Davemeysner

Please find attached results of all 3 steps … FRST.txt Addition.txt AdwCleaner[C00].txt AdwCleaner[S00].txt AdwCleaner[C01].txt davemeysner Scan results.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-09-2021 02 Ran by davem (administrator) on DESKTOP-IUAN9SM (Dell Inc. Vostro 420 Series) (29-09-2021 02:33:33) Running from C:\Users\davem\Dropbox\My PC (DESKTOP-IUAN9SM)\Downloads Loaded Profiles: davem Platform: Windows 10 Pro Version 2004 19041.1237 (X64) Language: English (United Kingdom) Default browser: Edge Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\51.0.15.0\crashpad_handler.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Privacy\MBVPNService.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <31> (Microsoft Windows -> Microsoft Corporation) C:\Windows\HelpPane.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1794888 2015-06-29] (NVIDIA Corporation -> NVIDIA Corporation) HKLM\...\Run: [OfficeSuite] => C:\Program Files\MobiSystems\OfficeSuite\MobiSystemsUpdate.exe [336616 2021-09-15] (MobiSystems, Inc. -> MobiSystems Inc.) HKLM\...\Run: [MobiDrive] => C:\Program Files\MobiSystems\MobiDrive\MobiDriveUpdate.exe [343272 2021-08-26] (MobiSystems, Inc. -> MobiSystems Inc.) HKLM\...\Run: [PDFExtra] => C:\Program Files\MobiSystems\PDFExtra\PdfEditorUpdate.exe [347880 2021-09-15] (MobiSystems, Inc. -> MobiSystems Inc.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8091424 2021-09-25] (Dropbox, Inc -> Dropbox, Inc.) HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe [54124376 2021-09-09] (Google LLC -> Google, Inc.) HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe [54124376 2021-09-09] (Google LLC -> Google, Inc.) HKU\S-1-5-21-1370645763-2818373483-1388332187-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5397216 2021-09-09] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-1370645763-2818373483-1388332187-1001\...\Run: [Malwarebytes Privacy] => C:\Program Files\Malwarebytes\Privacy\UI\mbprivacy.exe [354984 2021-03-24] (Malwarebytes Inc -> Malwarebytes) HKU\S-1-5-21-1370645763-2818373483-1388332187-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [1700928 2021-01-21] (Sony Nordic (Sweden), Filial till Sony Europe B.V.(NL) -> Sony) HKU\S-1-5-21-1370645763-2818373483-1388332187-1001\...\Run: [MicrosoftEdgeAutoLaunch_72537CB43253ADC37F4BB7D1EA8B02DA] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 HKU\S-1-5-21-1370645763-2818373483-1388332187-1001\...\Run: [MobiDrive] => C:\Program Files\MobiSystems\MobiDrive\MobiDrive.exe [1943272 2021-08-26] (MobiSystems, Inc. -> MobiSystems Inc.) HKU\S-1-5-21-1370645763-2818373483-1388332187-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe [54124376 2021-09-09] (Google LLC -> Google, Inc.) HKU\S-1-5-21-1370645763-2818373483-1388332187-1001\...\MountPoints2: {cd713e25-d43c-11eb-8bbd-00219b155bf6} - "F:\HiSuiteDownLoader.exe" HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\51.0.15.0\GoogleDriveFS.exe [54124376 2021-09-09] (Google LLC -> Google, Inc.) HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> HKLM\...\Windows x64\Print Processors\Canon MX340 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDA5.DLL [28672 2010-05-16] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MX340 series: C:\Windows\system32\CNMLMA5.DLL [344064 2010-05-16] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon MP FAX Language Monitor MX340 series: C:\Windows\system32\CNCF2Lk.DLL [343552 2009-10-22] (Microsoft Windows Hardware Compatibility Publisher -> Canon Inc.) HKLM\...