Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Defender and McAfee will not Update

Started by Tipper , Jan 08 2021 07:48 PM
Update/Windows Vista/McAfee

  • Please log in to reply

#1
Tipper
Posted 08 January 2021 - 07:48 PM

Tipper

    Member

  • Member
  • PipPip
  • 21 posts

Hi,

I've been having issues with Windows Defender and McAfee not updating.

 

Windows Defender update issue started a month or so before the McAfee issue of not updating began. I ran command prompt sfc/scannow and 'Windows Resourse Protections did not find integrity violations'.

I have Windows Vista 32 bit operating system. I also ran FRST.exe and these are the results.

 

 

FRST.exe.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17.01.2018 01
Ran by Tipper (administrator) on TIPPER-PC (08-01-2021 19:45:24)
Running from C:\Users\Tipper\Downloads
Loaded Profiles: Tipper (Available Profiles: Tipper & Chris & Boyz & Mcx1)
Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) Language: English (United States)
Internet Explorer Version 9 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Dropbox, Inc.) C:\WINDOWS\System32\DbxSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(McAfee, Inc.) C:\WINDOWS\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Conexant Systems, Inc.) C:\WINDOWS\System32\drivers\XAudio.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\WINDOWS\System32\wpcumi.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(ScanSoft, Inc.) C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Hewlett-Packard Company) C:\hp\support\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files\Dropbox\Client\Dropbox.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Hewlett-Packard Company) C:\hp\KBD\kbd.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\WINDOWS\System32\wuauclt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80\opera_crashreporter.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe
(Opera Software) C:\Program Files\Opera\36.0.2130.80\opera.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [176128 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [5369856 2008-03-26] (Realtek Semiconductor)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM\...\Run: [PaperPort PTD] => C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [57393 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [KBD] => C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] ()
HKLM\...\Run: [IndexSearch] => C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [40960 2005-03-17] (ScanSoft, Inc.)
HKLM\...\Run: [hpsysdrv] => c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [HP Health Check Scheduler] => [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [65536 2006-07-19] (Brother Industries, Ltd.)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [622592 2007-02-06] (Brother Industries, Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-17] (Adobe Systems Incorporated)
HKLM\...\Run: [Dropbox] => C:\Program Files\Dropbox\Client\Dropbox.exe [3643712 2018-05-14] (Dropbox, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [562688 2015-02-11] (McAfee, Inc.)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [HPAdvisor] => C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Run: [L08AXLRD_45457240] => C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE [351000 2007-05-21] (Microsoft Corporation)
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
Startup: C:\Users\Tipper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk [2021-01-08]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1050 J410 series.lnk -> C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Tipper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-05-29]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Boyz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2011-06-26]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-05-13]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3938486149-3048756490-4017228027-1003\User: Restriction <==== ATTENTION
GroupPolicyUsers\S-1-5-21-3938486149-3048756490-4017228027-1001\User: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2328FD5C-20DF-441B-BA4C-12384E9C94FB}: [DhcpNameServer] 192.168.2.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=83&bd=Pavilion&pf=cndt
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?lang=en-ca&OCID=iehp
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp-consumer.my.aol.ca/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {380854A7-BB12-4473-A1C0-F6272ABD0A35} URL = hxxp://www.ask.com/web?q={searchTerms}&l=dis&o=cahpd
SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> DefaultScope {2CD89589-7B83-4AC9-B00C-F73BDD29665A} URL = hxxps://ca.search.yahoo.com/search?fr=mcafee&type=B011CA0D20200308&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> {2CD89589-7B83-4AC9-B00C-F73BDD29665A} URL = hxxps://ca.search.yahoo.com/search?fr=mcafee&type=B011CA0D20200308&p={searchTerms}
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Toolbar: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000 -> No Name - {093F479D-712E-46CD-9E06-62E734A05F68} -  No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll [2011-06-28] (Logitech Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll [2007-06-07] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-03-03] (McAfee, Inc.)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-04-20] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\[email protected] => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2020-03-08] [Legacy]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2020-03-08] [Legacy] [not signed]
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1231201.dll [2017-11-02] (Adobe Systems, Inc.)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-03-03] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2011-05-26] ()
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll [2011-02-21] (RocketLife, LLP)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-04-23] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3938486149-3048756490-4017228027-1000: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\Users\Tipper\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll [2011-03-12] (RocketLife, LLP)
 
Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2020-03-08]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-12-08] (Adobe) [File not signed]
S2 dbupdate; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-28] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-28] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [43344 2018-05-14] (Dropbox, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-03-14] (Hewlett-Packard) [File not signed]
R2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-03-17] (Hewlett-Packard Company) [File not signed]
R2 McAfee SiteAdvisor Service; c:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2016-02-12] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [690408 2015-03-03] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [476680 2015-02-27] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [334576 2015-02-24] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [238288 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-02-11] (McAfee, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61848 2015-02-17] (McAfee, Inc.)
S3 CoachUsb; C:\Windows\System32\DRIVERS\CoachUsb.sys [41184 2003-06-26] (Accapella Ltd.)
S3 CoachVc; C:\Windows\System32\DRIVERS\CoachVc.sys [45664 2003-06-26] (Accapella Ltd.) [File not signed]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
R3 LVUSBSta; C:\Windows\System32\drivers\LVUSBSta.sys [41752 2007-10-11] (Logitech Inc.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [67800 2015-02-28] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [304928 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [260248 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [82800 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371648 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [380496 2015-01-15] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80760 2015-01-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217584 2015-02-17] (McAfee, Inc.)
R3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [495768 2009-04-30] (Logitech Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-01-08 19:45 - 2021-01-08 19:45 - 000018210 _____ C:\Users\Tipper\Downloads\FRST.txt
2021-01-02 03:48 - 2021-01-02 03:48 - 000145104 _____ C:\Windows\Minidump\Mini010221-01.dmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2021-01-08 19:45 - 2018-01-11 02:09 - 000000000 ____D C:\FRST
2021-01-08 19:40 - 2006-11-02 07:47 - 000005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2021-01-08 19:40 - 2006-11-02 07:47 - 000005184 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2021-01-08 19:06 - 2016-10-28 16:22 - 000000894 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2021-01-08 18:33 - 2020-03-08 05:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-01-08 18:28 - 2006-11-02 05:33 - 000006580 _____ C:\Windows\system32\PerfStringBackup.INI
2021-01-08 18:27 - 2019-01-10 18:21 - 000000000 __RSD C:\Users\Tipper\Documents\McAfee Vaults
2021-01-08 18:24 - 2019-02-13 19:55 - 000000892 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore1d4c3fff0366b20.job
2021-01-08 18:23 - 2020-03-08 05:18 - 000000000 ____D C:\Program Files\McAfee
2021-01-08 18:23 - 2006-11-02 08:01 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-01-08 18:21 - 2006-11-02 08:01 - 000032526 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2021-01-02 03:48 - 2011-07-09 00:25 - 000000000 ____D C:\Windows\Minidump
2021-01-02 03:47 - 2019-10-18 18:25 - 306827898 _____ C:\Windows\MEMORY.DMP
2020-12-18 14:51 - 2012-01-17 16:49 - 000074240 _____ C:\Users\Tipper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2020-12-12 11:45 - 2019-01-10 23:18 - 000000000 __RSD C:\Users\Boyz\Documents\McAfee Vaults
 
==================== Files in the root of some directories =======
 
2011-06-01 12:07 - 2015-12-22 05:35 - 000044759 _____ () C:\Users\Tipper\AppData\Roaming\Rim.Desktop.Exception.log
2011-06-01 12:06 - 2011-08-16 15:03 - 000003392 _____ () C:\Users\Arlie\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2011-08-16 15:27 - 2015-12-22 05:35 - 000002849 _____ () C:\Users\Arlie\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-03-25 16:13 - 2014-03-25 16:13 - 000000045 _____ () C:\Users\Tipper\AppData\Roaming\WB.CFG
2011-05-18 14:19 - 2011-05-18 14:19 - 000000000 _____ () C:\Users\Tipper\AppData\Roaming\wklnhst.dat
2012-11-01 06:46 - 2016-11-02 05:56 - 000001356 _____ () C:\Users\Tipper\AppData\Local\d3d9caps.dat
2012-01-17 16:49 - 2020-12-18 14:51 - 000074240 _____ () C:\Users\Tipper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-10-23 03:26 - 2012-10-23 03:26 - 000017408 _____ () C:\Users\Tipper\AppData\Local\WebpageIcons.db
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2021-01-08 18:29
 
==================== End of FRST.txt ============================
 
 
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17.01.2018 01
Ran by Tipper (08-01-2021 19:46:07)
Running from C:\Users\Tipper\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) (2011-04-20 16:49:56)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3938486149-3048756490-4017228027-500 - Administrator - Disabled)
Tipper (S-1-5-21-3938486149-3048756490-4017228027-1000 - Administrator - Enabled) => C:\Users\Arlie
Boyz (S-1-5-21-3938486149-3048756490-4017228027-1003 - Limited - Enabled) => C:\Users\Boyz
Chris (S-1-5-21-3938486149-3048756490-4017228027-1001 - Limited - Enabled) => C:\Users\Chris
Guest (S-1-5-21-3938486149-3048756490-4017228027-501 - Limited - Enabled)
Mcx1 (S-1-5-21-3938486149-3048756490-4017228027-1004 - Administrator - Enabled) => C:\Users\Mcx1
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Out of date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Out of date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should 
 
be uninstalled manually.)
 
ActiveCheck component for HP Active Support Library (HKLM\...\{254C37AA-6B72-4300-84F6-98A82419187E}) (Version: 
 
3.0.0.2 - Hewlett-Packard) Hidden
Adobe Flash Player 32 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 32.0.0.465 - Adobe)
Adobe Reader XI (11.0.23) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems 
 
Incorporated)
Adobe Shockwave Player 12.3 (HKLM\...\Adobe Shockwave Player) (Version: 12.3.1.201 - Adobe Systems, Inc.)
BlackBerry Desktop Software 6.1 (HKLM\...\{75157F34-02C6-4831-BD66-3BC49E7A8394}) (Version: 6.1.0.35 - Research In 
 
Motion Ltd.) Hidden
BlackBerry Desktop Software 6.1 (HKLM\...\BlackBerry_Desktop) (Version: 6.1.0.35 - Research In Motion Ltd.)
Brother MFL-Pro Suite (HKLM\...\{9A912C12-A7DA-44D7-BD57-5CA85E2F33E1}) (Version: 1.00 - Brother Industries, Ltd.)
CyberLink DVD Suite Deluxe (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.5.1329 - CyberLink Corp.)
CyberLink PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 6.5.2726 - 
 
CyberLink Corp.)
Digital Camera (2320) (HKLM\...\Digital Camera (2320)) (Version:  - )
Dropbox (HKLM\...\Dropbox) (Version: 49.4.69 - Dropbox, Inc.)
Dropbox Update Helper (HKLM\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.241.1 - Dropbox, Inc.) Hidden
Enhanced Multimedia Keyboard Solution (HKLM\...\KBD) (Version:  - Hewlett-Packard)
H.264 Player version 2.4 (HKLM\...\{FC7E8DA6-5C97-407A-B11F-E3DDA6BCC878}_is1) (Version: 2.4 - )
Hardware Diagnostic Tools (HKLM\...\PC-Doctor 5 for Windows) (Version: 5.1.4748.24 - PC-Doctor, Inc.)
HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{C111B73A-93EA-4A12-80E2-0460F11D431F}) (Version: 
 
28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett 
 
Packard)
HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{5E83AB6E-2284-4468-BF97-A451904F186C}) (Version: 
 
28.0.1313.0 - Hewlett-Packard Co.)
HP Photo Creations (HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\...\HP Photo Creations) (Version: 1.0.0.17712 
 
- HP)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAsset component for HP Active Support Library (HKLM\...\{669D4A35-146B-4314-89F1-1AC3D7B88367}) (Version: 3.0.1.0 - 
 
Hewlett-Packard) Hidden
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
LabelPrint (HKLM\...\{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.2.2529 - CyberLink Corp.)
Learning Essentials for Microsoft Office (HKLM\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)
LightScribe System Software  1.12.37.1 (HKLM\...\{004C5DA2-2051-4D25-94BA-51CF810C91EB}) (Version: 1.12.37.1 - 
 
LightScribe)
LightScribeTemplateLabeler (HKLM\...\{305D4B08-5807-4475-B1C8-D54685534864}) (Version: 1.10.23.1 - LightScribe)
Logitech Desktop Messenger (HKLM\...\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}) (Version: 2.52.18 - Logitech, Inc.)
Logitech Legacy USB Camera Driver Package (HKLM\...\legacyqcam_11.10) (Version:  - )
Logitech Vid HD (HKLM\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}) (Version: 12.10.1113 - Logitech Inc.)
Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.)
McAfee SecurityCenter (HKLM\...\MSC) (Version: 14.0.339 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.290 - McAfee, Inc.)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - 
 
Microsoft Corporation)
Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-
 
8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - 
 
Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 60 day trial (HKLM\...\OfficeTrial) (Version:  - )
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 
 
12.0.6612.1000 - Microsoft Corporation)
Microsoft Student 2007 for Learning Essentials (HKLM\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-
 
563673334DFE}) (Version:  - )
Microsoft Student with Encarta Premium 2008 (HKLM\...\{08041881-FCA5-44A7-B863-D66037A16AAF}) (Version: 2008 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) 
 
(Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) 
 
(Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 
 
9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) 
 
(Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) 
 
(Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
muvee autoProducer 6.1 (HKLM\...\{FDDB69BB-2F9A-4830-A579-ABBB7C5AF9A8}) (Version: 6.10.050 - muvee Technologies)
NirSoft BlueScreenView (HKLM\...\NirSoft BlueScreenView) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
Opera Stable 36.0.2130.80 (HKLM\...\Opera 36.0.2130.80) (Version: 36.0.2130.80 - Opera Software)
PaperPort (HKLM\...\{71C97545-E547-4A8B-B0C8-61FF853270AC}) (Version: 9.02.0827 - ScanSoft, Inc.)
Parker Brothers Classic Card Games (HKLM\...\ClassicCard) (Version:  - )
Power2Go (HKLM\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.3917 - CyberLink Corp.)
Python 2.5 (HKLM\...\{0A2C5854-557E-48C8-835A-3B9F074BDCAA}) (Version: 2.5.150 - Martin v. Löwis)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5789 - Realtek 
 
Semiconductor Corp.)
Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1) (Version: 7.74.00 - 
 
Conexant Systems)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
swMSM (HKLM\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tweaking.com - Windows Repair (HKLM\...\Tweaking.com - Windows Repair) (Version: 4.0.12 - Tweaking.com)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_
 
{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.10 - VideoLAN)
Yahoo! Detect (HKLM\...\YTdetect) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless 
 
listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{9356e2bb-6c9a-43c0-a771-5cacbdab6afe}
 
\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\HP Photo Creations\RLPNUpload.dll (RocketLife)
CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{A10E0335-AFCA-4E7E-975F-CA30235FB29A}
 
\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{cc05a616-ddb3-4cc0-9a21-dc0e9962b444}
 
\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\HP Photo Creations\ContentMan.dll (RocketLife)
CustomCLSID: HKU\S-1-5-21-3938486149-3048756490-4017228027-1000_Classes\CLSID\{ff280b55-14f1-49ae-b40f-15f5294ce630}
 
\InprocServer32 -> C:\Users\Tipper\AppData\Roaming\HP Photo Creations\RocketEngine.dll (Visan inc.)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program 
 
Files\Dropbox\Client\DropboxExt.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program 
 
Files\Dropbox\Client\DropboxExt.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program 
 
Files\Dropbox\Client\DropboxExt.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program 
 
Files\Dropbox\Client\DropboxExt.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program 
 
Files\Dropbox\Client\DropboxExt.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program 
 
Files\Dropbox\Client\DropboxExt.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program 
 
Files\Dropbox\Client\DropboxExt.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program 
 
Files\Dropbox\Client\DropboxExt.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program 
 
Files\Dropbox\Client\DropboxExt.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program 
 
Files\Dropbox\Client\DropboxExt.21.0.dll [2018-05-14] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program 
 
Files\Dropbox\Client\DropboxExt.21.0.dll [2018-05-14] (Dropbox, Inc.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program 
 
Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2015-03-03] (McAfee, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program 
 
Files\Dropbox\Client\DropboxExt.21.0.dll [2018-05-14] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program 
 
Files\Dropbox\Client\DropboxExt.21.0.dll [2018-05-14] (Dropbox, Inc.)
ContextMenuHandlers5: [NvCplDesktopContext] -> {A70C977A-BF00-412C-90B7-034C51DA2439} => C:\Windows\system32
 
\nvcpl.dll [2008-05-22] (NVIDIA Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program 
 
Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2015-03-03] (McAfee, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless 
 
listed separately.)
 
Task: {09DA987E-5384-44C4-9359-F80E0CE55A8C} - System32\Tasks\{402A8835-4A03-4627-8446-8BCF151CF753} => "C:\Program 
 
Files\Internet Explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {2C6865C5-1B4D-4998-BABD-CB45D4B027C9} - System32\Tasks\PC-Doctor\Scheduled Maintenance Swap => C:\Program 
 
Files\PC-Doctor 5 for Windows\task_swap.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {3D69489E-4E92-49CF-8D12-7ABF6CDDF41F} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program 
 
Files\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2017-05-02] (Tweaking.com)
Task: {62723A29-FD3B-4F5F-B7D5-B9F1BFD4E640} - System32\Tasks\{E999EE8A-B462-4D2F-8C6F-0AEC7FF1E3EF} => 
 
C:\Windows\system32\pcalua.exe -a E:\setup.exe -d E:\
Task: {890419E0-EAE5-4F12-8544-8E5E5BEEAA2C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program 
 
Files\Dropbox\Update\DropboxUpdate.exe [2016-10-28] (Dropbox, Inc.)
Task: {964DAA7E-EFC5-456C-833F-3F439598E230} - System32\Tasks\PC-Doctor\Scheduled Maintenance => C:\Program Files\PC
 
-Doctor 5 for Windows\RunProfiler.exe [2008-03-13] (PC-Doctor, Inc.)
Task: {B137EFA8-D405-42FE-8963-8C9C47D9798E} - System32\Tasks\Opera scheduled Autoupdate 1517288033 => C:\Program 
 
Files\Opera\launcher.exe [2016-08-05] (Opera Software)
Task: {DF894B9C-6CB6-4C71-BE6E-D4746B6A9FC0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32
 
\Macromed\Flash\FlashPlayerUpdateService.exe [2020-12-08] (Adobe)
Task: {EFB4C4CE-A029-4FAC-AFC0-7C92C9750A50} - System32\Tasks\DropboxUpdateTaskMachineCore1d4c3fff0366b20 => 
 
C:\Program Files\Dropbox\Update\DropboxUpdate.exe [2016-10-28] (Dropbox, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task 
 
will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore1d4c3fff0366b20.job => C:\Program 
 
Files\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-05-14 22:41 - 2018-05-14 06:45 - 000863048 _____ () C:\Program Files\Dropbox\Client\dropbox_watchdog.dll
2018-05-14 22:41 - 2018-05-14 06:45 - 002079048 _____ () C:\Program Files\Dropbox\Client\dropbox_crashpad.dll
2018-03-29 17:42 - 2018-05-14 06:44 - 000100312 _____ () C:\Program Files\Dropbox\Client\_ctypes.pyd
2018-03-29 17:42 - 2018-05-14 06:44 - 000018896 _____ () C:\Program Files\Dropbox\Client\select.pyd
2018-03-29 17:42 - 2018-05-14 06:47 - 000020808 _____ () C:\Program Files\Dropbox\Client\tornado.speedups.pyd
2018-03-29 17:42 - 2018-05-14 06:44 - 000035808 _____ () C:\Program Files\Dropbox\Client\_multiprocessing.pyd
2018-03-29 17:42 - 2018-05-14 06:44 - 000694232 _____ () C:\Program Files\Dropbox\Client\unicodedata.pyd
2018-05-14 22:41 - 2018-05-14 06:46 - 000021856 _____ () C:\Program 
 
Files\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2018-03-29 17:42 - 2018-05-14 06:44 - 000130520 _____ () C:\Program Files\Dropbox\Client\_cffi_backend.pyd
2018-05-14 22:41 - 2018-05-14 06:46 - 001845600 _____ () C:\Program 
 
Files\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2018-05-14 22:41 - 2018-05-14 06:46 - 000022880 _____ () C:\Program 
 
Files\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2018-05-14 22:41 - 2018-05-14 06:44 - 000145880 _____ () C:\Program Files\Dropbox\Client\pyexpat.pyd
2018-05-14 22:41 - 2018-05-14 06:45 - 000116696 _____ () C:\Program Files\Dropbox\Client\pywintypes27.dll
2018-03-29 17:42 - 2018-05-14 06:44 - 000105944 _____ () C:\Program Files\Dropbox\Client\win32api.pyd
2018-03-29 17:42 - 2018-05-14 06:48 - 000022872 _____ () C:\Program 
 
Files\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2018-05-14 22:41 - 2018-05-14 06:46 - 000063312 _____ () C:\Program Files\Dropbox\Client\psutil._psutil_windows.pyd
2018-03-29 17:42 - 2018-05-14 06:44 - 000024536 _____ () C:\Program Files\Dropbox\Client\win32event.pyd
2018-05-14 22:41 - 2018-05-14 06:46 - 000077120 _____ () C:\Program Files\Dropbox\Client\fastpath.pyd
2018-05-14 22:41 - 2018-05-14 06:45 - 000392664 _____ () C:\Program Files\Dropbox\Client\pythoncom27.dll
2018-03-29 17:42 - 2018-05-14 06:44 - 000043480 _____ () C:\Program Files\Dropbox\Client\win32process.pyd
2018-05-14 22:41 - 2018-05-14 06:44 - 000020952 _____ () C:\Program Files\Dropbox\Client\mmapfile.pyd
2018-03-29 17:42 - 2018-05-14 06:44 - 000124888 _____ () C:\Program Files\Dropbox\Client\win32file.pyd
2018-03-29 17:42 - 2018-05-14 06:44 - 000114136 _____ () C:\Program Files\Dropbox\Client\win32security.pyd
2018-03-29 17:42 - 2018-05-14 06:47 - 000392520 _____ () C:\Program Files\Dropbox\Client\win32com.shell.shell.pyd
2018-03-29 17:42 - 2018-05-14 06:48 - 000028000 _____ () C:\Program 
 
Files\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-03-29 17:42 - 2018-05-14 06:44 - 000024024 _____ () C:\Program Files\Dropbox\Client\win32clipboard.pyd
2018-03-29 17:42 - 2018-05-14 06:44 - 000175576 _____ () C:\Program Files\Dropbox\Client\win32gui.pyd
2018-03-29 17:42 - 2018-05-14 06:44 - 000030168 _____ () C:\Program Files\Dropbox\Client\win32pipe.pyd
2018-03-29 17:42 - 2018-05-14 06:44 - 000026072 _____ () C:\Program Files\Dropbox\Client\win32job.pyd
2018-03-29 17:42 - 2018-05-14 06:44 - 000048600 _____ () C:\Program Files\Dropbox\Client\win32service.pyd
2018-03-29 17:42 - 2018-05-14 06:44 - 000057816 _____ () C:\Program Files\Dropbox\Client\win32evtlog.pyd
2018-05-14 22:41 - 2018-05-14 06:46 - 000021840 _____ () C:\Program Files\Dropbox\Client\cpuid.compiled._cpuid.pyd
2018-03-29 17:42 - 2018-05-14 06:48 - 000023376 _____ () C:\Program 
 
Files\Dropbox\Client\winshell.compiled._winshell.pyd
2018-05-14 22:41 - 2018-05-14 06:46 - 000022864 _____ () C:\Program 
 
Files\Dropbox\Client\crashpad.compiled._Crashpad.pyd
2018-03-29 17:42 - 2018-05-14 06:48 - 000066400 _____ () C:\Program 
 
Files\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2018-05-14 22:41 - 2018-05-14 06:47 - 003863880 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWidgets.pyd
2018-03-29 17:42 - 2018-05-14 06:44 - 000084944 _____ () C:\Program Files\Dropbox\Client\sip.pyd
2018-05-14 22:41 - 2018-05-14 06:46 - 001798464 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtCore.pyd
2018-05-14 22:41 - 2018-05-14 06:47 - 001959232 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtGui.pyd
2018-03-29 17:42 - 2018-05-14 06:44 - 000028632 _____ () C:\Program Files\Dropbox\Client\win32ts.pyd
2018-05-14 22:41 - 2018-05-14 06:47 - 000155472 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2018-05-14 22:41 - 2018-05-14 06:47 - 000521544 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtNetwork.pyd
2018-05-14 22:41 - 2018-05-14 06:47 - 000051024 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebEngineCore.pyd
2018-05-14 22:41 - 2018-05-14 06:47 - 000043336 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebChannel.pyd
2018-05-14 22:41 - 2018-05-14 06:47 - 000131400 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKit.pyd
2018-05-14 22:41 - 2018-05-14 06:47 - 000219984 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2018-05-14 22:41 - 2018-05-14 06:47 - 000204104 _____ () C:\Program Files\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2018-03-29 17:42 - 2018-05-14 06:48 - 000025440 _____ () C:\Program 
 
Files\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2018-03-29 17:42 - 2018-05-14 06:44 - 000060888 _____ () C:\Program Files\Dropbox\Client\win32print.pyd
2018-03-29 17:42 - 2018-05-14 06:48 - 000054616 _____ () C:\Program 
 
Files\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2018-03-29 17:42 - 2018-05-14 06:44 - 000024024 _____ () C:\Program Files\Dropbox\Client\win32profile.pyd
2018-03-29 17:42 - 2018-05-14 06:48 - 000022880 _____ () C:\Program 
 
Files\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2018-03-29 17:42 - 2018-05-14 06:48 - 000022368 _____ () C:\Program 
 
Files\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-03-29 17:42 - 2018-05-14 06:48 - 000021856 _____ () C:\Program 
 
Files\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2018-03-29 17:42 - 2018-05-14 06:48 - 000022368 _____ () C:\Program 
 
Files\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2018-05-14 22:41 - 2018-05-14 06:46 - 000027496 _____ () C:\Program 
 
Files\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-03-29 17:42 - 2018-05-14 06:44 - 000349144 _____ () C:\Program Files\Dropbox\Client\winxpgui.pyd
2018-03-29 17:42 - 2018-05-14 06:48 - 000023904 _____ () C:\Program 
 
Files\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2018-05-14 22:41 - 2018-05-14 06:46 - 000025432 _____ () C:\Program 
 
Files\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2018-05-14 22:41 - 2018-05-14 06:45 - 000036312 _____ () C:\Program Files\Dropbox\Client\librsync.dll
2018-03-29 17:42 - 2018-05-14 06:48 - 000021856 _____ () C:\Program 
 
Files\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-05-14 22:41 - 2018-05-14 06:46 - 000181064 _____ () C:\Program Files\Dropbox\Client\dropbox_sqlite_ext.dll
2018-03-29 17:42 - 2018-05-14 06:47 - 000030544 _____ () C:\Program 
 
Files\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2018-05-14 22:41 - 2018-05-14 06:46 - 000024384 _____ () C:\Program Files\Dropbox\Client\libEGL.dll
2018-05-14 22:41 - 2018-05-14 06:46 - 001638208 _____ () C:\Program Files\Dropbox\Client\libGLESv2.dll
2018-03-29 17:42 - 2018-05-14 06:48 - 000026464 _____ () C:\Program 
 
Files\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2007-05-21 06:02 - 2007-05-21 06:02 - 000269080 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 
 
2008\ERSREGPR.DLL
2007-05-21 06:02 - 2007-05-21 06:02 - 000228120 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 
 
2008\MSENCDAT.DLL
2007-05-21 06:02 - 2007-05-21 06:02 - 000178968 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 
 
2008\ENCCONT.DLL
2007-05-21 06:02 - 2007-05-21 06:02 - 000351000 _____ () C:\Program Files\Common Files\Microsoft Shared\Reference 
 
2008\MSENCXML.DLL
2007-05-21 06:00 - 2007-05-21 06:00 - 000068376 _____ () C:\Program Files\Microsoft Student\Microsoft Student with 
 
Encarta Premium 2008 DVD\EDICTEIT.EBK
2018-01-29 23:53 - 2016-08-05 07:29 - 063846920 _____ () C:\Program Files\Opera\36.0.2130.80\opera.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be 
 
restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 05:23 - 2006-09-18 16:41 - 000000761 _____ C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3938486149-3048756490-4017228027-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tipper\Pictures\Me 
 
2.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) 
 
(ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless 
 
listed separately.)
 
FirewallRules: [WinCollab-Out-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-UDP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-Out-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-In-TCP] => (Allow) %ProgramFiles%\Windows Collaboration\WinCollab.exe
FirewallRules: [WinCollab-DFSR-Out-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [WinCollab-DFSR-In-TCP] => (Allow) %SystemRoot%\system32\dfsr.exe
FirewallRules: [{D92D6C79-4E3E-4C55-B270-3772F9D2657C}] => (Allow) c:\Program Files\Cyberlink\PowerDirector\PDR.EXE
FirewallRules: [{770D80FE-2DB7-4C60-B911-024311024AB0}] => (Allow) LPort=80
FirewallRules: [{5BFA165D-98D1-42B9-8DBB-C23123DA7500}] => (Allow) LPort=80
FirewallRules: [{85C1740F-00A1-4ADE-828A-5DE3DC90AF6D}] => (Allow) LPort=80
FirewallRules: [{20EE2C88-D71B-4B05-9581-0F4D1EB4E7FF}] => (Allow) LPort=4481
FirewallRules: [{3343A644-DA33-45C0-B6F8-75703D1A4C08}] => (Allow) LPort=4481
FirewallRules: [{9699F66B-E3AE-49DD-A0AE-DA2E373C485F}] => (Allow) LPort=4482
FirewallRules: [{C395807F-9F94-4FC8-B806-FF47F0DAD3DA}] => (Allow) LPort=4482
FirewallRules: [{1253EA7A-883E-4F2D-878B-0D89088B081B}] => (Allow) C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [{3F9BC9C6-4BF0-4DF9-B7F9-F0D72354923C}] => (Allow) C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [TCP Query User{E61E14B6-2B7B-4B9A-A8EC-94FCBDCD789E}C:\program files\logitech\desktop 
 
messenger\8876480\program\logitechdesktopmessenger.exe] => (Block) C:\program files\logitech\desktop 
 
messenger\8876480\program\logitechdesktopmessenger.exe
FirewallRules: [UDP Query User{A6668CB7-25D3-4515-9533-E3F19AC2076B}C:\program files\logitech\desktop 
 
messenger\8876480\program\logitechdesktopmessenger.exe] => (Block) C:\program files\logitech\desktop 
 
messenger\8876480\program\logitechdesktopmessenger.exe
FirewallRules: [{85C8AE78-3F41-4823-A11B-40C4AA4FC9F8}] => (Allow) C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [{1995A3E9-CF49-4029-84CE-3D6F151D2101}] => (Allow) C:\Program Files\Logitech\Desktop 
 
Messenger\8876480\Program\LogitechDesktopMessenger.exe
FirewallRules: [TCP Query User{08546204-51B4-4295-BC11-5733FB70F911}C:\program files\limewire plus+\limewire.exe] => 
 
(Allow) C:\program files\limewire plus+\limewire.exe
FirewallRules: [UDP Query User{D3BD81E3-322B-4ADB-B9AA-C101BA735424}C:\program files\limewire plus+\limewire.exe] => 
 
(Allow) C:\program files\limewire plus+\limewire.exe
FirewallRules: [{472C2A7C-9E89-43FA-8922-9A792DCE6728}] => (Allow) C:\Program Files\Research In Motion\BlackBerry 
 
Desktop\Rim.Desktop.exe
FirewallRules: [{C0FE80F8-6DB0-403A-82A8-7473952BDD19}] => (Allow) C:\Program Files\Research In Motion\BlackBerry 
 
Desktop\Rim.Desktop.exe
FirewallRules: [{0544882A-BB01-4012-B621-7BF0EA635474}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe
FirewallRules: [{03A57C7B-C4EB-4EEA-9E5D-C103F4B51706}] => (Allow) C:\Program Files\Logitech\Vid HD\Vid.exe
FirewallRules: [{2C18A20C-6338-4CA6-889D-61F7A076066E}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319
 
\SMSvcHost.exe
FirewallRules: [{F93B05B1-C570-4C0F-AF9C-46AFBA2B20E1}] => (Allow) C:\Program Files\HP\HP Deskjet 1050 J410 
 
series\Bin\USBSetup.exe
FirewallRules: [TCP Query User{C93416B8-BA29-49F9-BA5A-AC531D041DD7}E:\setup.exe] => (Allow) E:\setup.exe
FirewallRules: [UDP Query User{53A6C86A-EB12-41E1-A38A-6D03F0F4A96E}E:\setup.exe] => (Allow) E:\setup.exe
FirewallRules: [{14B65C26-C247-42BD-9717-EDD839B7247F}] => (Allow) C:\Program Files\Dropbox\Client\Dropbox.exe
FirewallRules: [{BD446FB5-B07B-47C4-99F0-8A930875C22C}] => (Allow) C:\Program Files\Common 
 
Files\Mcafee\Platform\McSvcHost\McSvHost.exe
 
==================== Restore Points =========================
 
10-12-2020 00:00:15 Scheduled Checkpoint
11-12-2020 00:00:15 Scheduled Checkpoint
12-12-2020 00:00:10 Scheduled Checkpoint
13-12-2020 00:00:20 Scheduled Checkpoint
13-12-2020 15:36:19 Scheduled Checkpoint
15-12-2020 00:00:04 Scheduled Checkpoint
16-12-2020 00:00:17 Scheduled Checkpoint
17-12-2020 00:00:14 Scheduled Checkpoint
18-12-2020 00:00:13 Scheduled Checkpoint
19-12-2020 00:00:14 Scheduled Checkpoint
20-12-2020 00:00:04 Scheduled Checkpoint
21-12-2020 00:00:13 Scheduled Checkpoint
22-12-2020 00:00:13 Scheduled Checkpoint
23-12-2020 00:00:14 Scheduled Checkpoint
24-12-2020 00:00:13 Scheduled Checkpoint
25-12-2020 00:00:15 Scheduled Checkpoint
26-12-2020 00:00:14 Scheduled Checkpoint
27-12-2020 00:00:14 Scheduled Checkpoint
28-12-2020 00:00:16 Scheduled Checkpoint
29-12-2020 00:00:15 Scheduled Checkpoint
30-12-2020 00:00:15 Scheduled Checkpoint
31-12-2020 00:00:17 Scheduled Checkpoint
02-01-2021 06:13:35 McAfee Vulnerability Scanner
03-01-2021 00:00:05 Scheduled Checkpoint
04-01-2021 00:00:18 Scheduled Checkpoint
05-01-2021 00:00:14 Scheduled Checkpoint
06-01-2021 00:00:17 Scheduled Checkpoint
07-01-2021 00:00:19 Scheduled Checkpoint
08-01-2021 00:00:15 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/08/2021 07:00:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: 
 
<http://ctldl.windows...uthrootstl.cab>with error: A certificate 
 
chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
 
Error: (01/08/2021 07:00:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: 
 
<http://ctldl.windows...uthrootstl.cab>with error: A certificate 
 
chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
 
Error: (01/08/2021 07:00:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: 
 
<http://ctldl.windows...uthrootstl.cab>with error: A certificate 
 
chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
 
Error: (01/08/2021 07:00:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: 
 
<http://ctldl.windows...uthrootstl.cab>with error: A certificate 
 
chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
 
Error: (01/08/2021 07:00:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: 
 
<http://ctldl.windows...uthrootstl.cab>with error: A certificate 
 
chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
 
Error: (01/08/2021 07:00:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: 
 
<http://ctldl.windows...uthrootstl.cab>with error: A certificate 
 
chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
 
Error: (01/08/2021 07:00:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: 
 
<http://ctldl.windows...uthrootstl.cab>with error: A certificate 
 
chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
 
Error: (01/08/2021 07:00:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: 
 
<http://ctldl.windows...uthrootstl.cab>with error: A certificate 
 
chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
 
Error: (01/08/2021 07:00:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: 
 
<http://ctldl.windows...uthrootstl.cab>with error: A certificate 
 
chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
 
Error: (01/08/2021 07:00:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: Failed extract of third-party root list from auto update cab at: 
 
<http://ctldl.windows...uthrootstl.cab>with error: A certificate 
 
chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.
 
 
System errors:
=============
Error: (01/08/2021 06:26:06 PM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Event-ID 1001
 
Error: (01/05/2021 03:34:30 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 001E9034E132 has been denied 
 
by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (01/02/2021 05:03:32 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {211EBA3A-EA5A-496B-A021-5C6BEB365E4C} did not register with DCOM within the required 
 
timeout.
 
Error: (01/02/2021 05:03:02 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required 
 
timeout.
 
Error: (01/02/2021 03:50:59 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Event-ID 1001
 
Error: (01/02/2021 03:48:07 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:46:32 PM on 31/12/2020 was unexpected.
 
Error: (12/29/2020 03:34:25 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 001E9034E132 has been denied 
 
by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (12/22/2020 03:34:31 AM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.2.2 for the Network Card with network address 001E9034E132 has been denied 
 
by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
 
Error: (12/19/2020 12:59:56 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT AUTHORITY)
Description: Event-ID 1001
 
Error: (12/19/2020 01:00:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Health Check Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
CodeIntegrity:
===================================
  Date: 2021-01-02 03:56:32.628
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1
 
\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the 
 
system.
 
  Date: 2021-01-02 03:56:31.746
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1
 
\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the 
 
system.
 
  Date: 2021-01-02 03:56:30.806
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1
 
\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the 
 
system.
 
  Date: 2021-01-02 03:56:29.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1
 
\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the 
 
system.
 
  Date: 2019-10-19 01:55:58.112
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1
 
\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the 
 
system.
 
  Date: 2019-10-19 01:55:57.145
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1
 
\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the 
 
system.
 
  Date: 2019-10-19 01:55:56.223
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1
 
\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the 
 
system.
 
  Date: 2019-10-19 01:55:55.300
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1
 
\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the 
 
system.
 
  Date: 2019-08-14 06:35:23.008
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1
 
\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the 
 
system.
 
  Date: 2019-08-14 06:35:18.623
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1
 
\WINDOWS\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the 
 
system.
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5400+
Percentage of memory in use: 64%
Total physical RAM: 3005.76 MB
Available physical RAM: 1079.31 MB
Total Virtual: 6219.75 MB
Available Virtual: 4443.29 MB
 
==================== Drives ================================
 
Drive c: (HP) (Fixed) (Total:455.44 GB) (Free:56.31 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (FACTORY_IMAGE) (Fixed) (Total:10.32 GB) (Free:0.96 GB) NTFS ==>[system with boot components (obtained from 
 
drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: F451C310)
Partition 1: (Active) - (Size=455.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 

  • 0

Advertisements

#2
RKinner
Posted 09 January 2021 - 07:57 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP

I expect Microsoft is no longer updating Vista's Windows Defender and I don't see McAfee in a list of anti-viruses that support Vista so I would download the free Avast offline installerL

 

https://www.avast.co...=en-us&direct=1

 

Save it then uninstall McAfee (cancel your subscription if you are paying for it) Reboot then open the downloaded file.

Decline the free trial, any optional software and stick with the free Basic service.

If it installs normally, cancel the quick scan it want you to do.  Instead tell it to run a boot-time scan:

 

Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.


You are showing a dmp file so you may have had a BSOD. 

 

Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.


  • 0

#3
Tipper
Posted 11 March 2021 - 07:00 PM

Tipper

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts

Hi R Kinner,

My apologies for my long absence. Since we last communicated I installed Kaspersky Internet security successfully yesterday. I still have the windows issue that the data bases and Defender have not been updated for a long time. Is Windows Data bases and Windows Defender the same thing? I didn't need Avast (thank you anyway).

 

 

==================================================
Dump File         : Mini010221-01.dmp
Crash Time        : 31/12/2020 7:47:22 PM
Bug Check String  : KERNEL_MODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x1000008e
Parameter 1       : 0xc0000005
Parameter 2       : 0xa62a6cd9
Parameter 3       : 0xc150ba40
Parameter 4       : 0x00000000
Caused By Driver  : win32k.sys
Caused By Address : win32k.sys+96cd9
File Description  : Multi-User Win32 Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.0.6000.16386 (vista_rtm.061101-2205)
Processor         : 32-bit
Crash Address     : win32k.sys+96cd9
Stack Address 1   : win32k.sys+12c13c
Stack Address 2   : win32k.sys+ed5d2
Stack Address 3   : win32k.sys+ed797
Computer Name     : 
Full Path         : C:\Windows\Minidump\Mini010221-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 6002
Dump File Size    : 145,104
Dump File Time    : 02/01/2021 3:48:16 AM
==================================================
 
==================================================
Dump File         : Mini101819-01.dmp
Crash Time        : 18/10/2019 2:45:12 PM
Bug Check String  : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x000000d1
Parameter 1       : 0x00d9491d
Parameter 2       : 0x00000002
Parameter 3       : 0x00000000
Parameter 4       : 0x91439779
Caused By Driver  : tcpip.sys
Caused By Address : tcpip.sys+2f779
File Description  : TCP/IP Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.0.6002.19080 (vistasp2_gdr.140404-1538)
Processor         : 32-bit
Crash Address     : ntkrnlpa.exe+4de9d
Stack Address 1   : tcpip.sys+2f779
Stack Address 2   : tcpip.sys+2f81f
Stack Address 3   : tcpip.sys+80e23
Computer Name     : 
Full Path         : C:\Windows\Minidump\Mini101819-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 6002
Dump File Size    : 145,104
Dump File Time    : 18/10/2019 6:25:44 PM
==================================================

  • 0

#4
RKinner
Posted 12 March 2021 - 07:27 AM

RKinner

    Malware Expert

  • Expert
  • 24,623 posts
  • MVP

Dumps are old so probably not important unless they happen again.  Probably caused by heat since they are Windows Files.  You might check your temps:

 

You may want to run Speedfan to monitor your temps in real time:



http://www.filehippo...nload_speedfan/

Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it (Win 7+ or Vista right click and Run As Admin.).

It will tell you your temps in real time tho the default is to show the hard drive temp in the systray.  You can change it:  Hit Configure then click on the highest temp and check Show in tray.  
Win 10 hides icons by default so: Settings, Personalization,  Taskbar, Select which Icons appear on Taskbar,  then turn Speedfan ON.
With no other programs running what is the highest temp you see?  Run an anti-virus scan, play one of your games or watch a video for at least 5 minutes.  What is the highest temp now?
 

We don't really want it to go over about 65 under load.  If it does it usually means either the fan is defective (speedfan should tell you your fan speed so you can see if it is running) or (most likely) the interface between the fan and the heatsink is clogged with dust. The best fix for a clogged heatsink is to remove the fan (not the heatsink or heatpipe) and vacuum out the heatsink.  However on some PCs this is major surgery.  Sometimes you can blow air backwards through the exhaust vent while vacuuming at the input vent and if you are lucky it may clear the heatsink.  Don't do it too long as the fan may overrev.

 

Windows Defender should not run or get new data if you have Kaspersky installed.  Kasperski should have told Windows Defender to stop trying to run.

 

Can I see a new FRST scan?

 


 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP