-3823080371-1606204181-1001.job
2020-10-25 09:28 - 2019-12-07 02:13 - 000000000 ____D C:\WINDOWS\INF
2020-10-25 09:20 - 2019-12-07 02:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2020-10-25 09:01 - 2017-07-01 02:23 - 000000000 ____D C:\SWSetup
2020-10-21 19:54 - 2017-07-01 02:01 - 000000000 ____D C:\Program Files (x86)\HP
2020-10-21 19:31 - 2020-08-27 11:21 - 000003836 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-3042792064-3823080371-1606204181-1001
2020-10-21 19:31 - 2020-08-27 11:21 - 000003740 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-3042792064-3823080371-1606204181-1001
2020-10-21 19:31 - 2020-05-14 12:04 - 000000000 ____D C:\Users\katch\AppData\Local\GoToMeeting
2020-10-21 19:07 - 2017-11-17 23:07 - 000000000 ____D C:\WINDOWS\HP
2020-10-19 07:23 - 2017-07-01 02:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2020-10-17 14:13 - 2020-08-27 11:21 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3042792064-3823080371-1606204181-1001
2020-10-17 14:13 - 2020-08-27 10:43 - 000002374 _____ C:\Users\katch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2020-10-17 14:13 - 2018-04-23 20:50 - 000000000 ___RD C:\Users\katch\OneDrive
2020-10-16 10:08 - 2020-09-07 10:56 - 000000000 ____D C:\Users\katch\AppData\Local\ElevatedDiagnostics
2020-10-15 23:54 - 2020-08-27 11:21 - 000003682 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3042792064-3823080371-1606204181-1001UA
2020-10-15 23:53 - 2020-08-27 11:21 - 000003414 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskUserS-1-5-21-3042792064-3823080371-1606204181-1001Core
2020-10-14 14:22 - 2020-08-27 11:21 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-14 14:22 - 2020-08-27 11:21 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-10-13 05:56 - 2017-11-17 23:15 - 000000000 ____D C:\Program Files (x86)\McAfee
2020-10-12 10:36 - 2020-08-27 11:21 - 000003710 _____ C:\WINDOWS\system32\Tasks\McAfee Remediation (Prepare)
2020-10-08 19:56 - 2017-11-17 23:15 - 000000000 ____D C:\Program Files\Common Files\mcafee
2020-10-08 19:54 - 2020-08-27 11:21 - 000003316 _____ C:\WINDOWS\system32\Tasks\McAfeeLogon
2020-10-06 05:35 - 2019-12-07 02:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2020-10-05 20:44 - 2019-10-11 00:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2020-10-05 12:51 - 2020-04-21 00:15 - 000002375 _____ C:\Users\katch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2020-10-05 12:10 - 2020-08-27 10:55 - 000936842 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-10-02 17:33 - 2019-12-07 02:18 - 000835472 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2020-10-02 17:33 - 2019-12-07 02:18 - 000179608 _____ (Adobe) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== SigCheck ============================
 
(There is no automatic fix for files that do not pass verification.)
 
==================== End of FRST.txt ========================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-10-2020
Ran by katch (26-10-2020 15:12:58)
Running from C:\Users\katch\OneDrive\Desktop
Windows 10 Home Version 2004 19041.508 (X64) (2020-08-27 18:23:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3042792064-3823080371-1606204181-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3042792064-3823080371-1606204181-503 - Limited - Disabled)
Guest (S-1-5-21-3042792064-3823080371-1606204181-501 - Limited - Disabled)
katch (S-1-5-21-3042792064-3823080371-1606204181-1001 - Administrator - Enabled) => C:\Users\katch
WDAGUtilityAccount (S-1-5-21-3042792064-3823080371-1606204181-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Enabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Enabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{F8F948EA-5AEA-4158-8821-A2F788ECE936}) (Version: 16.2.1 - Hewlett-Packard) Hidden
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Connect (HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\Adobe Connect App) (Version: 2020.1.5.32 - Adobe Systems Inc.)
BlueJeans (HKLM\...\{8DF7AE4E-E857-468A-89B6-9E9312F5E766}) (Version: 2.19.465 - BlueJeans Network, Inc.) Hidden
BlueJeans (HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\{ff3a625a-721c-4501-9db1-1f5d05a42063}) (Version: 2.20.294 - BlueJeans Network, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ChromecastApp (HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Cisco Webex Meetings (HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\ActiveTouchMeetingClient) (Version: 40.6.4 - Cisco Webex LLC)
ELAN Touchpad 18.2.13.1_X64_WHQL (HKLM\...\Elantech) (Version: 18.2.13.1 - ELAN Microelectronic Corp.)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.111 - Google LLC)
Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.31 - Google LLC) Hidden
GoTo Opener (HKLM-x32\...\{C0F33C38-345C-4C02-B161-11389350C2A5}) (Version: 1.0.533 - LogMeIn, Inc.)
GoToMeeting 10.14.0.18962 (HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\GoToMeeting) (Version: 10.14.0.18962 - LogMeIn, Inc.)
HP 3D DriveGuard (HKLM-x32\...\{8F183B2E-D21D-4070-8132-DD39C3CBFA5C}) (Version: 6.0.41.1 - HP)
HP Audio Switch (HKLM-x32\...\{BC852AA8-58F6-4F07-ACB1-7377E52CA4F3}) (Version: 1.0.150.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.15.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{AC154691-D9B6-4CD9-BB9B-ACDAF61367E5}) (Version: 2.22.1 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{54da9769-2364-4bd3-8139-6400500778b3}) (Version: 5.3.22034 - HP Inc.)
HP JumpStart Apps (HKLM-x32\...\HP JumpStart Apps) (Version: 7.0.32 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{EB0912FF-C311-4E0F-A6B1-420FDD3C295E}) (Version: 1.3.0.407 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{6A139049-EBB9-4076-8664-B468888E55A3}) (Version: 1.3.392.0 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{05F81C27-62A5-4A0C-8519-60CB66CF87C6}) (Version: 8.8.34.31 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{183BD477-774B-4700-B40B-EE43886E74D2}) (Version: 12.17.27.5 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{5D308D1F-E37B-431A-8D35-67D16287467D}) (Version: 1.4.28 - HP Inc.)
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.3.10203.4295 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1028 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 23.20.16.4973 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.0.1014 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{559FA847-377D-4926-80A3-ED9E014D363A}) (Version: 19.60.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R28 - McAfee, LLC)
Microsoft 365 Apps for enterprise - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.13231.20390 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 86.0.622.51 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.137.93 - )
Microsoft Lync Web App Plug-in (HKLM\...\{BE6D5464-0B1F-46CC-8973-F9651FE6A45A}) (Version: 15.8.8308.965 - Microsoft Corporation)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.13231.20390 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\OneDriveSetup.exe) (Version: 20.169.0823.0006 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\Teams) (Version: 1.3.00.24755 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.13231.20126 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.13231.20126 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.13231.20200 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.13231.20126 - Microsoft Corporation) Hidden
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.154 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.16.323.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8554 - Realtek Semiconductor Corp.)
Teams Machine-Wide Installer (HKLM-x32\...\{39AF0813-FA7B-4860-ADBE-93B9B214B914}) (Version: 1.3.0.4461 - Microsoft Corporation)
TurboTax 2018 (HKLM-x32\...\TurboTax 2018) (Version: 2018.0 - Intuit, Inc)
TurboTax 2019 (HKLM-x32\...\TurboTax 2019) (Version: 2019.0 - Intuit, Inc)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-4) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.1.1.9 - WildTangent)
WildTangent Helper (HKLM-x32\...\{A39303AB-4898-4F12-BAA0-0B8630F86DB4}) (Version: 1.0.0.272 - WildTangent) Hidden
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
Zoom (HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\ZoomUMX) (Version: 5.1 - Zoom Video Communications, Inc.)
 