\Print\Monitors\PDFsam Enhanced 7 Monitor: C:\Windows\system32\spool\DRIVERS\x64\pdfsam enhanced_pdfpmon_v.6.11.0.7.dll [960120 2021-04-08] (PDF Tools AG -> PDF Tools AG (hxxp://www.pdf-tools.com)) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\94.0.4606.61\Installer\chrmstp.exe [2021-09-29] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2021-09-15] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.2296\SSScheduler.exe (McAfee, LLC -> McAfee, LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2020-07-06] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) [File not signed] ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {26BC7108-FC6B-414B-93AE-5BA7931E36C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-06] (Google LLC -> Google LLC) Task: {2ADA37E6-DCD1-4F04-96EA-BDB8F5C5C7F9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-16] (Dropbox, Inc -> Dropbox, Inc.) Task: {441DFCEF-054E-4E6B-8A21-29D9B384591D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.) Task: {5A207594-2163-4FD6-87B8-7A094C52FF51} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-16] (Dropbox, Inc -> Dropbox, Inc.) Task: {8D0D51EE-5FC9-4E99-80C5-77BDBB1F4F58} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-06] (Google LLC -> Google LLC) Task: {B884AF09-739D-43B6-A151-00CF384423FC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {BC0B6A47-7CAF-418E-ADD3-DDD1B919F0F6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DE5732E3-5BEB-4381-B5B3-E854C9541137} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {E8CD1AD2-5FD7-47AB-B153-70A0A4AEFE89} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [680888 2021-09-28] (Mozilla Corporation -> Mozilla Foundation) Task: {F2D2A45E-1C6A-4D91-ADEA-97E1BBDDBDF4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{fac5e3e8-9a0e-4663-a97c-7f050321d501}: [DhcpNameServer] 192.168.0.1 Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge DefaultProfile: Default Edge Profile: C:\Users\davem\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-29] Edge Notifications: Default -> hxxps://calendar.google.com; hxxps://www.aliexpress.com; hxxps://www.youtube.com; hxxps://www1.news-back.org Edge Extension: (Honey) - C:\Users\davem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\amnbcmdbanbkjhnfoeceemmmdiepnbpp [2021-09-03] Edge Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\davem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2021-08-16] Edge Extension: (Google Docs Offline) - C:\Users\davem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-28] Edge Extension: (True Key™ by McAfee) - C:\Users\davem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gnnbmcifkkjgjdbkilfglpdpmidkgefn [2021-05-20] Edge Extension: (Amazon Assistant) - C:\Users\davem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hkmnokmdbkkafgmpfhhiniclfnfpmogj [2021-07-28] Edge Extension: (Malwarebytes Browser Guard) - C:\Users\davem\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-09-15] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: xufz9hnt.default FF ProfilePath: C:\Users\davem\AppData\Roaming\Mozilla\Firefox\Profiles\xufz9hnt.default [2021-03-30] FF ProfilePath: C:\Users\davem\AppData\Roaming\Mozilla\Firefox\Profiles\fbw6ztim.default-release [2021-09-28] FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-26] (Google Inc -> Google, Inc.) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [File not signed] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-09-09] (Adobe Inc. -> Adobe Systems Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default [2021-09-28] CHR Notifications: Default -> hxxps://drive.google.com CHR HomePage: Default -> hxxp://uk.msn.com/?ocid=OIE8HP&PC=B8DF CHR StartupUrls: Default -> "hxxp://www.msn.com/en-gb?ocid=OIE8HP&PC=B8DF","hxxps://www.google.com/","hxxps://www.google.co.uk/?gfe_rd=cr&ei=QY1pVunmOcfHcKjcgdgP&gws_rd=ssl","hxxp://www.nectar.com/?source=toolbar" CHR Extension: (Slides) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-06] CHR Extension: (Save to Google Photos™) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aoanickgmocpddnppajakfcafbkncdab [2020-07-06] CHR Extension: (Docs) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-06] CHR Extension: (Google Drive) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-16] CHR Extension: (Nectar Notifier) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bilfacghikncbjidkgdenbjimhfkgobo [2021-03-01] CHR Extension: (YouTube) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-06] CHR Extension: (Sheets) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-06] CHR Extension: (Avira Browser Safety) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2021-08-03] CHR Extension: (Google Docs Offline) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-09] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-09-15] CHR Extension: (Chrome Web Store Payments) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29] CHR Extension: (Gmail) - C:\Users\davem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-13] CHR Profile: C:\Users\davem\AppData\Local\Google\Chrome\User Data\Guest Profile [2021-03-24] CHR Profile: C:\Users\davem\AppData\Local\Google\Chrome\User Data\System Profile [2021-06-23] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-16] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [129808 2021-08-16] (Dropbox, Inc -> Dropbox, Inc.) S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [44328 2021-09-25] (Dropbox, Inc -> Dropbox, Inc.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7789240 2021-09-27] (Malwarebytes Inc -> Malwarebytes) R2 MBVpnService; C:\Program Files\Malwarebytes\Privacy\MBVpnService.exe [3272496 2021-03-24] (Malwarebytes Inc -> Malwarebytes) S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Privacy\MBVpnTunnelService.exe [2239304 2021-03-24] (Malwarebytes Inc -> Malwarebytes) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.2296\McCHSvc.exe [416752 2021-09-03] (McAfee, LLC -> McAfee, LLC) S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.4.105.0\\McCSPServiceHost.exe [2687856 2020-01-25] (McAfee, LLC. -> McAfee, LLC.) S2 PDFsam Enhanced 7; C:\Program Files\PDFsam Enhanced 7\ws.exe [2617416 2021-01-13] (Sober Lemur S.a.s. di Vacondio Andrea -> Andrea Vacondio) S3 PDFsam Enhanced 7 Creator; C:\Program Files\PDFsam Enhanced 7\creator-ws.exe [511560 2021-01-13] (Sober Lemur S.a.s. di Vacondio Andrea -> Andrea Vacondio) S2 PDFsam Enhanced 7 Update Service; C:\Program Files\PDFsam Enhanced 7\updater-ws.exe [1740872 2021-01-13] (Sober Lemur S.a.s. di Vacondio Andrea -> Andrea Vacondio) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-09-14] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-10] (Microsoft Windows Publisher -> Microsoft Corporation) S2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2575360 2021-01-21] (Sony) [File not signed] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed] S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed] S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R1 googledrivefs3525; C:\Windows\System32\DRIVERS\googledrivefs3525.sys [389640 2021-09-09] (Google LLC -> Google, Inc.) S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [210344 2021-09-29] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-09-27] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-09-29] (Malwarebytes Inc -> Malwarebytes) S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [41400 2020-05-22] (McAfee, LLC. -> The OpenVPN Project) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [48536 2021-09-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [433384 2021-09-10] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-10] (Microsoft Windows -> Microsoft Corporation) S3 wintun; C:\Windows\system32\DRIVERS\wintun.sys [38176 2020-12-13] (WireGuard LLC -> WireGuard LLC) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2021-09-29 02:33 - 2021-09-29 02:33 - 000000000 ____D C:\FRST 2021-09-29 02:28 - 2021-09-29 02:30 - 000319978 _____ C:\Windows\ntbtlog.txt 2021-09-29 02:28 - 2021-09-29 02:30 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2021-09-29 02:20 - 2021-09-29 02:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2021-09-28 13:07 - 2021-09-28 13:10 - 000000000 ____D C:\AdwCleaner 2021-09-28 10:53 - 2021-09-29 02:29 - 082051072 _____ C:\Windows\system32\config\SOFTWARE 2021-09-28 10:48 - 2021-09-28 10:53 - 000000000 ____D C:\Windows\Microsoft Antimalware 2021-09-28 09:56 - 2021-09-28 09:56 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla 2021-09-27 11:41 - 2021-09-27 11:41 - 000000000 ____D C:\Users\davem\AppData\Local\mbam 2021-09-27 11:40 - 2021-09-29 02:30 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2021-09-27 11:40 - 2021-09-29 02:30 - 000210344 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2021-09-27 11:40 - 2021-09-27 11:40 - 000160176 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2021-09-27 11:40 - 2021-09-27 11:40 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys 2021-09-27 11:40 - 2021-09-27 11:40 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-09-27 11:40 - 2021-09-27 11:40 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-09-25 23:01 - 2021-09-25 23:01 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys 2021-09-25 23:01 - 2021-09-25 23:01 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys 2021-09-25 23:01 - 2021-09-25 23:01 - 000047600 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys 2021-09-25 23:01 - 2021-09-25 23:01 - 000044328 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe 2021-09-24 11:45 - 2021-09-24 11:45 - 000002064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk 2021-09-24 11:45 - 2021-09-24 11:45 - 000001899 _____ C:\Users\Default\Desktop\Google Slides.lnk 2021-09-24 11:45 - 2021-09-24 11:45 - 000001899 _____ C:\Users\Default\Desktop\Google Sheets.lnk 2021-09-24 11:45 - 2021-09-24 11:45 - 000001887 _____ C:\Users\Default\Desktop\Google Docs.lnk 2021-09-24 11:45 - 2021-09-09 10:29 - 000389640 _____ (Google, Inc.) C:\Windows\system32\Drivers\googledrivefs3525.sys 2021-09-15 13:42 - 2021-09-15 13:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2021-09-14 22:36 - 2021-09-14 22:36 - 002111488 _____ (Digimarc) C:\Windows\SysWOW64\DMRCDecoder.dll 2021-09-14 22:36 - 2021-09-14 22:36 - 001333760 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll 2021-09-14 22:36 - 2021-09-14 22:36 - 001313608 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi 2021-09-14 22:36 - 2021-09-14 22:36 - 000672768 _____ C:\Windows\system32\FsNVSDeviceSource.dll 2021-09-14 22:36 - 2021-09-14 22:36 - 000570368 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2021-09-14 22:36 - 2021-09-14 22:36 - 000452096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2021-09-14 22:36 - 2021-09-14 22:36 - 000170496 _____ C:\Windows\system32\DeviceUpdateCenterCsp.dll 2021-09-14 22:36 - 2021-09-14 22:36 - 000122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2021-09-14 22:36 - 2021-09-14 22:36 - 000011355 _____ C:\Windows\system32\DrtmAuthTxt.wim 2021-09-14 22:35 - 2021-09-14 22:35 - 002295296 _____ (Digimarc) C:\Windows\system32\DMRCDecoder.dll 2021-09-14 22:35 - 2021-09-14 22:35 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll 2021-09-14 22:35 - 2021-09-14 22:35 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2021-09-14 22:35 - 2021-09-14 22:35 - 001393480 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2021-09-14 22:35 - 2021-09-14 22:35 - 001164288 _____ C:\Windows\system32\MBR2GPT.EXE 2021-09-14 22:35 - 2021-09-14 22:35 - 000566784 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv 2021-09-14 22:35 - 2021-09-14 22:35 - 000426496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv 2021-09-14 22:35 - 2021-09-14 22:35 - 000272384 _____ C:\Windows\system32\TpmTool.exe 2021-09-14 22:35 - 2021-09-14 22:35 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe 2021-09-14 22:35 - 2021-09-14 22:35 - 000162816 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe 2021-09-14 22:35 - 2021-09-14 22:35 - 000147456 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2021-09-14 22:35 - 2021-09-14 22:35 - 000098816 _____ C:\Windows\system32\Drivers\cimfs.sys 2021-09-14 22:26 - 2021-09-14 22:26 - 000000000 ___HD C:\$WinREAgent 2021-09-14 10:30 - 2021-09-14 11:24 - 000029184 ___HL C:\Users\davem\OneDrive\Documents\~WRL2412.tmp 2021-09-13 15:11 - 2021-09-13 15:11 - 001234755 ____L C:\Users\davem\OneDrive\Documents\HSBC Ref 1542637556 Meysner Bank Income Pension and PIP.pdf 2021-09-04 16:39 - 2021-09-19 12:16 - 000001355 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Extra Update.lnk 2021-09-04 16:39 - 2021-09-19 12:16 - 000001132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Extra .lnk 2021-09-04 16:39 - 2021-09-19 12:16 - 000001120 _____ C:\Users\Public\Desktop\PDF Extra .lnk 2021-09-04 16:34 - 2021-09-04 16:34 - 000001362 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MobiDrive Update.lnk 2021-09-04 16:34 - 2021-09-04 16:34 - 000001286 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MobiDrive.lnk 2021-09-04 16:34 - 2021-09-04 16:34 - 000001132 _____ C:\Users\Public\Desktop\MobiDrive.lnk 2021-09-04 16:31 - 2021-09-19 12:13 - 000002189 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfficeSuite Mail.lnk 2021-09-04 16:31 - 2021-09-19 12:13 - 000002094 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfficeSuite Documents.lnk 2021-09-04 16:31 - 2021-09-19 12:13 - 000002082 _____ C:\Users\Public\Desktop\OfficeSuite Documents.lnk 2021-09-04 16:31 - 2021-09-19 12:13 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfficeSuite Slides.lnk 2021-09-04 16:31 - 2021-09-19 12:13 - 000002071 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfficeSuite Sheets.lnk 2021-09-04 16:31 - 2021-09-19 12:13 - 000002059 _____ C:\Users\Public\Desktop\OfficeSuite Slides.lnk 2021-09-04 16:31 - 2021-09-19 12:13 - 000002059 _____ C:\Users\Public\Desktop\OfficeSuite Sheets.lnk 2021-09-04 16:31 - 2021-09-19 12:13 - 000002043 _____ C:\Users\Public\Desktop\OfficeSuite Mail.lnk 2021-09-04 16:31 - 2021-09-19 12:13 - 000001390 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MobiSystems Update.lnk 2021-09-04 16:31 - 2021-09-19 12:13 - 000001122 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OfficeSuite PDF.lnk 2021-09-04 16:31 - 2021-09-19 12:13 - 000001110 _____ C:\Users\Public\Desktop\OfficeSuite PDF.lnk 2021-09-04 16:31 - 2021-09-04 16:39 - 000000000 ____D C:\Program Files\MobiSystems ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2021-09-29 02:32 - 2020-07-05 22:40 - 000000000 ____D C:\Users\davem\AppData\Local\D3DSCache 2021-09-29 02:30 - 2019-12-07 15:48 - 000008192 ___SH C:\DumpStack.log.tmp 2021-09-29 02:29 - 2019-12-07 10:03 - 000786432 _____ C:\Windows\system32\config\BBI 2021-09-29 02:28 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF 2021-09-29 02:27 - 2019-12-07 15:48 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2021-09-29 02:27 - 2019-12-07 10:03 - 000032768 _____ C:\Windows\system32\config\ELAM 2021-09-29 02:21 - 2020-07-07 11:24 - 000000000 ____D C:\Users\davem\AppData\Local\Dropbox 2021-09-29 02:20 - 2020-07-07 11:24 - 000000000 ____D C:\Program Files (x86)\Dropbox 2021-09-29 02:19 - 2020-07-06 12:55 - 000000000 ____D C:\Program Files (x86)\Google 2021-09-29 02:18 - 2020-07-06 12:56 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-09-29 02:18 - 2020-07-06 12:56 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-09-29 02:17 - 2020-07-18 16:35 - 000000000 ___RD C:\Users\davem\MobiDrive 2021-09-29 02:17 - 2020-06-28 00:19 - 000000000 __RDL C:\Users\davem\OneDrive 2021-09-28 19:54 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-09-28 19:33 - 2019-12-07 15:48 - 000000000 ____D C:\Windows\system32\SleepStudy 2021-09-28 11:40 - 2021-08-16 08:29 - 000000000 ____D C:\ProgramData\McAfee Security Scan 2021-09-28 09:58 - 2020-06-28 00:14 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI 2021-09-28 09:57 - 2021-03-30 10:34 - 000000000 ____D C:\ProgramData\Mozilla 2021-09-28 09:56 - 2021-08-02 14:30 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-09-28 09:56 - 2021-03-30 10:34 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-09-28 09:56 - 2021-03-30 10:34 - 000000000 ____D C:\Users\davem\AppData\LocalLow\Mozilla 2021-09-28 09:56 - 2021-03-30 10:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-09-28 09:53 - 2020-06-28 00:14 - 000000000 ____D C:\ProgramData\NVIDIA 2021-09-28 09:42 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-09-28 09:42 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness 2021-09-27 15:42 - 2020-07-06 12:55 - 000000000 ____D C:\Users\davem\AppData\Local\Google 2021-09-27 12:34 - 2020-06-28 00:11 - 000000000 ____D C:\Users\davem 2021-09-27 11:40 - 2020-12-13 21:26 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-09-27 11:40 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP 2021-09-27 11:39 - 2020-12-13 21:26 - 000000000 ____D C:\Program Files\Malwarebytes 2021-09-26 17:23 - 2020-06-28 10:01 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-09-26 17:23 - 2020-06-28 10:01 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-09-26 17:21 - 2020-06-28 00:19 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1370645763-2818373483-1388332187-1001 2021-09-26 17:21 - 2020-06-28 00:11 - 000002428 _____ C:\Users\davem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-09-24 11:45 - 2020-10-13 00:07 - 000002073 _____ C:\Users\Public\Desktop\Google Slides.lnk 2021-09-24 11:45 - 2020-10-13 00:07 - 000002071 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2021-09-24 11:45 - 2020-10-13 00:07 - 000002061 _____ C:\Users\Public\Desktop\Google Docs.lnk 2021-09-24 11:45 - 2020-10-13 00:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google 2021-09-24 11:45 - 2020-10-13 00:07 - 000000000 ____D C:\Program Files\Google 2021-09-19 16:33 - 2021-08-04 12:57 - 001687268 ____L C:\Users\davem\OneDrive\Documents\LPE1 GFF 8 Kings Road Clevedon BS217HA.pdf 2021-09-17 11:32 - 2020-07-06 12:05 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task 2021-09-17 11:32 - 2020-07-06 12:05 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-09-15 13:42 - 2020-07-06 12:36 - 000002018 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2021-09-15 13:42 - 2020-07-06 12:36 - 000000000 ____D C:\Program Files\McAfee Security Scan 2021-09-15 13:42 - 2020-07-06 12:05 - 000000000 ____D C:\ProgramData\McAfee 2021-09-15 00:25 - 2019-12-07 15:48 - 000314080 _____ C:\Windows\system32\FNTCACHE.DAT 2021-09-15 00:24 - 2019-12-07 15:49 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\oobe 2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism 2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources 2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinMetadata 2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns 2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe 2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\migwiz 2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism 2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\DDFs 2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser 2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellComponents 2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\Provisioning 2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions 2021-09-15 00:24 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr 2021-09-15 00:24 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing 2021-09-14 22:40 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp 2021-09-14 22:18 - 2020-07-10 10:24 - 000000000 ____D C:\Windows\system32\MRT 2021-09-14 22:15 - 2020-07-10 10:24 - 135637312 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2021-09-13 12:13 - 2021-01-24 13:33 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2021-09-10 11:31 - 2019-12-07 15:48 - 000000000 ____D C:\Windows\system32\Drivers\wd 2021-09-04 16:40 - 2020-07-16 00:41 - 000000000 ____D C:\Users\davem\AppData\Roaming\MobiSystems 2021-09-04 16:39 - 2020-07-16 00:43 - 000000000 ____D C:\Users\davem\AppData\Local\Mobisystems 2021-09-04 16:39 - 2020-07-06 12:11 - 000000000 ____D C:\ProgramData\Package Cache 2021-09-03 19:00 - 2020-07-16 21:49 - 000000000 ____D C:\Users\davem\AppData\Local\ElevatedDiagnostics 2021-09-03 18:53 - 2020-06-28 10:01 - 000803176 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ========================

Steps 1 and 2 completed successfully. Step 3 - something is blocking my download of Farbar so I cannot complete this step. Firstly Maybe I need to understand now to disable my Antivirus which is preventing the Farbar download … please advise how to resolve this. Thank you.

I am running MWB premium on W10 and it does not detect an infection of www1.News-back.org which is a malicious site that displays fake error messages to trick you into subscribing to its browser notifications. The pop messages are incessant and very annoying. Please can anyone help with advice regarding removal ?

Good morning Maurice, I trust you are keeping well. I am not sure if you are able to follow through on my support journey but let me explain where I ended up and hopefully you can provide guidance on whether or not i need to reverse the command prompts i.e the 2nd & 3rd commands meant to insure there is an enhanced advanced boot options available. So I created a USB W10 installation media as advised but also decided to install the W10 OS on a new Samsung SSD for contingency (i will come back to this backup solution later as I do have a working system and the Samsung SSD is nice and fast) We stopped communicating when i encountered anomalies so i will run through these in case you have an insight which escapes me: 1 So for contingency/ backup I successfully installed W10 on the Samsung SSD (everything else was disconnected as advised) and then I re-connected my old hard drives using Data connections lower in the pecking order assuming they would be readable. I ensured the Boot config read from Samsung SSD priority 1 and W10 continued to boot off the Samsung SSD so I could copy across the files and info from my old hard drives. 2 The old hard drives were visible in the directory but it would not allow me to copy anything from the Admin user (my main user account) and therefore I couldn't read the majority of data files I needed. I concluded that it would be impossible without Dr Solomon type breakin tools which i didn't have, so I am stuck. 3 When I next attempted to Boot my system it switched/defaulted to the old hard drive (the one I had just reconnected to read the admin user data files). I had checked the boot order with F12 and it definitely said P1 was the Samsung SSD. Bizarrely the system decided to try and boot the old W10 which had all the original problems and it just kept looping saying unable to start the PC, attempting repairs, diagnosing faults, couldn't find anything but would not start. 4 One option available under troubleshooting was the choice of resetting my PC; keeping all my personal data and files, just loosing all my apps by re-installing W10 (on the original faulty 😄 drive). So I gave it a go .... at least I thought I may have the opportunity to access and save all my Admin user files to the Cloud and then transfer them or just access them from my new Samsung SSD operating system as required. It did successfully re-install W10 on that original drive BUT it lost a significant number of files in my personal directories and download folders. So I was defeated after all and I am assuming the data may still be there but the file system has not indexed it when I followed reset procedure, so the data is not accessible to me. So Step 3 is now a repeatable problem which I don't understand. If I just connect the Samsung SSD only it works perfectly but IF any other devices (including an external USB) are attached including any of my old hard drives it fails to read from the Samsung SSD (the priority in Boot Config is still P1 Samsung SDD) and tries to boot off the other hard drives ... either the old W10 or an external USB . I really don't get it. To make use of these old drives Perhaps I now need to reformat them and wipe the operating systems but why does it insist on trying to boot from these old HDD's when my boot config points to the Samsung SSD !! My primary question relates to the changes made early in our dialogue, i.e the 2nd & 3rd commands meant to insure there is a enhanced advanced boot options available. DO I need to reverse these .., if so HOW ? Anyway I thought you might have some bright ideas please.

Apologies I didn’t mean to do that!

Thank you Maurice. It is the last sequence of images which illustrates the troubleshooting option that is simply just taking round and round in circles and irrespective of safe mode or other choices it just reverts to Automatic Repair and then back to the first screen. that has been my dilemma, how to exit this loop ??? as for the Bios screen would it allow me to boot from USB if inserted first and then would I be able to access advanced start up which is what we trying to achieve yesterday?.

Hope all is well with you Maurice, I imagine we are facing a rebuild which I really want to avoid. in the meantime I have progressed a little but please advise if you think it helps with the way forward. i removed and reinserted the cmos battery from the motherboard and have now got a new start up screen. I did not have the USB or any other peripherals attached when I powered up. Do you think w3 can work with this screen ?

Have followed your guidance diligently including removing the usb. black screen with W10 allows me time to key F8 and the options listed are attached below. tried safe mode with networking several times and other options and regardless the PC loops back to Preparing automatic repair/ diagnosing your PC and then the same blue screen telling me it has failed. I am stuck in the same loop.

Ok I have just selected Reply to this thread ... didn’t use the quote ? Have followed all the instructions for my PC as stated and inserted the USB. On boot up the only option is Windows 10, I assume it is not seeing the USB as bootable yet. pressed F8 and selected f5 which is The safe mode with networking. The PC goes through the same loop again and ends up with Automatic Repair, Your PC said not start correctly. am I missing something? Maybe the USB needs to be in a different slot ?

Ok understood will do. I now have the usb so should be able to report back this afternoon. The restore Point date was 6/16/20 at 1:30 am

Next step Run rstrui.exe was OK it found my restore point 6/16/2020 and recovered my system to that RP. see images below: After the restore appeared to complete successfully the Restart repeated the same original problem and I have tried all troubleshooting options and I cannot escape the automatic repair / failed to start loop. Back to square 1 ?

Ok thank you, Here are the results so far, not successful atm

Thanks Maurice, really appreciate your support, Yes I will try that again in the morning (12pm here). For clarification are the previous commands in lines 2 and 3 a prerequisite for the recovery procedure. i.e can I shut my PC down and start out fresh 2moro ?

Ok can I catch up 2moro, getting late here and I need my bed ! will leave command prompt window open.

Yes 2nd & 3rd commands re meant to insure there is a enhanced advanced boot options available worked, 4th line failed. i am nervous about restoring from a previous backup because many recent backups reported failure and I never investigated why ! is there a next step from the command prompt ?

Umm quite strange, I get the same response.... no instances available

Response: after first command No Instance(s) Available And then back to the command prompt X:\windows\system32> Should I change directory first ?

Ok, here is the res

Did you mean W7 laptop ( tomorrow earliest) or my PC which is now already in command mode with a prompt!

Yes sorry the PC will not respond to the ‘safe mode’ troubleshooting option, it just reverts to Automatic Repair/Diagnosing your PC/ Attemptingbrepairs and then Your PC will not repair with another reset option. Very frustrating !

Yes I am happy to wait until the support team deliver a solution and also happy to shar3 my findings once the problem has been resolved. I need to be patient, it seems I am waiting a long time for a response But actually only 2 W days have elapsed. For contingency I am always interested in expert opinions/advice and alternative approaches. In addition I do have an old windows 7 laptop, very slow, but I could get it working again and of course I can buy a flash drive with sufficient capacity if you let me know the spec and procedure you have in mind etc

Hi Maurice, thank you for your response Did you mean that you actually "did" get to a Command prompt "? That could be useful for limited purposes. YES it is an option and I can use the command prompt editor window. Q: About your Support ticket. When exactly did you initiate the ticket ? YES On 16th June and a reply on 18th June Dvising removal using safe boot which is not an option that works. and, beyond the first automated reply by the automated system ....have you had a reply from an actual Support person ? Q: When was the last day that Windows was working well? On the 16th June.

Good advice, I agree, thank you for your prompt reply.