Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Unable to remove RegClean Pro window
Message
<blockquote data-quote="Susan Mah" data-source="post: 574695" data-attributes="member: 57583"><p>There was no fixlist.txt but I have done a scan with the FarBar Recovery Tool. Below are FRST.txt and Addition.txt files. Would this help?</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016</p><p>Ran by Ann-Margaret (administrator) on ANN-MARGARET-PC (07-12-2016 11:34:26)</p><p>Running from C:\Users\Ann-Margaret\Downloads</p><p>Loaded Profiles: Ann-Margaret (Available Profiles: Ann-Margaret)</p><p>Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States)</p><p>Internet Explorer Version 8 (Default browser: Chrome)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfemms.exe</p><p>(McAfee, Inc.) C:\Windows\System32\mfevtps.exe</p><p>(McAfee, Inc.) C:\Windows\System32\mfevtps.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe</p><p>(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe</p><p>(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe</p><p>(Microsoft Corporation) C:\Windows\System32\rundll32.exe</p><p>(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe</p><p>() C:\Program Files\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe</p><p>( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe</p><p>(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxtray.exe</p><p>(Intel Corporation) C:\Windows\System32\hkcmd.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxpers.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe</p><p>(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxsrvc.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe</p><p>(PC Drivers Headquarters) C:\Program Files\Driver Support\Driver Support\DriverSupport.exe</p><p>(TomTom) C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe</p><p>(Dropbox, Inc.) C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE</p><p>(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe</p><p>(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe</p><p>(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe</p><p>(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\CSP\1.5.495.0\McCSPServiceHost.exe</p><p>(Microsoft Corporation) C:\Windows\System32\wuauclt.exe</p><p>(Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Windows\System32\cmd.exe</p><p>(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McChHost.exe</p><p>(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe</p><p>(Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe</p><p></p><p>==================== Registry (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)</p><p>HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)</p><p>HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)</p><p>HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-10] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)</p><p>HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [582288 2015-09-03] (McAfee, Inc.)</p><p>HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [563200 2015-04-02] (McAfee, Inc.)</p><p>HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Run: [Google Update] => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-08] (Google Inc.)</p><p>HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Run: [Driver Support] => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [4785504 2014-05-07] (PC Drivers Headquarters)</p><p>HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Run: [Dropbox Update] => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-02] (Dropbox, Inc.)</p><p>HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe [1917832 2015-06-04] (TomTom)</p><p>ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)</p><p>ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)</p><p>Startup: C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-12-02]</p><p>ShortcutTarget: Dropbox.lnk -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</p><p>Startup: C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-02-15]</p><p>ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>ProxyServer: [S-1-5-21-899527790-1624991411-125816496-1000] => http=127.0.0.1:49498;https=127.0.0.1:49498</p><p>AutoConfigURL: [S-1-5-21-899527790-1624991411-125816496-1000] => http=127.0.0.1:49498;https=127.0.0.1:49498</p><p>Tcpip\Parameters: [DhcpNameServer] 137.82.1.2 142.103.1.42</p><p>Tcpip\..\Interfaces\{40E5ADB9-F95D-48F1-9D58-362DFAAA4399}: [DhcpNameServer] 137.82.1.2 142.103.1.42</p><p>Tcpip\..\Interfaces\{A3C2AEF2-0C06-4432-99C6-548D8DF2E365}: [DhcpNameServer] 216.57.207.18 216.57.207.19</p><p></p><p>Internet Explorer:</p><p>==================</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://<a href="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" target="_blank">www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</a></p><p>HKU\S-1-5-21-899527790-1624991411-125816496-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://<a href="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" target="_blank">www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</a></p><p>HKU\S-1-5-21-899527790-1624991411-125816496-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank</p><p>HKU\S-1-5-21-899527790-1624991411-125816496-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?rd=1</p><p>HKU\S-1-5-21-899527790-1624991411-125816496-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://<a href="http://www.youtube.com/results?search_query=jonalyn+viray+la+diva++philippines+2014" target="_blank">www.youtube.com/results?search_query=jonalyn+viray+la+diva++philippines+2014</a></p><p>hxxps://ca.yahoo.com/?p=us</p><p>URLSearchHook: HKU\S-1-5-21-899527790-1624991411-125816496-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)</p><p>SearchScopes: HKU\S-1-5-21-899527790-1624991411-125816496-1000 -> DefaultScope {6CCE3E8C-05E3-4E6B-99D6-5DF6CF78BF54} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US876D20140828&p={searchTerms}</p><p>SearchScopes: HKU\S-1-5-21-899527790-1624991411-125816496-1000 -> {0499BC2B-7A6A-4571-BDEB-53A451B5E889} URL = hxxp://websearch.shaw.ca/shaw/ws/results/Web/{SearchTerms}/1/417/TopNavigation/Relevance/iq=true/zoom=off/_iceUrlFlag=7?_IceUrl=true&ua=ie-tb-cd</p><p>SearchScopes: HKU\S-1-5-21-899527790-1624991411-125816496-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\S-1-5-21-899527790-1624991411-125816496-1000 -> {6CCE3E8C-05E3-4E6B-99D6-5DF6CF78BF54} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US876D20140828&p={searchTerms}</p><p>BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10] (Adobe Systems Incorporated)</p><p>BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)</p><p>BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-22] (Oracle Corporation)</p><p>BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-01] (Skype Technologies S.A.)</p><p>BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-22] (Oracle Corporation)</p><p>Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)</p><p>Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)</p><p>Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)</p><p>Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)</p><p>Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-01] (Skype Technologies S.A.)</p><p>Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-09-03] (McAfee, Inc.)</p><p></p><p>FireFox:</p><p>========</p><p>FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi</p><p>FF Extension: (McAfee WebAdvisor) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2016-12-06]</p><p>FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK</p><p>FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-03-28] [not signed]</p><p>FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-10-22] (Oracle Corporation)</p><p>FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-10-22] (Oracle Corporation)</p><p>FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-03] ()</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll [2010-09-16] ( Microsoft Corporation)</p><p>FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ann-Margaret\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-12] (Citrix Online)</p><p>FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ann-Margaret\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)</p><p>FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @talk.google.com/O1DPlugin -> C:\Users\Ann-Margaret\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)</p><p>FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)</p><p>FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)</p><p>FF Plugin ProgramFiles/Appdata: C:\Users\Ann-Margaret\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)</p><p>FF Plugin ProgramFiles/Appdata: C:\Users\Ann-Margaret\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)</p><p></p><p>Chrome: </p><p>=======</p><p>CHR DefaultProfile: Default</p><p>CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=B211US876D20140828&p={searchTerms}</p><p>CHR DefaultSearchKeyword: Default -> mcafee</p><p>CHR Profile: C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default [2016-12-07]</p><p>CHR Extension: (SiteAdvisor) - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-17]</p><p>CHR Extension: (Skype) - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-12-06]</p><p>CHR Extension: (Chrome Web Store Payments) - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-06]</p><p>CHR Extension: (Chrome Media Router) - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-06]</p><p>CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2016-03-28]</p><p>CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-07-01]</p><p>StartMenuInternet: Google Chrome - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe</p><p></p><p>==================== Services (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)</p><p>R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2016-02-12] (McAfee, Inc.)