Packages:
=========
Autodesk SketchBook -> C:\Program Files\WindowsApps\89006A2E.AutodeskSketchBook_5.1.0.0_x64__tf1gferkr813w [2019-11-07] (Autodesk Inc.)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.5.201.0_x64__rz1tebttyb220 [2020-09-24] (Dolby Laboratories)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_20.4.3.0_x64__xbfy0k16fey96 [2020-01-18] (Dropbox Inc.)
Fitbit -> C:\Program Files\WindowsApps\Fitbit.Fitbit_2.44.1997.0_x64__6mqt6hf9g46tw [2019-10-06] (Fitbit)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.3.407.0_x86__v10z8vjag6ke6 [2017-11-17] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_120.1.741.0_x64__v10z8vjag6ke6 [2020-10-12] (HP Inc.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_5.2.0.6_x86__h6adky7gbf63m [2020-10-21] (Gameloft SE)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-12] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.8101.0_x64__8wekyb3d8bbwe [2020-08-20] (Microsoft Studios) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.16.4002.0_x64__8wekyb3d8bbwe [2020-09-03] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2020-07-14] (Netflix, Inc.)
Plex -> C:\Program Files\WindowsApps\CAF9E577.Plex_3.2.20.0_x64__aam28m9va5cke [2018-04-23] (Plex)
Power Media Player 14 for HP Consumer PCs with DVD -> C:\Program Files\WindowsApps\CyberLinkCorp.hs.PowerMediaPlayer14forHPConsumerPC_14.2.9528.0_x86__06qsbagp91rvg [2019-01-25] (CYBERLINKCOM CORP)
Priceline.com: The Best Deals on Hotels, Flights and Rental Cars -> C:\Program Files\WindowsApps\PricelinePartnerNetwork.Priceline.comTheBestDealso_2.0.4.0_x64__mgae2k3ys4ra0 [2020-09-17] (Priceline Partner Network)
Smartfriend by HP Care -> C:\Program Files\WindowsApps\AD2F1837.SmartfriendbyHPCare_1.1.13.0_x64__v10z8vjag6ke6 [2018-04-23] (HP Inc.)
WildTangent Games -> C:\Program Files\WindowsApps\WildTangentGames.63435CFB65F55_2.0.82.0_x64__qt5r5pa5dyg8m [2019-12-29] (WildTangent Games)
Zoom Rooms -> C:\Program Files\WindowsApps\ZoomVideoCommunicationsIn.ZoomRooms_5.2.267.0_x86__r9fg4ykbbcwvc [2020-09-29] (Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3042792064-3823080371-1606204181-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\katch\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20240.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3042792064-3823080371-1606204181-1001_Classes\CLSID\{46406D82-6EC0-47CC-8A75-1F33C6DEDBBE}\InprocServer32 -> C:\Users\katch\AppData\Local\Google\Update\1.3.35.442\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3042792064-3823080371-1606204181-1001_Classes\CLSID\{540C17A8-04F2-4B66-95D7-B2FEF9A19B54}\InprocServer32 -> C:\Users\katch\AppData\Local\Google\Update\1.3.35.422\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3042792064-3823080371-1606204181-1001_Classes\CLSID\{62634D95-960B-4834-8E71-A70408AD8FD9}\InprocServer32 -> C:\Users\katch\AppData\Local\Google\Update\1.3.34.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3042792064-3823080371-1606204181-1001_Classes\CLSID\{6D264B70-DA18-401D-910C-B202D89670C6}\InprocServer32 -> C:\Users\katch\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3042792064-3823080371-1606204181-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\katch\AppData\Local\GoToMeeting\17956\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-3042792064-3823080371-1606204181-1001_Classes\CLSID\{84EB3779-151B-4C71-AEF0-A0FEE9481401}\InprocServer32 -> C:\Users\katch\AppData\Local\Google\Update\1.3.35.342\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3042792064-3823080371-1606204181-1001_Classes\CLSID\{85D8EE2F-794F-41F0-BB03-49D56A23BEF4}\InprocServer32 -> C:\Users\katch\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3042792064-3823080371-1606204181-1001_Classes\CLSID\{86508D42-E5D7-4D10-9C6F-D427AEEB85B5}\InprocServer32 -> C:\Users\katch\AppData\Local\Google\Update\1.3.34.11\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3042792064-3823080371-1606204181-1001_Classes\CLSID\{A804CF1A-91E5-4F0C-9E8C-DB39E74056DD}\InprocServer32 -> C:\Users\katch\AppData\Local\Google\Update\1.3.33.23\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3042792064-3823080371-1606204181-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\katch\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20240.