Author Topic: Windows 10 loaded on laptop....  (Read 4438 times)

0 Members and 1 Guest are viewing this topic.

Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1380
  • Gentleman
    • View Profile
Re: Windows 10 loaded on laptop....
« Reply #30 on: January 19, 2020, 08:08:30 PM »
Farbar Recovery Scan Tool (x64) Version: 18-01-2020
Ran by Gordon & Nancy (19-01-2020 14:20:06)
Running from C:\Users\Gordon & Nancy\Desktop\Junk
Boot Mode: Normal

================== Search Registry: "avira" ===========

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wow6432Node\Avira]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Service Host]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Avira.Systray.exe"="11001"
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Avira.Systray.exe"="11001"
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windifesavirale.com]

====== End of Search ======

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'


Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1380
  • Gentleman
    • View Profile
Re: Windows 10 loaded on laptop....
« Reply #31 on: January 19, 2020, 08:09:08 PM »
Yahoo   I think you found C!!

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'


Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20215
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Windows 10 loaded on laptop....
« Reply #32 on: January 19, 2020, 08:38:11 PM »
Just click the Windows logo and locate Pale Moon.  Right-click and select "Pin to start".


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline v_v

  • Full Member
  • ***
  • Posts: 172
    • View Profile
Re: Windows 10 loaded on laptop....
« Reply #33 on: January 20, 2020, 12:22:29 AM »
Also depending on where you want to put the shortcut, you may click the "start" button in the bottom left hand corner of the task bar, locate Pale Moon in the start menu, right click on Pale Moon, then click "more", click "open file location", locate the Pale Moon short cut and right click it, click either "create short cut" which should try and fail to create a shortcut immediately but then offer to create it on the desktop (yes, if that is what you want)----or instead of clicking "create short cut", click "send to" and choose "desktop".

What a lot of confusing words to do something simple!
Justice, Equity, and Meaningful, Productive, and Fulfilling Lives to All Earthlings

Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20215
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Windows 10 loaded on laptop....
« Reply #34 on: January 20, 2020, 12:52:20 AM »
Yahoo   I think you found C!!
Yippee!!! 

Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines.  Right-click and select "Copy ".
Code: [Select]
Start::
CreateRestorePoint:
CloseProcesses:
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wow6432Node\Avira]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Service Host]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Avira.Systray.exe"="11001"
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Avira.Systray.exe"="11001"
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windifesavirale.com]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} =>  -> No File
ContextMenuHandlers3: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\modules\PowerRenameExt.dll -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator.  When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1380
  • Gentleman
    • View Profile
Re: Windows 10 loaded on laptop....
« Reply #35 on: January 20, 2020, 04:27:41 AM »
Fix result of Farbar Recovery Scan Tool (x64) Version: 18-01-2020
Ran by Gordon & Nancy (19-01-2020 22:14:25) Run:2
Running from C:\Users\Gordon & Nancy\Desktop\Junk
Loaded Profiles: Gordon & Nancy (Available Profiles: Gordon & Nancy)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wow6432Node\Avira]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Service Host]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Avira.Systray.exe"="11001"
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"Avira.Systray.exe"="11001"
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windifesavirale.com]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers1: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} =>  -> No File
ContextMenuHandlers3: [PowerRenameExt] -> {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\modules\PowerRenameExt.dll -> No File
ContextMenuHandlers3: [{4A7C4306-57E0-4C0C-83A9-78C1528F618C}] -> {4A7C4306-57E0-4C0C-83A9-78C1528F618C} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} =>  -> No File
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [WorkFolders] -> {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wow6432Node\Avira] => Error: No automatic fix found for this entry.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Service Host] => Error: No automatic fix found for this entry.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] => Error: No automatic fix found for this entry.
"Avira.Systray.exe"="11001" => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] => Error: No automatic fix found for this entry.
"Avira.Systray.exe"="11001" => Error: No automatic fix found for this entry.
[HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windifesavirale.com] => Error: No automatic fix found for this entry.
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\ANotepad++64 => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WorkFolders => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\PowerRenameExt => removed successfully
HKLM\Software\Classes\CLSID\{0440049F-D1DC-4E46-B27B-98393D79486B} => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\{4A7C4306-57E0-4C0C-83A9-78C1528F618C} => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\7-Zip => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files => removed successfully
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\WorkFolders => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu => removed successfully
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\Offline Files => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9540829 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 24252 B
Edge => 43533 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 5000 B
Gordon & Nancy => 806381 B

RecycleBin => 1696220 B
EmptyTemp: => 17.3 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:15:37 ====

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'


Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20215
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Windows 10 loaded on laptop....
« Reply #36 on: January 20, 2020, 01:43:44 PM »
Hi, Gordon.  I'm doing a bit more research as I've discovered Avira leftovers can be difficult to remove.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1380
  • Gentleman
    • View Profile
Re: Windows 10 loaded on laptop....
« Reply #37 on: January 20, 2020, 04:17:54 PM »
right on

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'


Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20215
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Windows 10 loaded on laptop....
« Reply #38 on: January 20, 2020, 04:47:47 PM »
Thanks for your patience, G!  Please do the following:

First, reboot the computer in Safe Mode.

Then do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Please select the entire contents of the code box below, from the "Start::" line to "End::", including both lines.  Right-click and select "Copy ".
Code: [Select]
Start::
CreateRestorePoint:
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wow6432Node\Avira
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Service Host
DeleteValue: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Avira.Systray.exe
DeleteValue: HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Avira.Systray.exe
DeleteKey: HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windifesavirale.com
EmptyTemp:
End::
  • Please right-click on FRST/FRST64 to run as administrator.  When the tool opens, click "yes" to the disclaimer.
  • Press the Fix button once and wait.
  • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST/FRST64.exe
  • Please post the log in your next reply.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1380
  • Gentleman
    • View Profile
Re: Windows 10 loaded on laptop....
« Reply #39 on: January 20, 2020, 06:45:08 PM »
wow that was a trip figuring safe mode on 10.....no f8 work...got it though

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-01-2020
Ran by Gordon & Nancy (20-01-2020 12:53:08) Run:3
Running from C:\Users\Gordon & Nancy\Desktop\Junk
Loaded Profiles: Gordon & Nancy (Available Profiles: Gordon & Nancy)
Boot Mode: Safe Mode (minimal)
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wow6432Node\Avira
DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Service Host
DeleteValue: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Avira.Systray.exe
DeleteValue: HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|Avira.Systray.exe
DeleteKey: HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windifesavirale.com
EmptyTemp:

*****************

Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Wow6432Node\Avira => removed successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Avira Service Host => removed successfully
"HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\\Avira.Systray.exe" => removed successfully
"HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\\Avira.Systray.exe" => removed successfully
HKEY_USERS\S-1-5-21-3675653720-2737141039-3862127861-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windifesavirale.com => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10567944 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 17690 B
Edge => 4658206 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 5000 B
Gordon & Nancy => 870121 B

RecycleBin => 1366 B
EmptyTemp: => 21.1 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:53:15 ====

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'


Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20215
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Windows 10 loaded on laptop....
« Reply #40 on: January 20, 2020, 07:08:55 PM »
Success!  But, just to be sure the Security Center is now showing correctly, please run FRST again but this time, just post the Addition.txt.

As you're getting started with Windows 10, you may find the tutorials by Andre Da Costa linked from Get Started with Windows 10 - Microsoft Community to his posts on "Groovy Post" helpful.

Now that your laptop has been updated from Windows 7 to Windows 10, the unsupported files removed and other leftovers removed, how is it working now? 


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1380
  • Gentleman
    • View Profile
Re: Windows 10 loaded on laptop....
« Reply #41 on: January 20, 2020, 07:19:22 PM »
its working awesome and thank you will do on the  Addition.txt.
its a little slow on boot up

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'


Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1380
  • Gentleman
    • View Profile
Re: Windows 10 loaded on laptop....
« Reply #42 on: January 20, 2020, 07:42:05 PM »
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2020
Ran by Gordon & Nancy (20-01-2020 13:44:52)
Running from C:\Users\Gordon & Nancy\Desktop\Junk
Windows 10 Home Version 1909 18363.592 (X64) (2020-01-16 09:33:20)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3675653720-2737141039-3862127861-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3675653720-2737141039-3862127861-503 - Limited - Disabled)
Gordon & Nancy (S-1-5-21-3675653720-2737141039-3862127861-1002 - Administrator - Enabled) => C:\Users\Gordon & Nancy
Guest (S-1-5-21-3675653720-2737141039-3862127861-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3675653720-2737141039-3862127861-1003 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-3675653720-2737141039-3862127861-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ACDSeePro (HKLM-x32\...\ACDSeePro) (Version: 9.3.0.545 - ACD Systems International Inc.)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.314 - Adobe)
AIMP (HKLM-x32\...\AIMP) (Version: v4.60.2170, 13.01.2020 - AIMP DevTeam)
AMD Catalyst Install Manager (HKLM\...\{CF780466-D74B-C6E7-7E61-0C4DCA614455}) (Version: 3.0.847.0 - Advanced Micro Devices, Inc.)
AtomTime Pro 3.1d (HKLM-x32\...\AtomTime Pro_is1) (Version: 3.1d - Naissan Innovations, LLC)
BCUninstaller (HKLM\...\{f4fef76c-1aa9-441c-af7e-d27f58d898d1}_is1) (Version: 4.15.0.42702 - Marcin Szeniak)
BurnAware Professional 12.5 (HKLM-x32\...\BurnAware Professional_is1) (Version:  - Burnaware)
CCleaner (HKLM\...\CCleaner) (Version: 5.63 - Piriform)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6345.0 - IDT)
Inpaint 8.1 (HKLM\...\{5808866F-D115-46B2-8123-BB6801968101}_is1) (Version:  - Teorex)
Malwarebytes Windows Firewall Control (HKLM\...\Windows Firewall Control) (Version: 6.1.0.0 - BiniSoft.org)
Microsoft OneDrive (HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\OneDriveSetup.exe) (Version: 19.222.1110.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mp3tag v2.99a (HKLM-x32\...\Mp3tag) (Version: 2.99a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
opensource (HKLM-x32\...\{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}) (Version: 1.0.14960.3876 - Your Company Name) Hidden
Pale Moon 28.8.1 (x64 en-US) (HKLM\...\Pale Moon 28.8.1 (x64 en-US)) (Version: 28.8.1 - Moonchild Productions)
PDF Shaper Professional 9.6 (HKLM-x32\...\PDF Shaper Professional_is1) (Version:  - Burnaware)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.02.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.84 - Realtek Semiconductor Corp.)
SereneScreen Marine Aquarium 3 (HKLM-x32\...\SereneScreen Marine Aquarium 3_is1) (Version: 3.0 - Prolific Publishing, Inc.)
SpywareBlaster 5.6 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.6.0 - BrightFort LLC)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.5.2 - CrystalIDEA Software, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)

Packages:
=========
Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11029.20108.0_x64__8wekyb3d8bbwe [2020-01-16] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2020-01-16] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2020-01-18] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-10-19] (Florian Heidenreich) [File not signed]
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-10-19] (Florian Heidenreich) [File not signed]
ContextMenuHandlers3: [sx_ISO] -> {10E19A29-0E8D-49B7-9587-1760938EE690} => C:\Program Files (x86)\BurnAware Professional\bashell64.dll [2018-05-17] (Burnaware -> Burnaware)
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2020-01-18] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll [2019-10-19] (Florian Heidenreich) [File not signed]
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-08-21] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\WINDOWS\system32\StartMenuHelper64.dll [2018-07-15] (Ivaylo Beltchev -> IvoSoft) [File not signed]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2014-08-27] (win.rar GmbH -> Alexander Roshal)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2011-09-15 14:15 - 2011-09-15 14:15 - 000073728 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2011-09-15 14:15 - 2011-09-15 14:15 - 000103424 _____ () [File not signed] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2019-10-19 01:01 - 2019-10-19 01:01 - 000424448 _____ (Florian Heidenreich) [File not signed] C:\Program Files (x86)\Mp3tag\Mp3tagShell64.dll
2018-07-15 13:15 - 2018-07-15 13:15 - 000885560 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicExplorer64.dll
2018-07-15 13:15 - 2018-07-15 13:15 - 003664696 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
2018-07-15 13:15 - 2018-07-15 13:15 - 000291128 _____ (Ivaylo Beltchev -> IvoSoft) [File not signed] C:\WINDOWS\system32\StartMenuHelper64.dll
2018-08-16 13:17 - 2020-01-15 21:14 - 000517632 _____ (Mozilla Foundation) [File not signed] C:\Program Files\Pale Moon\freebl3.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [288]

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer trusted/restricted ==========

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\...\1001movie.com -> 1001movie.com

There are 6090 more sites.


==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\AMD APP\bin\x86_64;C:\Program Files (x86)\AMD APP\bin\x86;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\DLLShared\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3675653720-2737141039-3862127861-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Gordon\animalfamilies14.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\Services: MpsSvc => 2
MSCONFIG\startupreg: Adobe ARM =>
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3C417E9F-64BF-483F-991C-1CC222B7FCC6}] => (Allow) C:\Program Files\Malwarebytes\Windows Firewall Control\wfc.exe (Malwarebytes Inc -> Malwarebytes)

==================== Restore Points =========================

16-01-2020 11:13:26 Removed Microsoft Office 2010
17-01-2020 13:36:23 Windows Modules Installer
18-01-2020 14:50:57 Installed PowerToys

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (01/20/2020 12:49:53 PM) (Source: WAS-LA) (EventID: 7005) (User: )
Description: Listener Adapter protocol 'msmq.formatname' attempted to communicate to Windows Process Activation Service and failed. The Listener Adapter is now in a bad state.  Cause: This is caused by Out of Memory issues or failures between Windows Process Activation Service and Listener Adapter.  Fix: To fix this condition, stop Listener Adapter then Windows Process Activation Service, restart Windows Process Activation Service, and finally restart Listener Adapter.

Error: (01/20/2020 12:44:52 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (01/20/2020 12:44:52 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (01/20/2020 12:35:50 PM) (Source: WAS-LA) (EventID: 7005) (User: )
Description: Listener Adapter protocol 'net.pipe' attempted to communicate to Windows Process Activation Service and failed. The Listener Adapter is now in a bad state.  Cause: This is caused by Out of Memory issues or failures between Windows Process Activation Service and Listener Adapter.  Fix: To fix this condition, stop Listener Adapter then Windows Process Activation Service, restart Windows Process Activation Service, and finally restart Listener Adapter.

Error: (01/20/2020 12:30:11 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007045b, A system shutdown is in progress.
.

Error: (01/20/2020 12:30:11 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress.
]

Error: (01/20/2020 12:30:11 PM) (Source: WAS-LA) (EventID: 7005) (User: )
Description: Listener Adapter protocol 'net.pipe' attempted to communicate to Windows Process Activation Service and failed. The Listener Adapter is now in a bad state.  Cause: This is caused by Out of Memory issues or failures between Windows Process Activation Service and Listener Adapter.  Fix: To fix this condition, stop Listener Adapter then Windows Process Activation Service, restart Windows Process Activation Service, and finally restart Listener Adapter.

Error: (01/20/2020 11:26:49 AM) (Source: WAS-LA) (EventID: 7005) (User: )
Description: Listener Adapter protocol 'msmq.formatname' attempted to communicate to Windows Process Activation Service and failed. The Listener Adapter is now in a bad state.  Cause: This is caused by Out of Memory issues or failures between Windows Process Activation Service and Listener Adapter.  Fix: To fix this condition, stop Listener Adapter then Windows Process Activation Service, restart Windows Process Activation Service, and finally restart Listener Adapter.


System errors:
=============
Error: (01/20/2020 12:53:49 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.

Error: (01/20/2020 12:53:15 PM) (Source: DCOM) (EventID: 10005) (User: Kai)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/20/2020 12:53:15 PM) (Source: DCOM) (EventID: 10005) (User: Kai)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/20/2020 12:53:14 PM) (Source: DCOM) (EventID: 10005) (User: Kai)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/20/2020 12:53:14 PM) (Source: DCOM) (EventID: 10005) (User: Kai)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/20/2020 12:53:14 PM) (Source: DCOM) (EventID: 10005) (User: Kai)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/20/2020 12:53:14 PM) (Source: DCOM) (EventID: 10005) (User: Kai)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/20/2020 12:53:14 PM) (Source: DCOM) (EventID: 10005) (User: Kai)
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "Unavailable" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}


Windows Defender:
===================================
Date: 2020-01-17 16:32:45.561
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F7CF1EBD-1FEF-46B8-8651-594DF2A05D2D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2020-01-20 12:51:41.398
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

Date: 2020-01-20 12:37:48.956
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: This service cannot be started in Safe Mode
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.

CodeIntegrity:
===================================

Date: 2020-01-17 16:13:48.829
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-01-17 16:13:48.510
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-01-17 14:39:07.147
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-01-17 14:39:06.899
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2020-01-17 14:34:27.702
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

BIOS: Hewlett-Packard F.44 11/14/2011
Motherboard: Hewlett-Packard 169B
Processor: AMD A6-3420M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 62%
Total physical RAM: 3562.9 MB
Available physical RAM: 1338.29 MB
Total Virtual: 7146.9 MB
Available Virtual: 4578.14 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.89 GB) (Free:409.65 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{d03c1558-672b-11e6-971c-806e6f6e6963}\ (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.15 GB) NTFS
\\?\Volume{b0b9757b-0000-0000-0000-304574000000}\ () (Fixed) (Total:0.68 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: B0B9757B)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=464.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=694 MB) - (Type=27)

==================== End of Addition.txt =======================

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'


Online Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20215
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Windows 10 loaded on laptop....
« Reply #43 on: January 20, 2020, 08:03:51 PM »
Edit note:  Hold the fort, Gordon.  After a second look, it shows that Avira is still there. With FRST, place the following in the Search box and press the Search Files button: SearchAll: avira;antivir



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline hayc59

  • Voodoo Child
  • Hero Member
  • *****
  • Posts: 1380
  • Gentleman
    • View Profile
Re: Windows 10 loaded on laptop....
« Reply #44 on: January 21, 2020, 12:10:15 AM »
Farbar Recovery Scan Tool (x64) Version: 18-01-2020
Ran by Gordon & Nancy (20-01-2020 18:22:26)
Running from C:\Users\Gordon & Nancy\Desktop\Junk
Boot Mode: Normal

================== Search Files: "SearchAll: avira;antivir" =============

9.11.01
"The most beautiful flower loses her beauty one day, but a hard faithful friend an eternity"
"Beauty that is not hidden to deepest of my soul can be seen that with eyes of the heart"

'Never Forget'