</p><p>R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [691968 2015-09-03] (McAfee, Inc.)</p><p>R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [180064 2015-06-04] (McAfee, Inc.)</p><p>R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)</p><p>R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)</p><p>S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [481336 2015-04-09] (McAfee, Inc.)</p><p>R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)</p><p>R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)</p><p>R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-02-17] (McAfee, Inc.)</p><p>R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [334576 2015-04-06] (McAfee, Inc.)</p><p>R2 mfevtp; C:\Windows\system32\mfevtps.exe [238288 2015-02-17] (McAfee, Inc.)</p><p>R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)</p><p>S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)</p><p></p><p>===================== Drivers (Whitelisted) ======================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>S3 A_USBETHMP; C:\Windows\System32\Drivers\usbethmp.sys [14342 2009-07-09] (Intellon Corporation)</p><p>R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61848 2015-02-17] (McAfee, Inc.)</p><p>S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)</p><p>R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [304928 2015-02-17] (McAfee, Inc.)</p><p>R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [260248 2015-02-17] (McAfee, Inc.)</p><p>R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [82800 2015-02-17] (McAfee, Inc.)</p><p>R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371648 2015-02-17] (McAfee, Inc.)</p><p>R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-02-17] (McAfee, Inc.)</p><p>R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [380496 2015-01-16] (McAfee, Inc.)</p><p>S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80760 2015-01-16] (McAfee, Inc.)</p><p>R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217584 2015-02-17] (McAfee, Inc.)</p><p>S3 WLRAWMp50x86; C:\Windows\System32\Drivers\WLRAWMp50x86.sys [28312 2009-07-09] (Logitech, Inc.)</p><p>S3 WLRAWSp50x86; C:\Windows\System32\Drivers\WLRAWSp50x86.sys [27032 2009-07-09] (Logitech, Inc.)</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2016-12-07 11:34 - 2016-12-07 11:34 - 00018034 _____ C:\Users\Ann-Margaret\Downloads\FRST.txt</p><p>2016-12-07 11:33 - 2016-12-07 11:34 - 00000000 ____D C:\FRST</p><p>2016-12-07 11:32 - 2016-12-07 11:32 - 01761792 _____ (Farbar) C:\Users\Ann-Margaret\Downloads\FRST.exe</p><p>2016-12-07 10:48 - 2016-12-07 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee</p><p>2016-12-06 16:32 - 2016-12-06 16:35 - 268555280 _____ C:\Users\Ann-Margaret\Downloads\EmsisoftEmergencyKit.exe</p><p>2016-12-06 16:25 - 2016-12-07 10:40 - 00000000 ____D C:\EEK</p><p>2016-12-06 15:49 - 2016-12-06 15:49 - 00001142 _____ C:\Windows\system32\.crusader</p><p>2016-12-06 15:38 - 2016-12-06 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>2016-12-06 15:38 - 2016-12-06 15:38 - 00000000 ____D C:\Program Files\HitmanPro</p><p>2016-12-06 15:17 - 2016-12-06 15:49 - 00000000 ____D C:\ProgramData\HitmanPro</p><p>2016-12-02 00:19 - 2016-12-02 00:19 - 00000000 ____D C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2016-12-07 11:30 - 2013-03-11 21:36 - 00000000 ___RD C:\Users\Ann-Margaret\Dropbox</p><p>2016-12-07 11:22 - 2013-03-11 21:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2016-12-07 11:17 - 2010-11-16 21:43 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA.job</p><p>2016-12-07 11:07 - 2015-07-07 19:34 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA.job</p><p>2016-12-07 11:01 - 2009-07-13 20:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2016-12-07 11:01 - 2009-07-13 20:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2016-12-07 10:42 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT</p><p>2016-12-07 10:41 - 2015-01-12 07:32 - 00000604 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-899527790-1624991411-125816496-1000.job</p><p>2016-12-07 10:23 - 2015-07-17 04:35 - 00000700 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-899527790-1624991411-125816496-1000.job</p><p>2016-12-07 09:37 - 2015-01-07 20:41 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys</p><p>2016-12-07 08:05 - 2016-05-05 21:22 - 00920500 _____ C:\Windows\system32\PerfStringBackup.INI</p><p>2016-12-07 08:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf</p><p>2016-12-06 15:19 - 2013-07-28 13:03 - 00000000 ____D C:\ProgramData\McAfee</p><p>2016-12-02 00:31 - 2010-11-17 19:11 - 00000000 ____D C:\New folder</p><p>2016-12-02 00:23 - 2010-11-16 22:00 - 00002406 _____ C:\Users\Ann-Margaret\Desktop\Google Chrome.lnk</p><p>2016-12-02 00:23 - 2010-11-16 21:56 - 00002414 _____ C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk</p><p>2016-12-02 00:22 - 2013-03-11 21:32 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe</p><p>2016-12-02 00:22 - 2013-03-11 21:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl</p><p>2016-12-02 00:22 - 2010-11-16 21:36 - 00000000 ____D C:\Windows\system32\Macromed</p><p>2016-12-02 00:20 - 2013-03-11 21:30 - 00000000 ____D C:\Users\Ann-Margaret\AppData\Roaming\Dropbox</p><p>2016-12-02 00:18 - 2010-11-16 21:43 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core.job</p><p>2016-12-02 00:13 - 2015-07-07 19:34 - 00000000 ____D C:\Users\Ann-Margaret\AppData\Local\Dropbox</p><p>2016-12-02 00:05 - 2015-07-07 19:34 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core.job</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2010-11-16 22:20 - 2010-11-16 22:20 - 0000000 _____ () C:\Users\Ann-Margaret\AppData\Local\AtStart.txt</p><p>2010-11-16 22:20 - 2010-11-16 22:20 - 0000000 _____ () C:\Users\Ann-Margaret\AppData\Local\DSwitch.txt</p><p>2010-11-16 22:20 - 2010-11-16 22:20 - 0000000 _____ () C:\Users\Ann-Margaret\AppData\Local\QSwitch.txt</p><p></p><p>Some files in TEMP:</p><p>====================</p><p>C:\Users\Ann-Margaret\AppData\Local\Temp\air1B54.exe</p><p>C:\Users\Ann-Margaret\AppData\Local\Temp\air40A9.exe</p><p>C:\Users\Ann-Margaret\AppData\Local\Temp\air8F37.exe</p><p>C:\Users\Ann-Margaret\AppData\Local\Temp\CitrixOnlineLauncher.exe</p><p>C:\Users\Ann-Margaret\AppData\Local\Temp\DD80_TeamViewer_Setup_en.exe</p><p>C:\Users\Ann-Margaret\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7tihfw.dll</p><p>C:\Users\Ann-Margaret\AppData\Local\Temp\ose00000.exe</p><p>C:\Users\Ann-Margaret\AppData\Local\Temp\ose00001.exe</p><p>C:\Users\Ann-Margaret\AppData\Local\Temp\SkypeSetup.exe</p><p>C:\Users\Ann-Margaret\AppData\Local\Temp\yopw-2xv.dll</p><p>C:\Users\Ann-Margaret\AppData\Local\Temp\zjtw59kz.dll</p><p>C:\Users\Ann-Margaret\AppData\Local\Temp\_is5F8.exe</p><p>C:\Users\Ann-Margaret\AppData\Local\Temp\{C433DE69-E21F-49EE-9B8F-561C337E0397}-DropboxClient_3.20.1.exe</p><p></p><p></p><p>==================== Bamital & volsnap ======================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\system32\winlogon.exe => File is digitally signed</p><p>C:\Windows\system32\wininit.exe => File is digitally signed</p><p>C:\Windows\system32\svchost.exe => File is digitally signed</p><p>C:\Windows\system32\services.exe => File is digitally signed</p><p>C:\Windows\system32\User32.dll => File is digitally signed</p><p>C:\Windows\system32\userinit.exe => File is digitally signed</p><p>C:\Windows\system32\rpcss.dll => File is digitally signed</p><p>C:\Windows\system32\dnsapi.dll => File is digitally signed</p><p>C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p>LastRegBack: 2016-02-08 01:19</p><p></p><p>==================== End of FRST.txt ============================</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-12-2016</p><p>Ran by Ann-Margaret (09-12-2016 08:34:37)</p><p>Running from C:\Users\Ann-Margaret\Downloads</p><p>Microsoft Windows 7 Ultimate (X86) (2010-11-17 05:09:32)</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p>Administrator (S-1-5-21-899527790-1624991411-125816496-500 - Administrator - Disabled)</p><p>Ann-Margaret (S-1-5-21-899527790-1624991411-125816496-1000 - Administrator - Enabled) => C:\Users\Ann-Margaret</p><p>Guest (S-1-5-21-899527790-1624991411-125816496-501 - Limited - Disabled)</p><p>HomeGroupUser$ (S-1-5-21-899527790-1624991411-125816496-1003 - Limited - Enabled)</p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}</p><p>AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}</p><p>FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)</p><p>Adobe Reader X (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)</p><p>Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.3 - Broadcom Corporation)</p><p>Citrix Online Launcher (HKLM\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix)</p><p>Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: - )</p><p>Dropbox (HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Dropbox) (Version: 15.4.22 - Dropbox, Inc.)</p><p>Google Chrome (HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)</p><p>Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)</p><p>GoToMeeting 7.3.0.3499 (HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\GoToMeeting) (Version: 7.3.0.3499 - CitrixOnline)</p><p>HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: - )</p><p>HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)</p><p>HP Pavilion Webcam Driver for Vista v061.001.00006 (HKLM\...\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}) (Version: 061.001.00006 - Chicony)</p><p>HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.5.1 - Hewlett-Packard)</p><p>Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)</p><p>Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: - )</p><p>Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)</p><p>Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)</p><p>McAfee SecurityCenter (HKLM\...\MSC) (Version: 14.0.1127 - McAfee, Inc.)</p><p>McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.290 - McAfee, Inc.)</p><p>Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)</p><p>Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)</p><p>Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50917.0 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>MyDriveConnect 4.0.3.2180 (HKLM\...\MyDriveConnect) (Version: 4.0.3.2180 - TomTom)</p><p>QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden</p><p>RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)</p><p>Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden</p><p>Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.5.7896 - Skype Technologies S.A.)</p><p>Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)</p><p>Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)</p><p>TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)</p><p>Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)</p><p>WiLife Command Center 2.5 (HKLM\...\{49143692-9C1E-4D35-8A82-9BE0378846CB}) (Version: 2.5.968 - WiLife)</p><p>WiLife Command Center 2.5 (Version: 2.5.968 - WiLife) Hidden</p><p>WiLife Command Center USB Driver x86 (Version: 2.5.0000 - Logitech) Hidden</p><p>Windows Driver Package - Dibcom (MODBDA2) Media (07/25/2006 1.0.0.15) (HKLM\...\F5181EF8C578455A008679430DF657AC907C67A5) (Version: 07/25/2006 1.0.0.15 - Dibcom)</p><p>Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )</p><p>WizeFeed 2.1.5 (HKLM\...\W1Z3F33D-CD0C-4AC4-86B4-X11E5511AA18_is1) (Version: 2.1.0.5 - GlobalTec Solutions, LLP)</p><p>Wizetrade® Stocks (HKLM\...\W1Z3T4D3-L00K-1T1Z-H3R3-UN1NST4LLTH3_is1) (Version: 2.1.2.1 - The Wizetrade Group, LLP)</p><p></p><p>==================== Custom CLSID (Whitelisted): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\2128\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File</p><p>CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)</p><p></p><p>==================== Scheduled Tasks (Whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>Task: {08CF8986-421E-4E08-A8FB-5EC245BC9BDB} - System32\Tasks\{634ABF9A-CD5F-40C0-8071-213B12689A16} => pcalua.exe -a F:\sp34464.exe -d F:\</p><p>Task: {18F5657D-1AFC-4731-AA1B-92EBA3D57E04} - System32\Tasks\{C041C7E4-6707-4FD6-B67C-BC0030D1A897} => pcalua.exe -a "C:\Program Files\HP DVB-T TV Tuner\DPInst_Setup.exe" -d "C:\Program Files\HP DVB-T TV Tuner"</p><p>Task: {23CFAB43-EF49-434D-B4A2-C2918932156C} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-05-07] (PC Drivers Headquarters)</p><p>Task: {26E4F7F8-09CA-4155-ABB2-AD5E3C6F6E47} - System32\Tasks\{715AD13E-9F51-434E-8CFC-1333EFD7637C} => C:\Program Files\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)</p><p>Task: {29D8BBC9-212A-44CF-BB94-15B7FC8D1547} - System32\Tasks\{162116ED-57CD-489A-A837-16A07798E133} => C:\Program Files\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)</p><p>Task: {3ADB4070-6A96-4D4F-941D-04560B50DC2B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-02] (Adobe Systems Incorporated)</p><p>Task: {4E96B8E7-7D3D-4356-98A7-AB845C07AD22} - System32\Tasks\G2MUpdateTask-S-1-5-21-899527790-1624991411-125816496-1000 => C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe [2015-09-23] (Citrix Online, a division of Citrix Systems, Inc.)</p><p>Task: {4F8849C9-37C3-4C64-B032-528D37D0285E} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-05-07] (PC Drivers Headquarters)</p><p>Task: {52043947-E06F-4634-BF86-C14AB4156BDE} - System32\Tasks\G2MUploadTask-S-1-5-21-899527790-1624991411-125816496-1000 => C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe [2015-09-23] (Citrix Online, a division of Citrix Systems, Inc.)</p><p>Task: {6F29A5D4-7C1D-414B-97DB-E60A84912DA5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)</p><p>Task: {72A23ED5-9688-4896-A0F0-A43DD02AA28B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)</p><p>Task: {7F3D7E16-48E4-4B85-A3F1-B8114BEE9D56} - System32\Tasks\{412F4DBB-02B5-44CF-B6FD-6BC3AE17134D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain</p><p>Task: {8706BF7C-DE59-477A-B491-1DC0B96CA9E1} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-12-02] (Dropbox, Inc.)</p><p>Task: {AD756287-CDEE-4644-A19B-55CA811CAA41} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-05-07] (PC Drivers Headquarters)</p><p>Task: {B33132E4-C0D6-49C3-AD61-4571CE1B01D8} - System32\Tasks\{0F655E5E-61E8-4C84-BD76-78BAE26B8642} => pcalua.exe -a F:\sp35850.exe -d F:\</p><p>Task: {ED5E14BD-A59B-4D91-BB45-ADFE321BEBB4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)</p><p>Task: {FC6C5B43-9168-4863-A9A9-9B9E256F648C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-12-02] (Dropbox, Inc.)</p><p>Task: {FC6E8327-A7D7-42BC-9553-5C68E344A101} - System32\Tasks\Reg Pro Cleaner => </p><p></p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p></p><p>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe</p><p>Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core.job => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe</p><p>Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA.job => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe</p><p>Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-899527790-1624991411-125816496-1000.job => C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe</p><p>Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-899527790-1624991411-125816496-1000.job => C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core.job => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe</p><p>Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA.job => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe</p><p></p><p>==================== Shortcuts =============================</p><p></p><p>(The entries could be listed to be restored or removed.)</p><p></p><p>==================== Loaded Modules (Whitelisted) ==============</p><p></p><p>2014-09-10 19:46 - 2014-08-13 02:50 - 04047328 _____ () C:\Program Files\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe</p><p>2014-05-07 12:31 - 2014-05-07 12:31 - 00428424 _____ () C:\Program Files\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll</p><p>2016-12-02 00:19 - 2016-10-28 15:50 - 00035792 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:50 - 00145864 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\pyexpat.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:51 - 00019408 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\faulthandler.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:50 - 00116688 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\pywintypes27.dll</p><p>2016-12-02 00:19 - 2016-10-28 15:50 - 00100296 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\_ctypes.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:50 - 00018888 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\select.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:17 - 00019760 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:50 - 00694224 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\unicodedata.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 00020816 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:51 - 00123856 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 01682760 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 00020808 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:53 - 00105928 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32api.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:17 - 00021312 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 00052024 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 00038696 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\fastpath.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:50 - 00392144 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\pythoncom27.dll</p><p>2016-12-02 00:19 - 2016-10-28 15:53 - 00020936 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\mmapfile.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:53 - 00024528 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32event.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:53 - 00116176 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32security.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:17 - 00381752 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:53 - 00124880 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32file.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:17 - 00025424 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:53 - 00024016 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32clipboard.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:53 - 00175560 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32gui.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:53 - 00030160 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32pipe.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:53 - 00043472 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32process.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:53 - 00048592 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32service.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:53 - 00057808 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32evtlog.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:53 - 00024016 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32profile.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 00246592 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 00026456 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:52 - 00241104 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\_jpegtran.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 00020280 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:53 - 00028616 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32ts.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:17 - 00020800 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:17 - 00019776 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:17 - 00020800 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:17 - 00023376 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:53 - 00350152 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winxpgui.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:17 - 00022352 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 00024392 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:49 - 00036296 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\librsync.dll</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 00084280 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 01826096 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:51 - 00083912 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\sip.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 00531248 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:17 - 03928880 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 01972528 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 00133424 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 00224056 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 00207672 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:17 - 00020288 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:56 - 00017864 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\libEGL.dll</p><p>2016-12-02 00:19 - 2016-10-28 15:56 - 01631184 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\libGLESv2.dll</p><p>2016-12-02 00:19 - 2016-10-28 15:56 - 14419408 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\opengl32sw.dll</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 00042808 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 00168760 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 00357680 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd</p><p>2016-12-02 00:19 - 2016-10-28 15:53 - 00060880 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32print.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:17 - 00024904 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd</p><p>2016-12-02 00:19 - 2016-11-28 06:16 - 00546096 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd</p><p>2016-12-06 16:38 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll</p><p>2016-12-06 16:38 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll</p><p></p><p>==================== Alternate Data Streams (Whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the ADS will be removed.)</p><p></p><p></p><p>==================== Safe Mode (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)</p><p></p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"</p><p>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"</p><p></p><p>==================== Association (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed.)</p><p></p><p></p><p>==================== Internet Explorer trusted/restricted ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry.)</p><p></p><p></p><p>==================== Hosts content: ===============================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2009-07-13 18:04 - 2009-06-10 13:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts</p><p></p><p></p><p>==================== Other Areas ============================</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKU\S-1-5-21-899527790-1624991411-125816496-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg</p><p>DNS Servers: 137.82.1.2 - 142.103.1.42</p><p>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)</p><p>Windows Firewall is enabled.</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p></p><p></p><p>==================== FirewallRules (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>FirewallRules: [{BC832D4C-AB84-4B86-B49E-64291051C321}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe</p><p>FirewallRules: [{A7EEBE7C-5E87-4407-9B09-4CBC9DF61983}] => C:\Program Files\WiLife Command Center\Werks.exe</p><p>FirewallRules: [{D4D667B4-0B30-4E71-8359-DF65CF87C03D}] => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe</p><p>FirewallRules: [{1D94917A-1BD0-4EB1-8DA3-1413460E4AAA}] => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe</p><p>FirewallRules: [TCP Query User{A7114956-9EC4-4DCA-9126-428726C8615F}C:\users\ann-margaret\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\ann-margaret\appdata\roaming\dropbox\bin\dropbox.exe</p><p>FirewallRules: [UDP Query User{23B4D86E-6B08-4386-8B2F-A94C6F81E0E5}C:\users\ann-margaret\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\ann-margaret\appdata\roaming\dropbox\bin\dropbox.exe</p><p>FirewallRules: [{2F1FEA04-1914-41DF-A97E-0513AA8A02B8}] => C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe</p><p>FirewallRules: [{D8019906-FA39-4F60-9125-B52E0C12CA34}] => C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe</p><p>FirewallRules: [{37C212E1-048D-4DA8-83C0-E3625641CAD7}] => C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe</p><p>FirewallRules: [{AAFF564B-E8EE-4A5A-9466-C0BEE1018FC5}] => C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe</p><p>FirewallRules: [{3B50D008-EB9D-4ED4-B2A2-C0B5F33D4733}] => C:\Program Files\TeamViewer\Version9\TeamViewer.exe</p><p>FirewallRules: [{3DCD3780-15C4-4787-AE62-C8C8D4620110}] => C:\Program Files\TeamViewer\Version9\TeamViewer.exe</p><p>FirewallRules: [{BF3E7FB3-D46E-4210-A653-E44A0A97DF77}] => C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe</p><p>FirewallRules: [{87F358F7-8A81-459A-A4EE-3BEDC41ECA1E}] => C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe</p><p>FirewallRules: [{89CD8D93-B367-4619-B411-EA0D0D5CA044}] => C:\Program Files\Skype\Phone\Skype.exe</p><p></p><p>==================== Restore Points =========================</p><p></p><p>13-07-2015 15:39:06 Scheduled Checkpoint</p><p>24-08-2015 11:10:00 Scheduled Checkpoint</p><p>23-09-2015 10:55:54 Scheduled Checkpoint</p><p>06-12-2016 15:47:12 Checkpoint by HitmanPro</p><p>06-12-2016 15:49:12 Checkpoint by HitmanPro</p><p>07-12-2016 09:35:25 Checkpoint by HitmanPro</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (12/09/2016 08:31:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )</p><p>Description: Failed extract of third-party root list from auto update cab at: <<a href="http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>" target="_blank">http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab></a> with error: The data is invalid.</p><p>.</p><p></p><p>Error: (12/09/2016 08:31:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )</p><p>Description: Failed extract of third-party root list from auto update cab at: <<a href="http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>" target="_blank">http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab></a> with error: The data is invalid.</p><p>.</p><p></p><p>Error: (12/09/2016 08:31:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )</p><p>Description: Failed extract of third-party root list from auto update cab at: <<a href="http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>" target="_blank">http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab></a> with error: The data is invalid.</p><p>.</p><p></p><p>Error: (12/09/2016 08:31:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )</p><p>Description: Failed extract of third-party root list from auto update cab at: <<a href="http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>" target="_blank">http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab></a> with error: The data is invalid.</p><p>.</p><p></p><p>Error: (12/09/2016 08:30:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )</p><p>Description: Failed extract of third-party root list from auto update cab at: <<a href="http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>" target="_blank">http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab></a> with error: The data is invalid.</p><p>.</p><p></p><p>Error: (12/09/2016 08:30:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )</p><p>Description: Failed extract of third-party root list from auto update cab at: <<a href="http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>" target="_blank">http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab></a> with error: The data is invalid.</p><p>.</p><p></p><p>Error: (12/09/2016 08:30:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )</p><p>Description: Failed extract of third-party root list from auto update cab at: <<a href="http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>" target="_blank">http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab></a> with error: The data is invalid.</p><p>.</p><p></p><p>Error: (12/09/2016 08:30:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )</p><p>Description: Failed extract of third-party root list from auto update cab at: <<a href="http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>" target="_blank">http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab></a> with error: The data is invalid.</p><p>.</p><p></p><p>Error: (12/09/2016 08:30:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )</p><p>Description: Failed extract of third-party root list from auto update cab at: <<a href="http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>" target="_blank">http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab></a> with error: The data is invalid.</p><p>.</p><p></p><p>Error: (12/09/2016 08:30:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )</p><p>Description: Failed extract of third-party root list from auto update cab at: <<a href="http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>" target="_blank">http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab></a> with error: The data is invalid.</p><p>.</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (12/08/2016 03:21:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )</p><p>Description: The Windows Modules Installer service failed to start due to the following error: </p><p>The service did not start due to a logon failure.</p><p></p><p>Error: (12/08/2016 03:21:55 PM) (Source: Service Control Manager) (EventID: 7038) (User: )</p><p>Description: The TrustedInstaller service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: </p><p>The request is not supported.</p><p></p><p></p><p>To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).</p><p></p><p>Error: (12/08/2016 03:20:24 PM) (Source: Service Control Manager) (EventID: 7032) (User: )</p><p>Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: </p><p>An instance of the service is already running.</p><p></p><p>Error: (12/08/2016 03:19:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )</p><p>Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.</p><p></p><p>Error: (12/08/2016 03:19:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )</p><p>Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.</p><p></p><p>Error: (12/08/2016 03:19:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p>Description: The Com4QLBEx service terminated unexpectedly. It has done this 1 time(s).</p><p></p><p>Error: (12/08/2016 03:19:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )</p><p>Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.</p><p></p><p>Error: (12/08/2016 03:19:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p>Description: The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).</p><p></p><p>Error: (12/08/2016 03:19:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p>Description: The XAudioService service terminated unexpectedly. It has done this 1 time(s).</p><p></p><p>Error: (12/08/2016 03:19:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )</p><p>Description: The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Processor: Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz</p><p>Percentage of memory in use: 73%</p><p>Total physical RAM: 2038.05 MB</p><p>Available physical RAM: 543.48 MB</p><p>Total Virtual: 4076.11 MB</p><p>Available Virtual: 2581.41 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:142.59 GB) (Free:63.87 GB) NTFS ==>[drive with boot components (obtained from BCD)]</p><p>Drive d: (HP_RECOVERY) (Fixed) (Total:6.46 GB) (Free:0.76 GB) NTFS ==>[system with boot components (obtained from drive)]</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: E978F772)</p><p>Partition 1: (Active) - (Size=142.6 GB) - (Type=07 NTFS)</p><p>Partition 2: (Not Active) - (Size=6.5 GB) - (Type=07 NTFS)</p><p></p><p>==================== End of Addition.txt ============================</p></blockquote><p></p>
[QUOTE="Susan Mah, post: 574695, member: 57583"] There was no fixlist.txt but I have done a scan with the FarBar Recovery Tool. Below are FRST.txt and Addition.txt files. Would this help? Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016 Ran by Ann-Margaret (administrator) on ANN-MARGARET-PC (07-12-2016 11:34:26) Running from C:\Users\Ann-Margaret\Downloads Loaded Profiles: Ann-Margaret (Available Profiles: Ann-Margaret) Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe (Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe () C:\Program Files\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe (PC Drivers Headquarters) C:\Program Files\Driver Support\Driver Support\DriverSupport.exe (TomTom) C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe (Dropbox, Inc.) C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\CSP\1.5.495.0\McCSPServiceHost.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McChHost.exe (McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe (Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.) HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-10] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.) HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [582288 2015-09-03] (McAfee, Inc.) HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [563200 2015-04-02] (McAfee, Inc.) HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Run: [Google Update] => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-08] (Google Inc.) HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Run: [Driver Support] => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [4785504 2014-05-07] (PC Drivers Headquarters) HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Run: [Dropbox Update] => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-02] (Dropbox, Inc.) HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe [1917832 2015-06-04] (TomTom) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.) Startup: C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-12-02] ShortcutTarget: Dropbox.lnk -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-02-15] ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-899527790-1624991411-125816496-1000] => http=127.0.0.1:49498;https=127.0.0.1:49498 AutoConfigURL: [S-1-5-21-899527790-1624991411-125816496-1000] => http=127.0.0.1:49498;https=127.0.0.1:49498 Tcpip\Parameters: [DhcpNameServer] 137.82.1.2 142.103.1.42 Tcpip\..\Interfaces\{40E5ADB9-F95D-48F1-9D58-362DFAAA4399}: [DhcpNameServer] 137.82.1.2 142.103.1.42 Tcpip\..\Interfaces\{A3C2AEF2-0C06-4432-99C6-548D8DF2E365}: [DhcpNameServer] 216.57.207.18 216.57.207.19 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://[URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/URL] HKU\S-1-5-21-899527790-1624991411-125816496-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://[URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"]www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch[/URL] HKU\S-1-5-21-899527790-1624991411-125816496-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-899527790-1624991411-125816496-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?rd=1 HKU\S-1-5-21-899527790-1624991411-125816496-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://[URL="http://www.youtube.com/results?search_query=jonalyn+viray+la+diva++philippines+2014"]www.youtube.com/results?search_query=jonalyn+viray+la+diva++philippines+2014[/URL] hxxps://ca.yahoo.com/?p=us URLSearchHook: HKU\S-1-5-21-899527790-1624991411-125816496-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) SearchScopes: HKU\S-1-5-21-899527790-1624991411-125816496-1000 -> DefaultScope {6CCE3E8C-05E3-4E6B-99D6-5DF6CF78BF54} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US876D20140828&p={searchTerms} SearchScopes: HKU\S-1-5-21-899527790-1624991411-125816496-1000 -> {0499BC2B-7A6A-4571-BDEB-53A451B5E889} URL = hxxp://websearch.shaw.ca/shaw/ws/results/Web/{SearchTerms}/1/417/TopNavigation/Relevance/iq=true/zoom=off/_iceUrlFlag=7?_IceUrl=true&ua=ie-tb-cd SearchScopes: HKU\S-1-5-21-899527790-1624991411-125816496-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-899527790-1624991411-125816496-1000 -> {6CCE3E8C-05E3-4E6B-99D6-5DF6CF78BF54} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US876D20140828&p={searchTerms} BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10] (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-22] (Oracle Corporation) BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-01] (Skype Technologies S.A.) BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-22] (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.) Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.) Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-01] (Skype Technologies S.A.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-09-03] (McAfee, Inc.) FireFox: ======== FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi FF Extension: (McAfee WebAdvisor) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2016-12-06] FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-03-28] [not signed] FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-10-22] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-10-22] (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-03] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll [2010-09-16] ( Microsoft Corporation) FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ann-Margaret\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-12] (Citrix Online) FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ann-Margaret\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @talk.google.com/O1DPlugin -> C:\Users\Ann-Margaret\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.) FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Ann-Margaret\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\Ann-Margaret\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) Chrome: ======= CHR DefaultProfile: Default CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=B211US876D20140828&p={searchTerms} CHR DefaultSearchKeyword: Default -> mcafee CHR Profile: C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default [2016-12-07] CHR Extension: (SiteAdvisor) - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-17] CHR Extension: (Skype) - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-12-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-06] CHR Extension: (Chrome Media Router) - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-06] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2016-03-28] CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-07-01] StartMenuInternet: Google Chrome - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.) R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2016-02-12] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [691968 2015-09-03] (McAfee, Inc.) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [180064 2015-06-04] (McAfee, Inc.) R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.) R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [481336 2015-04-09] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.) R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-02-17] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [334576 2015-04-06] (McAfee, Inc.) R2 mfevtp; C:\Windows\system32\mfevtps.exe [238288 2015-02-17] (McAfee, Inc.) R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 A_USBETHMP; C:\Windows\System32\Drivers\usbethmp.sys [14342 2009-07-09] (Intellon Corporation) R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61848 2015-02-17] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [304928 2015-02-17] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [260248 2015-02-17] (McAfee, Inc.) R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [82800 2015-02-17] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371648 2015-02-17] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-02-17] (McAfee, Inc.) R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [380496 2015-01-16] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80760 2015-01-16] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217584 2015-02-17] (McAfee, Inc.) S3 WLRAWMp50x86; C:\Windows\System32\Drivers\WLRAWMp50x86.sys [28312 2009-07-09] (Logitech, Inc.) S3 WLRAWSp50x86; C:\Windows\System32\Drivers\WLRAWSp50x86.sys [27032 2009-07-09] (Logitech, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-07 11:34 - 2016-12-07 11:34 - 00018034 _____ C:\Users\Ann-Margaret\Downloads\FRST.txt 2016-12-07 11:33 - 2016-12-07 11:34 - 00000000 ____D C:\FRST 2016-12-07 11:32 - 2016-12-07 11:32 - 01761792 _____ (Farbar) C:\Users\Ann-Margaret\Downloads\FRST.exe 2016-12-07 10:48 - 2016-12-07 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2016-12-06 16:32 - 2016-12-06 16:35 - 268555280 _____ C:\Users\Ann-Margaret\Downloads\EmsisoftEmergencyKit.exe 2016-12-06 16:25 - 2016-12-07 10:40 - 00000000 ____D C:\EEK 2016-12-06 15:49 - 2016-12-06 15:49 - 00001142 _____ C:\Windows\system32\.crusader 2016-12-06 15:38 - 2016-12-06 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2016-12-06 15:38 - 2016-12-06 15:38 - 00000000 ____D C:\Program Files\HitmanPro 2016-12-06 15:17 - 2016-12-06 15:49 - 00000000 ____D C:\ProgramData\HitmanPro 2016-12-02 00:19 - 2016-12-02 00:19 - 00000000 ____D C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-07 11:30 - 2013-03-11 21:36 - 00000000 ___RD C:\Users\Ann-Margaret\Dropbox 2016-12-07 11:22 - 2013-03-11 21:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-12-07 11:17 - 2010-11-16 21:43 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA.job 2016-12-07 11:07 - 2015-07-07 19:34 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA.job 2016-12-07 11:01 - 2009-07-13 20:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-07 11:01 - 2009-07-13 20:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-07 10:42 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-07 10:41 - 2015-01-12 07:32 - 00000604 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-899527790-1624991411-125816496-1000.job 2016-12-07 10:23 - 2015-07-17 04:35 - 00000700 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-899527790-1624991411-125816496-1000.job 2016-12-07 09:37 - 2015-01-07 20:41 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-12-07 08:05 - 2016-05-05 21:22 - 00920500 _____ C:\Windows\system32\PerfStringBackup.INI 2016-12-07 08:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf 2016-12-06 15:19 - 2013-07-28 13:03 - 00000000 ____D C:\ProgramData\McAfee 2016-12-02 00:31 - 2010-11-17 19:11 - 00000000 ____D C:\New folder 2016-12-02 00:23 - 2010-11-16 22:00 - 00002406 _____ C:\Users\Ann-Margaret\Desktop\Google Chrome.lnk 2016-12-02 00:23 - 2010-11-16 21:56 - 00002414 _____ C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-02 00:22 - 2013-03-11 21:32 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2016-12-02 00:22 - 2013-03-11 21:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2016-12-02 00:22 - 2010-11-16 21:36 - 00000000 ____D C:\Windows\system32\Macromed 2016-12-02 00:20 - 2013-03-11 21:30 - 00000000 ____D C:\Users\Ann-Margaret\AppData\Roaming\Dropbox 2016-12-02 00:18 - 2010-11-16 21:43 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core.job 2016-12-02 00:13 - 2015-07-07 19:34 - 00000000 ____D C:\Users\Ann-Margaret\AppData\Local\Dropbox 2016-12-02 00:05 - 2015-07-07 19:34 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core.job ==================== Files in the root of some directories ======= 2010-11-16 22:20 - 2010-11-16 22:20 - 0000000 _____ () C:\Users\Ann-Margaret\AppData\Local\AtStart.txt 2010-11-16 22:20 - 2010-11-16 22:20 - 0000000 _____ () C:\Users\Ann-Margaret\AppData\Local\DSwitch.txt 2010-11-16 22:20 - 2010-11-16 22:20 - 0000000 _____ () C:\Users\Ann-Margaret\AppData\Local\QSwitch.txt Some files in TEMP: ==================== C:\Users\Ann-Margaret\AppData\Local\Temp\air1B54.exe C:\Users\Ann-Margaret\AppData\Local\Temp\air40A9.exe C:\Users\Ann-Margaret\AppData\Local\Temp\air8F37.exe C:\Users\Ann-Margaret\AppData\Local\Temp\CitrixOnlineLauncher.exe C:\Users\Ann-Margaret\AppData\Local\Temp\DD80_TeamViewer_Setup_en.exe C:\Users\Ann-Margaret\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7tihfw.dll C:\Users\Ann-Margaret\AppData\Local\Temp\ose00000.exe C:\Users\Ann-Margaret\AppData\Local\Temp\ose00001.exe C:\Users\Ann-Margaret\AppData\Local\Temp\SkypeSetup.exe C:\Users\Ann-Margaret\AppData\Local\Temp\yopw-2xv.dll C:\Users\Ann-Margaret\AppData\Local\Temp\zjtw59kz.dll C:\Users\Ann-Margaret\AppData\Local\Temp\_is5F8.exe C:\Users\Ann-Margaret\AppData\Local\Temp\{C433DE69-E21F-49EE-9B8F-561C337E0397}-DropboxClient_3.20.1.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-02-08 01:19 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-12-2016 Ran by Ann-Margaret (09-12-2016 08:34:37) Running from C:\Users\Ann-Margaret\Downloads Microsoft Windows 7 Ultimate (X86) (2010-11-17 05:09:32) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-899527790-1624991411-125816496-500 - Administrator - Disabled) Ann-Margaret (S-1-5-21-899527790-1624991411-125816496-1000 - Administrator - Enabled) => C:\Users\Ann-Margaret Guest (S-1-5-21-899527790-1624991411-125816496-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-899527790-1624991411-125816496-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated) Adobe Reader X (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated) Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.3 - Broadcom Corporation) Citrix Online Launcher (HKLM\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix) Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: - ) Dropbox (HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Dropbox) (Version: 15.4.22 - Dropbox, Inc.) Google Chrome (HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.) Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) GoToMeeting 7.3.0.3499 (HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\GoToMeeting) (Version: 7.3.0.3499 - CitrixOnline) HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: - ) HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.) HP Pavilion Webcam Driver for Vista v061.001.00006 (HKLM\...\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}) (Version: 061.001.00006 - Chicony) HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.5.1 - Hewlett-Packard) Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation) Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: - ) Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) McAfee SecurityCenter (HKLM\...\MSC) (Version: 14.0.1127 - McAfee, Inc.) McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.290 - McAfee, Inc.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50917.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) MyDriveConnect 4.0.3.2180 (HKLM\...\MyDriveConnect) (Version: 4.0.3.2180 - TomTom) QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH) Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.5.7896 - Skype Technologies S.A.) Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics) TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer) Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) WiLife Command Center 2.5 (HKLM\...\{49143692-9C1E-4D35-8A82-9BE0378846CB}) (Version: 2.5.968 - WiLife) WiLife Command Center 2.5 (Version: 2.5.968 - WiLife) Hidden WiLife Command Center USB Driver x86 (Version: 2.5.0000 - Logitech) Hidden Windows Driver Package - Dibcom (MODBDA2) Media (07/25/2006 1.0.0.15) (HKLM\...\F5181EF8C578455A008679430DF657AC907C67A5) (Version: 07/25/2006 1.0.0.15 - Dibcom) Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - ) WizeFeed 2.1.5 (HKLM\...\W1Z3F33D-CD0C-4AC4-86B4-X11E5511AA18_is1) (Version: 2.1.0.5 - GlobalTec Solutions, LLP) Wizetrade® Stocks (HKLM\...\W1Z3T4D3-L00K-1T1Z-H3R3-UN1NST4LLTH3_is1) (Version: 2.1.2.1 - The Wizetrade Group, LLP) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\2128\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08CF8986-421E-4E08-A8FB-5EC245BC9BDB} - System32\Tasks\{634ABF9A-CD5F-40C0-8071-213B12689A16} => pcalua.exe -a F:\sp34464.exe -d F:\ Task: {18F5657D-1AFC-4731-AA1B-92EBA3D57E04} - System32\Tasks\{C041C7E4-6707-4FD6-B67C-BC0030D1A897} => pcalua.exe -a "C:\Program Files\HP DVB-T TV Tuner\DPInst_Setup.exe" -d "C:\Program Files\HP DVB-T TV Tuner" Task: {23CFAB43-EF49-434D-B4A2-C2918932156C} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-05-07] (PC Drivers Headquarters) Task: {26E4F7F8-09CA-4155-ABB2-AD5E3C6F6E47} - System32\Tasks\{715AD13E-9F51-434E-8CFC-1333EFD7637C} => C:\Program Files\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.) Task: {29D8BBC9-212A-44CF-BB94-15B7FC8D1547} - System32\Tasks\{162116ED-57CD-489A-A837-16A07798E133} => C:\Program Files\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.) Task: {3ADB4070-6A96-4D4F-941D-04560B50DC2B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-02] (Adobe Systems Incorporated) Task: {4E96B8E7-7D3D-4356-98A7-AB845C07AD22} - System32\Tasks\G2MUpdateTask-S-1-5-21-899527790-1624991411-125816496-1000 => C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe [2015-09-23] (Citrix Online, a division of Citrix Systems, Inc.) Task: {4F8849C9-37C3-4C64-B032-528D37D0285E} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-05-07] (PC Drivers Headquarters) Task: {52043947-E06F-4634-BF86-C14AB4156BDE} - System32\Tasks\G2MUploadTask-S-1-5-21-899527790-1624991411-125816496-1000 => C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe [2015-09-23] (Citrix Online, a division of Citrix Systems, Inc.) Task: {6F29A5D4-7C1D-414B-97DB-E60A84912DA5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.) Task: {72A23ED5-9688-4896-A0F0-A43DD02AA28B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.) Task: {7F3D7E16-48E4-4B85-A3F1-B8114BEE9D56} - System32\Tasks\{412F4DBB-02B5-44CF-B6FD-6BC3AE17134D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain Task: {8706BF7C-DE59-477A-B491-1DC0B96CA9E1} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-12-02] (Dropbox, Inc.) Task: {AD756287-CDEE-4644-A19B-55CA811CAA41} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-05-07] (PC Drivers Headquarters) Task: {B33132E4-C0D6-49C3-AD61-4571CE1B01D8} - System32\Tasks\{0F655E5E-61E8-4C84-BD76-78BAE26B8642} => pcalua.exe -a F:\sp35850.exe -d F:\ Task: {ED5E14BD-A59B-4D91-BB45-ADFE321BEBB4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.) Task: {FC6C5B43-9168-4863-A9A9-9B9E256F648C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-12-02] (Dropbox, Inc.) Task: {FC6E8327-A7D7-42BC-9553-5C68E344A101} - System32\Tasks\Reg Pro Cleaner => (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core.job => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA.job => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-899527790-1624991411-125816496-1000.job => C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-899527790-1624991411-125816496-1000.job => C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core.job => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA.job => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2014-09-10 19:46 - 2014-08-13 02:50 - 04047328 _____ () C:\Program Files\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe 2014-05-07 12:31 - 2014-05-07 12:31 - 00428424 _____ () C:\Program Files\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll 2016-12-02 00:19 - 2016-10-28 15:50 - 00035792 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2016-12-02 00:19 - 2016-10-28 15:50 - 00145864 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2016-12-02 00:19 - 2016-10-28 15:51 - 00019408 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2016-12-02 00:19 - 2016-10-28 15:50 - 00116688 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2016-12-02 00:19 - 2016-10-28 15:50 - 00100296 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2016-12-02 00:19 - 2016-10-28 15:50 - 00018888 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\select.pyd 2016-12-02 00:19 - 2016-11-28 06:17 - 00019760 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2016-12-02 00:19 - 2016-10-28 15:50 - 00694224 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2016-12-02 00:19 - 2016-11-28 06:16 - 00020816 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2016-12-02 00:19 - 2016-10-28 15:51 - 00123856 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2016-12-02 00:19 - 2016-11-28 06:16 - 01682760 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2016-12-02 00:19 - 2016-11-28 06:16 - 00020808 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2016-12-02 00:19 - 2016-10-28 15:53 - 00105928 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32api.pyd 2016-12-02 00:19 - 2016-11-28 06:17 - 00021312 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd 2016-12-02 00:19 - 2016-11-28 06:16 - 00052024 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2016-12-02 00:19 - 2016-11-28 06:16 - 00038696 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\fastpath.pyd 2016-12-02 00:19 - 2016-10-28 15:50 - 00392144 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2016-12-02 00:19 - 2016-10-28 15:53 - 00020936 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2016-12-02 00:19 - 2016-10-28 15:53 - 00024528 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32event.pyd 2016-12-02 00:19 - 2016-10-28 15:53 - 00116176 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32security.pyd 2016-12-02 00:19 - 2016-11-28 06:17 - 00381752 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2016-12-02 00:19 - 2016-10-28 15:53 - 00124880 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32file.pyd 2016-12-02 00:19 - 2016-11-28 06:17 - 00025424 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd 2016-12-02 00:19 - 2016-10-28 15:53 - 00024016 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2016-12-02 00:19 - 2016-10-28 15:53 - 00175560 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32gui.pyd 2016-12-02 00:19 - 2016-10-28 15:53 - 00030160 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2016-12-02 00:19 - 2016-10-28 15:53 - 00043472 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32process.pyd 2016-12-02 00:19 - 2016-10-28 15:53 - 00048592 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32service.pyd 2016-12-02 00:19 - 2016-10-28 15:53 - 00057808 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32evtlog.pyd 2016-12-02 00:19 - 2016-10-28 15:53 - 00024016 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32profile.pyd 2016-12-02 00:19 - 2016-11-28 06:16 - 00246592 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2016-12-02 00:19 - 2016-11-28 06:16 - 00026456 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2016-12-02 00:19 - 2016-10-28 15:52 - 00241104 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\_jpegtran.pyd 2016-12-02 00:19 - 2016-11-28 06:16 - 00020280 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2016-12-02 00:19 - 2016-10-28 15:53 - 00028616 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32ts.pyd 2016-12-02 00:19 - 2016-11-28 06:17 - 00020800 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd 2016-12-02 00:19 - 2016-11-28 06:17 - 00019776 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd 2016-12-02 00:19 - 2016-11-28 06:17 - 00020800 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd 2016-12-02 00:19 - 2016-11-28 06:17 - 00023376 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2016-12-02 00:19 - 2016-10-28 15:53 - 00350152 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2016-12-02 00:19 - 2016-11-28 06:17 - 00022352 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd 2016-12-02 00:19 - 2016-11-28 06:16 - 00024392 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2016-12-02 00:19 - 2016-10-28 15:49 - 00036296 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\librsync.dll 2016-12-02 00:19 - 2016-11-28 06:16 - 00084280 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2016-12-02 00:19 - 2016-11-28 06:16 - 01826096 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2016-12-02 00:19 - 2016-10-28 15:51 - 00083912 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\sip.pyd 2016-12-02 00:19 - 2016-11-28 06:16 - 00531248 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2016-12-02 00:19 - 2016-11-28 06:17 - 03928880 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2016-12-02 00:19 - 2016-11-28 06:16 - 01972528 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2016-12-02 00:19 - 2016-11-28 06:16 - 00133424 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2016-12-02 00:19 - 2016-11-28 06:16 - 00224056 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2016-12-02 00:19 - 2016-11-28 06:16 - 00207672 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2016-12-02 00:19 - 2016-11-28 06:17 - 00020288 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd 2016-12-02 00:19 - 2016-10-28 15:56 - 00017864 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\libEGL.dll 2016-12-02 00:19 - 2016-10-28 15:56 - 01631184 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2016-12-02 00:19 - 2016-10-28 15:56 - 14419408 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\opengl32sw.dll 2016-12-02 00:19 - 2016-11-28 06:16 - 00042808 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd 2016-12-02 00:19 - 2016-11-28 06:16 - 00168760 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd 2016-12-02 00:19 - 2016-11-28 06:16 - 00357680 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2016-12-02 00:19 - 2016-10-28 15:53 - 00060880 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32print.pyd 2016-12-02 00:19 - 2016-11-28 06:17 - 00024904 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd 2016-12-02 00:19 - 2016-11-28 06:16 - 00546096 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2016-12-06 16:38 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll 2016-12-06 16:38 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 18:04 - 2009-06-10 13:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-899527790-1624991411-125816496-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 137.82.1.2 - 142.103.1.42 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{BC832D4C-AB84-4B86-B49E-64291051C321}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{A7EEBE7C-5E87-4407-9B09-4CBC9DF61983}] => C:\Program Files\WiLife Command Center\Werks.exe FirewallRules: [{D4D667B4-0B30-4E71-8359-DF65CF87C03D}] => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{1D94917A-1BD0-4EB1-8DA3-1413460E4AAA}] => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [TCP Query User{A7114956-9EC4-4DCA-9126-428726C8615F}C:\users\ann-margaret\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\ann-margaret\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{23B4D86E-6B08-4386-8B2F-A94C6F81E0E5}C:\users\ann-margaret\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\ann-margaret\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{2F1FEA04-1914-41DF-A97E-0513AA8A02B8}] => C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe FirewallRules: [{D8019906-FA39-4F60-9125-B52E0C12CA34}] => C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe FirewallRules: [{37C212E1-048D-4DA8-83C0-E3625641CAD7}] => C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{AAFF564B-E8EE-4A5A-9466-C0BEE1018FC5}] => C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe FirewallRules: [{3B50D008-EB9D-4ED4-B2A2-C0B5F33D4733}] => C:\Program Files\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{3DCD3780-15C4-4787-AE62-C8C8D4620110}] => C:\Program Files\TeamViewer\Version9\TeamViewer.exe FirewallRules: [{BF3E7FB3-D46E-4210-A653-E44A0A97DF77}] => C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{87F358F7-8A81-459A-A4EE-3BEDC41ECA1E}] => C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe FirewallRules: [{89CD8D93-B367-4619-B411-EA0D0D5CA044}] => C:\Program Files\Skype\Phone\Skype.exe ==================== Restore Points ========================= 13-07-2015 15:39:06 Scheduled Checkpoint 24-08-2015 11:10:00 Scheduled Checkpoint 23-09-2015 10:55:54 Scheduled Checkpoint 06-12-2016 15:47:12 Checkpoint by HitmanPro 06-12-2016 15:49:12 Checkpoint by HitmanPro 07-12-2016 09:35:25 Checkpoint by HitmanPro ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/09/2016 08:31:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <[URL]http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>[/URL] with error: The data is invalid. . Error: (12/09/2016 08:31:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <[URL]http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>[/URL] with error: The data is invalid. . Error: (12/09/2016 08:31:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <[URL]http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>[/URL] with error: The data is invalid. . Error: (12/09/2016 08:31:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <[URL]http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>[/URL] with error: The data is invalid. . Error: (12/09/2016 08:30:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <[URL]http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>[/URL] with error: The data is invalid. . Error: (12/09/2016 08:30:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <[URL]http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>[/URL] with error: The data is invalid. . Error: (12/09/2016 08:30:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <[URL]http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>[/URL] with error: The data is invalid. . Error: (12/09/2016 08:30:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <[URL]http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>[/URL] with error: The data is invalid. . Error: (12/09/2016 08:30:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <[URL]http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>[/URL] with error: The data is invalid. . Error: (12/09/2016 08:30:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: ) Description: Failed extract of third-party root list from auto update cab at: <[URL]http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>[/URL] with error: The data is invalid. . System errors: ============= Error: (12/08/2016 03:21:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Modules Installer service failed to start due to the following error: The service did not start due to a logon failure. Error: (12/08/2016 03:21:55 PM) (Source: Service Control Manager) (EventID: 7038) (User: ) Description: The TrustedInstaller service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). Error: (12/08/2016 03:20:24 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. Error: (12/08/2016 03:19:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (12/08/2016 03:19:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (12/08/2016 03:19:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Com4QLBEx service terminated unexpectedly. It has done this 1 time(s). Error: (12/08/2016 03:19:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (12/08/2016 03:19:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The hpqwmiex service terminated unexpectedly. It has done this 1 time(s). Error: (12/08/2016 03:19:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The XAudioService service terminated unexpectedly. It has done this 1 time(s). Error: (12/08/2016 03:19:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s). ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz Percentage of memory in use: 73% Total physical RAM: 2038.05 MB Available physical RAM: 543.48 MB Total Virtual: 4076.11 MB Available Virtual: 2581.41 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:142.59 GB) (Free:63.87 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (HP_RECOVERY) (Fixed) (Total:6.46 GB) (Free:0.76 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: E978F772) Partition 1: (Active) - (Size=142.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=6.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top