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3042792064-3823080371-1606204181-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\katch\AppData\Local\Google\Update\1.3.36.32\psuser_64.dll (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3042792064-3823080371-1606204181-1001_Classes\CLSID\{E9E7529D-7F09-410B-AF2A-CC154473B19C}\InprocServer32 -> C:\Users\katch\AppData\Local\Google\Update\1.3.35.452\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3042792064-3823080371-1606204181-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\katch\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3042792064-3823080371-1606204181-1001_Classes\CLSID\{EF076C91-DC9E-43E3-84ED-3D219E065A4F}\InprocServer32 -> C:\Users\katch\AppData\Local\Google\Update\1.3.35.301\psuser_64.dll => No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki126950.inf_amd64_fa7f56314967630d\igfxDTCM.dll [2018-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2020-10-16 10:34 - 2020-10-16 10:34 - 000160256 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\1ff3450085cc7f4a620750812f41f4f2\BRIDGECommon.ni.dll
2020-10-16 10:37 - 2020-10-16 10:37 - 000120832 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\3c2a50356ef4b223b20361c6100c7f91\BridgeExtension.ni.dll
2020-10-16 10:37 - 2020-10-16 10:37 - 000370688 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CleanStartController\f15657bef6e7c177f2bced3da7647cb6\CleanStartController.ni.dll
2020-10-16 10:37 - 2020-10-16 10:37 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\1e99dc3200d7d7a2c2342c2d61b558c7\Interop.IWshRuntimeLibrary.ni.dll
2020-10-16 10:37 - 2020-10-16 10:37 - 000134656 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\db5005138cb996d33c3f3ef169ead9c8\Hardcodet.Wpf.TaskbarNotification.ni.dll
2013-11-15 00:47 - 2013-11-15 00:47 - 000050688 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2013-11-15 00:47 - 2013-11-15 00:47 - 000066048 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2020-05-06 11:56 - 2019-02-21 09:00 - 000078336 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2020-10-16 10:37 - 2020-10-16 10:37 - 001585664 _____ (Mark Heath) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\26c5994f7f6c039c3c9b4d155c87741e\NAudio.ni.dll
2020-10-16 10:34 - 2020-10-16 10:34 - 002306560 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\2637cd6f5d9683e8fe5dcffbd939cff7\Newtonsoft.Json.ni.dll
2020-10-16 10:37 - 2020-10-16 10:37 - 000792064 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\6951c36ad6edd08d370e0d8a50629525\log4net.ni.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer (Whitelisted) ==========
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp17win10.msn.com/?pc=HCTE
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
SearchScopes: HKLM -> {265293AB-6346-4B50-98EC-2D08B6366BDF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {265293AB-6346-4B50-98EC-2D08B6366BDF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3042792064-3823080371-1606204181-1001 -> {265293AB-6346-4B50-98EC-2D08B6366BDF} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2017-10-27] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2017-10-27] (HP Inc. -> HP Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-10-05] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-08-21] (McAfee, LLC -> McAfee, LLC)
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\sharepoint.com -> hxxps://cawaterboards-files.sharepoint.com
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-18 14:03 - 2017-03-18 14:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL;C:\Program Files\Intel\Intel® Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT;C:\Program Files\Intel\Intel® Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\
HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\Control Panel\Desktop\\Wallpaper -> C:\windows\web\wallpaper\HP Backgrounds\backgroundDefault.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(If an entry is included in the fixlist, it will be removed.)
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run32: => "HPMessageService"
HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\StartupApproved\Run: => "BlueJeans.Detector"
HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-3042792064-3823080371-1606204181-1001\...\StartupApproved\Run: => "Lync"
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [UDP Query User{5FD6D010-08FF-46CF-80F0-D17FA16F3491}C:\users\katch\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\katch\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{BC007109-0139-4620-A340-A482DE9A1833}C:\users\katch\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\katch\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{69E881BC-519B-4DC4-929D-9A05F176E37E}] => (Allow) C:\Users\katch\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{9BB4009A-4C46-4E05-82EC-CF50C1D15C5D}] => (Allow) C:\Users\katch\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{A9DC686C-2625-405B-84D5-F92BC9ECFA51}C:\users\katch\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\katch\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe => No File
FirewallRules: [TCP Query User{4ECF1266-C63E-4DC8-8BF9-D1E84D853F93}C:\users\katch\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\katch\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe => No File
FirewallRules: [UDP Query User{560D4CD8-4502-4A05-AD4B-9066731DEEF4}C:\users\katch\appdata\local\bluejeans\current\bluejeans.exe] => (Allow) C:\users\katch\appdata\local\bluejeans\current\bluejeans.exe (Blue Jeans Network, Inc. -> BlueJeans)
FirewallRules: [TCP Query User{FDCD02EB-7C2B-4A21-BC76-6FC269A8F324}C:\users\katch\appdata\local\bluejeans\current\bluejeans.exe] => (Allow) C:\users\katch\appdata\local\bluejeans\current\bluejeans.exe (Blue Jeans Network, Inc. -> BlueJeans)
FirewallRules: [{E15563CA-BD8C-4294-87C0-9803A6B8686E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{92821AA7-BB51-4BE5-9524-BC9A8C4D9584}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C1DA3247-19F7-4398-BE38-A3D075837510}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B26A941E-55C8-46DE-BBDA-F915D501BC76}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AD273DE4-1A13-4087-BAF0-AFDB02F35382}] => (Allow) C:\Users\katch\AppData\Local\Temp\7zS21D1\HP.EasyStart.exe => No File
FirewallRules: [{86D93D59-C069-43A4-AF53-BFFE89F5D024}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{A82FEB7B-A0DA-45E7-9080-504104933DC3}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{87511421-4986-46AC-A70C-40DF0F42844C}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{71F77930-8484-4F0E-955C-B68190274D5D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9FF961C5-92CE-4ACF-9835-74C93543BF1D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3A08A32E-A84B-43A2-A468-05A295CF11AE}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CB4074AC-5AFC-47C0-9726-F8E5514BD1CF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4BB729A6-1E43-4B66-88E7-5D57B9797181}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [{3DB32705-565D-4E46-B255-B1A50DF8397E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{52B3CA2B-012E-4881-904A-61CA6627A18E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{36F7B003-0178-44B6-BFA3-2B4E7CAAB727}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{D7C8430D-B2DD-471D-BDC4-270839803484}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{7A9D61DC-39A2-4852-B91A-ED29885EA626}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{F30191F4-A809-4484-894F-97DDC80E43F5}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{E47A52B5-6DE7-460C-8D15-7FB3BA6F1AF7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5CE8FCF5-CCC3-412D-888A-E3C80B102F8E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{78EAF13E-E707-42AF-81AA-F47F4EFBD7D2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BA0DC62D-69C0-45BD-9E72-DD96D159DC12}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C801A006-55F7-4367-83BC-8AD842531253}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.65.78.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{6778D059-DE68-4105-BFA4-0300811116AF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
 
==================== Restore Points =========================
 
15-10-2020 11:44:17 Windows Modules Installer
19-10-2020 07:20:14 Windows Modules Installer
25-10-2020 09:58:30 Windows Modules Installer
26-10-2020 14:38:45 Windows Modules Installer
 
==================== Faulty Device Manager Devices ============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (10/26/2020 03:00:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wuauclt.exe, version: 10.0.19041.508, time stamp: 0x5c5723e6
Faulting module name: ntdll.dll, version: 10.0.19041.488, time stamp: 0x70e69bad
Exception code: 0xc0000005
Fault offset: 0x0000000000045e16
Faulting process id: 0x13ec
Faulting application start time: 0x01d6abe05aaf7155
Faulting application path: C:\WINDOWS\system32\wuauclt.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 43ff8cbb-0dfd-4141-99f7-d965ec5d3528
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/26/2020 02:45:28 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
 
Error: (10/26/2020 02:29:11 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Program Files\mcafee\CoreUI\CoreUI.pam for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program McAfee CoreUI Launcher because of this error.
 
Program: McAfee CoreUI Launcher
File: C:\Program Files\mcafee\CoreUI\CoreUI.pam
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C000009C
Disk type: 3
 
Error: (10/26/2020 02:29:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Launch.exe, version: 18.8.118.0, time stamp: 0x5f3d842a
Faulting module name: bcryptPrimitives.dll, version: 10.0.19041.264, time stamp: 0x90efa57f
Exception code: 0xc0000006
Fault offset: 0x00000000000199d3
Faulting process id: 0x33a4
Faulting application start time: 0x01d6abdef81b44af
Faulting application path: C:\Program Files\McAfee\CoreUI\Launch.exe
Faulting module path: C:\WINDOWS\System32\bcryptPrimitives.dll
Report Id: c18ee6f0-41a2-4b54-a2b4-ee76e3741fb3
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (10/26/2020 02:28:33 PM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Security Center failed to validate caller with error %1.
 
Error: (10/26/2020 02:17:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname LAPTOP-0I4945HA.local already in use; will try LAPTOP-0I4945HA-2.local instead
 
Error: (10/26/2020 02:17:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 LAPTOP-0I4945HA.local. Addr 192.168.1.68
 
Error: (10/26/2020 02:17:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.1.68:5353   16 LAPTOP-0I4945HA.local. AAAA 2602:0306:3110:3C20:5CF8:BB61:7C8B:0844
 
 
System errors:
=============
Error: (10/26/2020 03:09:00 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (10/26/2020 03:08:56 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (10/26/2020 03:08:52 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (10/26/2020 03:08:48 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (10/26/2020 03:01:35 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (10/26/2020 03:01:31 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (10/26/2020 03:01:27 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (10/26/2020 03:01:23 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
 
Windows Defender:
===================================
Date: 2020-10-04 18:19:31.9160000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {A0AE47A7-91BD-4D3D-97DB-7A657D39222A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-09-29 18:37:52.0010000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {7C16B617-08AB-4341-9705-15F55E04CB13}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-09-25 13:44:16.6010000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {E6A9633B-8F0A-45AB-9521-EC63D811B25E}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-09-24 19:45:53.8540000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {CD2163C6-CC84-4E12-986B-955ED957DB5A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2020-09-24 19:35:44.0990000Z
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan ID: {BA6D8F7A-2152-46A3-AA7B-CEA66A8912E2}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
CodeIntegrity:
===================================
 
Date: 2020-10-26 14:45:28.5680000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.
 
Date: 2020-10-26 14:45:28.5580000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.
 
Date: 2020-10-26 14:45:28.4780000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.
 
Date: 2020-10-26 14:45:28.4680000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Windows signing level requirements.
 
Date: 2020-10-26 14:30:39.7550000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-10-26 14:30:39.7320000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-10-26 14:30:39.7130000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
 
Date: 2020-10-26 14:30:39.6930000Z
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\mcafee\MfeAV\AMSIExt.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
BIOS: Insyde F.22 08/25/2017
Motherboard: HP 83F8
Processor: Intel® Core™ i5-8250U CPU @ 1.60GHz
Percentage of memory in use: 46%
Total physical RAM: 12174.22 MB
Available physical RAM: 6452.86 MB
Total Virtual: 14030.22 MB
Available Virtual: 8376.3 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:915.54 GB) (Free:775.67 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:14.74 GB) (Free:1.76 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (SCULPTED_BUNS_THIGHS) (CDROM) (Total:1.51 GB) (Free:0 GB) UDF
 
\\?\Volume{c45ccb48-9fd5-454f-8629-0f5ee11e5520}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.45 GB) NTFS
\\?\Volume{1679a829-c224-432f-8a56-18d9bc9adccf}\ () (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 540EA267)
 
Partition: GPT.
 
==================== End of Addition.txt =======================
 

  • 0

Advertisements

#2
DR M
Posted 27 October 2020 - 10:27 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts
Hi, scotto62.

Welcome to Geeks to Go Forums. :)

I will be assisting you with your computer's issues. I am still in training and my fixes have to be approved by my instructor, so there may be a slight delay in my replies. Look at it as a good thing though, since you will have two people looking at your problem.

Please, adhere to the guidelines below, and then carefully follow, with the same order, all the instructions after:

1. Always ask before act! Do not continue if you are not sure, or if something unexpected happens!

2. Do not run any tools unless instructed to do so. Also, do not uninstall or install any software during the procedure, unless I ask you to do so.

3. Please, copy all the content of the required logs and paste it inside your post. Do not attach any log or other file, unless directed otherwise.

4. If your computer seems to start working normally, please don't abandon the topic. Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.

5. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs. I will be with you, as far as I can.

========================================================

I am currently reviewing your logs and will be back to you as soon as I can.
  • 0

#3
scotto62
Posted 27 October 2020 - 01:52 PM

scotto62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Thanks, looking forward to hearing from you.


  • 0

#4
DR M
Posted 28 October 2020 - 07:43 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts
Hi, scotto62.

Apologies for the delay.
 
There is evidence that the computer's issues have to do with a possible hard disk issue. I recommend you to back up your documents first, and then proceed with the following:

Check disk
  • Click on the Start button and in the search box, type Command Prompt.
  • When you see Command Prompt on the list, right-click on it and select Run as administrator.
  • Enter the command below and press on Enter and wait for it to finish (~15 minutes).
    chkdsk C: /r
  • You will receive a message that the operation cannot be performed while the system is in use and ask if you want to check when you restart your computer. Choose Yes, and then restart the computer, allowing disk check to run at startup.
  • The process will take some time, depending on the disk condition.
  • Download ListChkdskResult by SleepyDude and save it on your Desktop.
  • Double click on the created icon.
  • A notepad file will open. Copy its content and paste it in your next reply.

  • 0

#5
DR M
Posted 31 October 2020 - 03:40 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hello, scotto62.

 

Do you still need assistance?


  • 0

#6
scotto62
Posted 02 November 2020 - 11:24 AM

scotto62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Hi, I'm working on it today and will get back to you.

 

Thanks!

Allan


  • 0

#7
scotto62
Posted 03 November 2020 - 12:41 PM

scotto62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

So, I couldn't run chkdsk directly.  I ran it as admin and it couldn't lock the disk. It asked if I should do it on reboot and I said yes.  It ran through for about 4 hrs. 

 

This morning I logged back in and downloaded and ran LstChkDskResult and it came back empty:

 

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
 
------< Log generate on 11/3/2020 9:14:53 AM >------
No Events found for Winlogon, Chkdsk or Wininit!
 
Things seem to be running much better.  Are there additional steps that I should take?
 
Thanks,
 
Allan

  • 0

#8
DR M
Posted 03 November 2020 - 09:52 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts
Hi, Allan.

Just to be sure, make a hard disk check with the GSmartControl:

Download GSmartControl and save it to your desktop.
  • Double-click gsmartcontrol-(version).exe to run the tool.
  • A list of hard drives will appear. Single-click each disk to see Drive Information and identify your drive
    Note: most machines will only have one or two entries, but an easy way to identify your drive is by its size.
  • Double-click on the hard drive to see detailed Device Information
  • Click on the Attributes tab. Do you see any red or pink entries like the ones in the image below? Please list the names in your next reply if there are any, or take a screenshot and attach it.
  • Click on the Perform Tests tab
  • Select Extended Self-Test and click Execute
    Note: this test can take several hours to run
  • Allow the test to complete. The results will be displayed at the bottom
  • Please post the scan results in your next reply
info_failing.png

 
  • 0

#9
scotto62
Posted 04 November 2020 - 10:52 AM

scotto62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

I attached the output of the 2 steps:  GSmart Attributes and GSmart Extended Self Test.  The Self Test didn't complete because of an error.

 

Thanks,

 

Allan 

Attached Thumbnails

  • GSmartExtendedSelfTest.png
  • GSmartAttributes.png

  • 0

#10
DR M
Posted 05 November 2020 - 10:55 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts
Hi, scotto.
 
It seems that your hard disk needs a replacement. This is what causes issues regarding your computer's performance. That's why I recommended you from the beginning to backup all your files. If you didn't do that, please do it as soon as possible. No one can say when the disk will "die", in a few days, a month or more, but for sure you can't take a risk.
 
This is the disk you have now: https://www.amazon.c...6/dp/B008YDNARU
 
Here there is another one with better standards: https://www.amazon.c...get_feature_div
 
You can order a disk or buy one from a computer store. It's up to you. My advice, is to do this soon.
 
Do you have any questions?
  • 0

#11
scotto62
Posted 07 November 2020 - 10:46 AM

scotto62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Thanks for the help and support.  One question:  If I replace the hard disk can you point me to a guide to actually replace it?  Since the OS is on the failing drive, I'll need to have a way to transition to the new one.

 

Thanks again!

 

Allan 


  • 0

#12
DR M
Posted 08 November 2020 - 11:14 AM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts

Hi, Allan.

As I can see in the logs, your computer is HP Pavilion laptop 15-cc1xx. I have searched in the internet but didn't find a tutorial about the exact HP model. The link I provide below is about HP Pavilion 15 series. You can watch it and perhaps there are similarities. Of course, if you don't feel comfortable with the replacement, you can always ask for help from a technician. Also, consider to seek for help in the Hardware Forum at Geeks to Go: http://www.geekstogo...nd-peripherals/



These are the steps we usually take when a hard disk replacement is needed:

1. Back up all your documents in an external disk. You may find this article useful. Make sure you have all the license keys for programs you bought.

2. Follow the instructions here to create a bootable media (usb stick) with the Windows 10 operating system: How to create Windows 10 UEFI boot media using Media Creation Tool

3. Replace the hard disk.

4. Insert the usb stick in the computer and turn it on. Follow the instructions to install Windows 10.

You may need these instructions so the computer will boot from the usb stick.

5. Transfer your files in the computer, install your programs etc.


  • 0

#13
scotto62
Posted 09 November 2020 - 02:49 PM

scotto62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts

Thank you very much for the detailed instructions!  I appreciate all your help with the disk issue.

 

Have a great day!

 

Allan


  • 0

#14
DR M
Posted 09 November 2020 - 02:56 PM

DR M

    The Grecian Geek

  • Malware Removal
  • 4,096 posts
You are welcome, Alan.

I am glad I was able to help you. :)

Have a great day too.
  • 0

#15
iMacg3
Posted 09 November 2020 - 09:03 PM

iMacg3

    GeekU PowerPC G3

  • GeekU Moderator
  • 1,921 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP