Solved Unable to remove RegClean Pro window

[Susan Mah]

can result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016
Ran by Ann-Margaret (administrator) on ANN-MARGARET-PC (07-12-2016 11:34:26)
Running from C:\Users\Ann-Margaret\Downloads
Loaded Profiles: Ann-Margaret (Available Profiles: Ann-Margaret)
Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
() C:\Program Files\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(PC Drivers Headquarters) C:\Program Files\Driver Support\Driver Support\DriverSupport.exe
(TomTom) C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe
(Dropbox, Inc.) C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\CSP\1.5.495.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [582288 2015-09-03] (McAfee, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [563200 2015-04-02] (McAfee, Inc.)
HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Run: [Google Update] => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-08] (Google Inc.)
HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Run: [Driver Support] => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [4785504 2014-05-07] (PC Drivers Headquarters)
HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Run: [Dropbox Update] => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-02] (Dropbox, Inc.)
HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe [1917832 2015-06-04] (TomTom)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
Startup: C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-12-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-02-15]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-899527790-1624991411-125816496-1000] => http=127.0.0.1:49498;https=127.0.0.1:49498
AutoConfigURL: [S-1-5-21-899527790-1624991411-125816496-1000] => http=127.0.0.1:49498;https=127.0.0.1:49498
Tcpip\Parameters: [DhcpNameServer] 137.82.1.2 142.103.1.42
Tcpip\..\Interfaces\{40E5ADB9-F95D-48F1-9D58-362DFAAA4399}: [DhcpNameServer] 137.82.1.2 142.103.1.42
Tcpip\..\Interfaces\{A3C2AEF2-0C06-4432-99C6-548D8DF2E365}: [DhcpNameServer] 216.57.207.18 216.57.207.19

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-899527790-1624991411-125816496-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-899527790-1624991411-125816496-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-899527790-1624991411-125816496-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?rd=1
HKU\S-1-5-21-899527790-1624991411-125816496-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.youtube.com/results?search_query=jonalyn+viray+la+diva++philippines+2014
hxxps://ca.yahoo.com/?p=us
URLSearchHook: HKU\S-1-5-21-899527790-1624991411-125816496-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKU\S-1-5-21-899527790-1624991411-125816496-1000 -> DefaultScope {6CCE3E8C-05E3-4E6B-99D6-5DF6CF78BF54} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US876D20140828&p={searchTerms}
SearchScopes: HKU\S-1-5-21-899527790-1624991411-125816496-1000 -> {0499BC2B-7A6A-4571-BDEB-53A451B5E889} URL = hxxp://websearch.shaw.ca/shaw/ws/results/Web/{SearchTerms}/1/417/TopNavigation/Relevance/iq=true/zoom=off/_iceUrlFlag=7?_IceUrl=true&ua=ie-tb-cd
SearchScopes: HKU\S-1-5-21-899527790-1624991411-125816496-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-899527790-1624991411-125816496-1000 -> {6CCE3E8C-05E3-4E6B-99D6-5DF6CF78BF54} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US876D20140828&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-22] (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-01] (Skype Technologies S.A.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-22] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-01] (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-09-03] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2016-12-06]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-03-28] [not signed]
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-10-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-10-22] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-03] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll [2010-09-16] ( Microsoft Corporation)
FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ann-Margaret\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ann-Margaret\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @talk.google.com/O1DPlugin -> C:\Users\Ann-Margaret\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ann-Margaret\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ann-Margaret\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=B211US876D20140828&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default [2016-12-07]
CHR Extension: (SiteAdvisor) - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-17]
CHR Extension: (Skype) - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-12-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-06]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2016-03-28]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-07-01]
StartMenuInternet: Google Chrome - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2016-02-12] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [691968 2015-09-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [180064 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [481336 2015-04-09] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [334576 2015-04-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [238288 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 A_USBETHMP; C:\Windows\System32\Drivers\usbethmp.sys [14342 2009-07-09] (Intellon Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61848 2015-02-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [304928 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [260248 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [82800 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371648 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [380496 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80760 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217584 2015-02-17] (McAfee, Inc.)
S3 WLRAWMp50x86; C:\Windows\System32\Drivers\WLRAWMp50x86.sys [28312 2009-07-09] (Logitech, Inc.)
S3 WLRAWSp50x86; C:\Windows\System32\Drivers\WLRAWSp50x86.sys [27032 2009-07-09] (Logitech, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-07 11:34 - 2016-12-07 11:34 - 00018034 _____ C:\Users\Ann-Margaret\Downloads\FRST.txt
2016-12-07 11:33 - 2016-12-07 11:34 - 00000000 ____D C:\FRST
2016-12-07 11:32 - 2016-12-07 11:32 - 01761792 _____ (Farbar) C:\Users\Ann-Margaret\Downloads\FRST.exe
2016-12-07 10:48 - 2016-12-07 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-12-06 16:32 - 2016-12-06 16:35 - 268555280 _____ C:\Users\Ann-Margaret\Downloads\EmsisoftEmergencyKit.exe
2016-12-06 16:25 - 2016-12-07 10:40 - 00000000 ____D C:\EEK
2016-12-06 15:49 - 2016-12-06 15:49 - 00001142 _____ C:\Windows\system32\.crusader
2016-12-06 15:38 - 2016-12-06 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-12-06 15:38 - 2016-12-06 15:38 - 00000000 ____D C:\Program Files\HitmanPro
2016-12-06 15:17 - 2016-12-06 15:49 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-02 00:19 - 2016-12-02 00:19 - 00000000 ____D C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-07 11:30 - 2013-03-11 21:36 - 00000000 ___RD C:\Users\Ann-Margaret\Dropbox
2016-12-07 11:22 - 2013-03-11 21:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-07 11:17 - 2010-11-16 21:43 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA.job
2016-12-07 11:07 - 2015-07-07 19:34 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA.job
2016-12-07 11:01 - 2009-07-13 20:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-07 11:01 - 2009-07-13 20:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-07 10:42 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-07 10:41 - 2015-01-12 07:32 - 00000604 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-899527790-1624991411-125816496-1000.job
2016-12-07 10:23 - 2015-07-17 04:35 - 00000700 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-899527790-1624991411-125816496-1000.job
2016-12-07 09:37 - 2015-01-07 20:41 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-07 08:05 - 2016-05-05 21:22 - 00920500 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-07 08:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf
2016-12-06 15:19 - 2013-07-28 13:03 - 00000000 ____D C:\ProgramData\McAfee
2016-12-02 00:31 - 2010-11-17 19:11 - 00000000 ____D C:\New folder
2016-12-02 00:23 - 2010-11-16 22:00 - 00002406 _____ C:\Users\Ann-Margaret\Desktop\Google Chrome.lnk
2016-12-02 00:23 - 2010-11-16 21:56 - 00002414 _____ C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-02 00:22 - 2013-03-11 21:32 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-12-02 00:22 - 2013-03-11 21:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-12-02 00:22 - 2010-11-16 21:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-02 00:20 - 2013-03-11 21:30 - 00000000 ____D C:\Users\Ann-Margaret\AppData\Roaming\Dropbox
2016-12-02 00:18 - 2010-11-16 21:43 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core.job
2016-12-02 00:13 - 2015-07-07 19:34 - 00000000 ____D C:\Users\Ann-Margaret\AppData\Local\Dropbox
2016-12-02 00:05 - 2015-07-07 19:34 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core.job

==================== Files in the root of some directories =======

2010-11-16 22:20 - 2010-11-16 22:20 - 0000000 _____ () C:\Users\Ann-Margaret\AppData\Local\AtStart.txt
2010-11-16 22:20 - 2010-11-16 22:20 - 0000000 _____ () C:\Users\Ann-Margaret\AppData\Local\DSwitch.txt
2010-11-16 22:20 - 2010-11-16 22:20 - 0000000 _____ () C:\Users\Ann-Margaret\AppData\Local\QSwitch.txt

Some files in TEMP:
====================
C:\Users\Ann-Margaret\AppData\Local\Temp\air1B54.exe
C:\Users\Ann-Margaret\AppData\Local\Temp\air40A9.exe
C:\Users\Ann-Margaret\AppData\Local\Temp\air8F37.exe
C:\Users\Ann-Margaret\AppData\Local\Temp\CitrixOnlineLauncher.exe
C:\Users\Ann-Margaret\AppData\Local\Temp\DD80_TeamViewer_Setup_en.exe
C:\Users\Ann-Margaret\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7tihfw.dll
C:\Users\Ann-Margaret\AppData\Local\Temp\ose00000.exe
C:\Users\Ann-Margaret\AppData\Local\Temp\ose00001.exe
C:\Users\Ann-Margaret\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ann-Margaret\AppData\Local\Temp\yopw-2xv.dll
C:\Users\Ann-Margaret\AppData\Local\Temp\zjtw59kz.dll
C:\Users\Ann-Margaret\AppData\Local\Temp\_is5F8.exe
C:\Users\Ann-Margaret\AppData\Local\Temp\{C433DE69-E21F-49EE-9B8F-561C337E0397}-DropboxClient_3.20.1.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-08 01:19

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-12-2016
Ran by Ann-Margaret (07-12-2016 11:35:27)
Running from C:\Users\Ann-Margaret\Downloads
Microsoft Windows 7 Ultimate (X86) (2010-11-17 05:09:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-899527790-1624991411-125816496-500 - Administrator - Disabled)
Ann-Margaret (S-1-5-21-899527790-1624991411-125816496-1000 - Administrator - Enabled) => C:\Users\Ann-Margaret
Guest (S-1-5-21-899527790-1624991411-125816496-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-899527790-1624991411-125816496-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader X (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.3 - Broadcom Corporation)
Citrix Online Launcher (HKLM\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix)
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: - )
Driver Support (HKLM\...\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}) (Version: 8.1 - PC Drivers Headquarters, LP) <==== ATTENTION
Dropbox (HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Dropbox) (Version: 15.4.22 - Dropbox, Inc.)
Google Chrome (HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
GoToMeeting 7.3.0.3499 (HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\GoToMeeting) (Version: 7.3.0.3499 - CitrixOnline)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
HP Pavilion Webcam Driver for Vista v061.001.00006 (HKLM\...\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}) (Version: 061.001.00006 - Chicony)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.5.1 - Hewlett-Packard)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee SecurityCenter (HKLM\...\MSC) (Version: 14.0.1127 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.290 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50917.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
MyDriveConnect 4.0.3.2180 (HKLM\...\MyDriveConnect) (Version: 4.0.3.2180 - TomTom)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.5.7896 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
WiLife Command Center 2.5 (HKLM\...\{49143692-9C1E-4D35-8A82-9BE0378846CB}) (Version: 2.5.968 - WiLife)
WiLife Command Center 2.5 (Version: 2.5.968 - WiLife) Hidden
WiLife Command Center USB Driver x86 (Version: 2.5.0000 - Logitech) Hidden
Windows Driver Package - Dibcom (MODBDA2) Media (07/25/2006 1.0.0.15) (HKLM\...\F5181EF8C578455A008679430DF657AC907C67A5) (Version: 07/25/2006 1.0.0.15 - Dibcom)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
WizeFeed 2.1.5 (HKLM\...\W1Z3F33D-CD0C-4AC4-86B4-X11E5511AA18_is1) (Version: 2.1.0.5 - GlobalTec Solutions, LLP)
Wizetrade® Stocks (HKLM\...\W1Z3T4D3-L00K-1T1Z-H3R3-UN1NST4LLTH3_is1) (Version: 2.1.2.1 - The Wizetrade Group, LLP)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\2128\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08CF8986-421E-4E08-A8FB-5EC245BC9BDB} - System32\Tasks\{634ABF9A-CD5F-40C0-8071-213B12689A16} => pcalua.exe -a F:\sp34464.exe -d F:\
Task: {18F5657D-1AFC-4731-AA1B-92EBA3D57E04} - System32\Tasks\{C041C7E4-6707-4FD6-B67C-BC0030D1A897} => pcalua.exe -a "C:\Program Files\HP DVB-T TV Tuner\DPInst_Setup.exe" -d "C:\Program Files\HP DVB-T TV Tuner"
Task: {23CFAB43-EF49-434D-B4A2-C2918932156C} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-05-07] (PC Drivers Headquarters)
Task: {26E4F7F8-09CA-4155-ABB2-AD5E3C6F6E47} - System32\Tasks\{715AD13E-9F51-434E-8CFC-1333EFD7637C} => C:\Program Files\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {29D8BBC9-212A-44CF-BB94-15B7FC8D1547} - System32\Tasks\{162116ED-57CD-489A-A837-16A07798E133} => C:\Program Files\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {3ADB4070-6A96-4D4F-941D-04560B50DC2B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-02] (Adobe Systems Incorporated)
Task: {4E96B8E7-7D3D-4356-98A7-AB845C07AD22} - System32\Tasks\G2MUpdateTask-S-1-5-21-899527790-1624991411-125816496-1000 => C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe [2015-09-23] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4F8849C9-37C3-4C64-B032-528D37D0285E} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-05-07] (PC Drivers Headquarters)
Task: {52043947-E06F-4634-BF86-C14AB4156BDE} - System32\Tasks\G2MUploadTask-S-1-5-21-899527790-1624991411-125816496-1000 => C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe [2015-09-23] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6F29A5D4-7C1D-414B-97DB-E60A84912DA5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
Task: {72A23ED5-9688-4896-A0F0-A43DD02AA28B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {7F3D7E16-48E4-4B85-A3F1-B8114BEE9D56} - System32\Tasks\{412F4DBB-02B5-44CF-B6FD-6BC3AE17134D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain
Task: {8706BF7C-DE59-477A-B491-1DC0B96CA9E1} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-12-02] (Dropbox, Inc.)
Task: {AD756287-CDEE-4644-A19B-55CA811CAA41} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-05-07] (PC Drivers Headquarters)
Task: {B33132E4-C0D6-49C3-AD61-4571CE1B01D8} - System32\Tasks\{0F655E5E-61E8-4C84-BD76-78BAE26B8642} => pcalua.exe -a F:\sp35850.exe -d F:\
Task: {ED5E14BD-A59B-4D91-BB45-ADFE321BEBB4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {FC6C5B43-9168-4863-A9A9-9B9E256F648C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-12-02] (Dropbox, Inc.)
Task: {FC6E8327-A7D7-42BC-9553-5C68E344A101} - System32\Tasks\Reg Pro Cleaner =>

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core.job => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA.job => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-899527790-1624991411-125816496-1000.job => C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-899527790-1624991411-125816496-1000.job => C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core.job => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA.job => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-09-10 19:46 - 2014-08-13 02:50 - 04047328 _____ () C:\Program Files\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe
2014-05-07 12:31 - 2014-05-07 12:31 - 00428424 _____ () C:\Program Files\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll
2015-06-04 03:19 - 2015-06-04 03:19 - 00140288 _____ () C:\Program Files\MyDrive Connect\quazip.dll
2014-09-11 07:06 - 2014-09-11 07:06 - 00878592 _____ () C:\Program Files\MyDrive Connect\Plugins\platforms\qwindows.dll
2014-09-11 07:05 - 2014-09-11 07:05 - 00036352 _____ () C:\Program Files\MyDrive Connect\Plugins\bearer\qgenericbearer.dll
2014-09-11 07:06 - 2014-09-11 07:06 - 00038912 _____ () C:\Program Files\MyDrive Connect\Plugins\bearer\qnativerwifibearer.dll
2014-09-11 07:14 - 2014-09-11 07:14 - 00032256 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qdds.dll
2014-09-11 07:05 - 2014-09-11 07:05 - 00021504 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qgif.dll
2014-09-11 07:14 - 2014-09-11 07:14 - 00027648 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qicns.dll
2014-09-11 07:05 - 2014-09-11 07:05 - 00021504 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qico.dll
2014-09-11 07:14 - 2014-09-11 07:14 - 00381952 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qjp2.dll
2014-09-11 07:05 - 2014-09-11 07:05 - 00204800 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qjpeg.dll
2014-09-11 07:14 - 2014-09-11 07:14 - 00218112 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qmng.dll
2014-09-11 07:08 - 2014-09-11 07:08 - 00015872 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qsvg.dll
2014-09-11 07:14 - 2014-09-11 07:14 - 00015360 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qtga.dll
2014-09-11 07:15 - 2014-09-11 07:15 - 00307712 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qtiff.dll
2014-09-11 07:15 - 2014-09-11 07:15 - 00014848 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qwbmp.dll
2014-09-11 07:15 - 2014-09-11 07:15 - 00252928 _____ () C:\Program Files\MyDrive Connect\Plugins\imageformats\qwebp.dll
2016-12-02 00:19 - 2016-10-28 15:50 - 00035792 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-12-02 00:19 - 2016-10-28 15:50 - 00145864 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-12-02 00:19 - 2016-10-28 15:51 - 00019408 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-12-02 00:19 - 2016-10-28 15:50 - 00116688 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-12-02 00:19 - 2016-10-28 15:50 - 00100296 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-12-02 00:19 - 2016-10-28 15:50 - 00018888 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\select.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00019760 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-12-02 00:19 - 2016-10-28 15:50 - 00694224 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00020816 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-12-02 00:19 - 2016-10-28 15:51 - 00123856 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 01682760 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00020808 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00105928 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00021312 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00052024 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00038696 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-12-02 00:19 - 2016-10-28 15:50 - 00392144 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-12-02 00:19 - 2016-10-28 15:53 - 00020936 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00024528 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00116176 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00381752 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00124880 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00025424 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00024016 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00175560 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00030160 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00043472 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00048592 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00057808 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00024016 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00246592 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00026456 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-12-02 00:19 - 2016-10-28 15:52 - 00241104 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00020280 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00028616 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00020800 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00019776 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00020800 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00023376 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00350152 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00022352 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00024392 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-12-02 00:19 - 2016-10-28 15:49 - 00036296 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\librsync.dll
2016-12-02 00:19 - 2016-11-28 06:16 - 00084280 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-12-02 00:19 - 2016-11-28 06:16 - 01826096 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-12-02 00:19 - 2016-10-28 15:51 - 00083912 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\sip.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00531248 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 03928880 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 01972528 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00133424 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00224056 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00207672 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00020288 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2016-12-02 00:19 - 2016-10-28 15:56 - 00017864 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-12-02 00:19 - 2016-10-28 15:56 - 01631184 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-12-02 00:19 - 2016-10-28 15:56 - 14419408 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\opengl32sw.dll
2016-12-02 00:19 - 2016-11-28 06:16 - 00042808 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00168760 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00357680 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00060880 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00024904 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00546096 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-12-06 16:38 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-12-06 16:38 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2009-06-10 13:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-899527790-1624991411-125816496-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BC832D4C-AB84-4B86-B49E-64291051C321}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{A7EEBE7C-5E87-4407-9B09-4CBC9DF61983}] => C:\Program Files\WiLife Command Center\Werks.exe
FirewallRules: [{D4D667B4-0B30-4E71-8359-DF65CF87C03D}] => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1D94917A-1BD0-4EB1-8DA3-1413460E4AAA}] => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{A7114956-9EC4-4DCA-9126-428726C8615F}C:\users\ann-margaret\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\ann-margaret\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{23B4D86E-6B08-4386-8B2F-A94C6F81E0E5}C:\users\ann-margaret\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\ann-margaret\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{2F1FEA04-1914-41DF-A97E-0513AA8A02B8}] => C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
FirewallRules: [{D8019906-FA39-4F60-9125-B52E0C12CA34}] => C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
FirewallRules: [{37C212E1-048D-4DA8-83C0-E3625641CAD7}] => C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{AAFF564B-E8EE-4A5A-9466-C0BEE1018FC5}] => C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3B50D008-EB9D-4ED4-B2A2-C0B5F33D4733}] => C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{3DCD3780-15C4-4787-AE62-C8C8D4620110}] => C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{BF3E7FB3-D46E-4210-A653-E44A0A97DF77}] => C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{87F358F7-8A81-459A-A4EE-3BEDC41ECA1E}] => C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{89CD8D93-B367-4619-B411-EA0D0D5CA044}] => C:\Program Files\Skype\Phone\Skype.exe

==================== Restore Points =========================

13-07-2015 15:39:06 Scheduled Checkpoint
24-08-2015 11:10:00 Scheduled Checkpoint
23-09-2015 10:55:54 Scheduled Checkpoint
06-12-2016 15:47:12 Checkpoint by HitmanPro
06-12-2016 15:49:12 Checkpoint by HitmanPro
07-12-2016 09:35:25 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/06/2016 03:49:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000188,SYSTEM\CurrentControlSet\Services\VSS\Diag\VssvcPublisher,0,REG_BINARY,00BCFAC4.64). hr = 0x80070005, Access is denied.
.

Error: (12/06/2016 03:49:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000960,(null),0,REG_BINARY,0410EFA4.64). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {67715e36-d695-4670-a056-f7fc6ba3cb0a}

Error: (12/06/2016 03:49:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000071c,(null),0,REG_BINARY,01E3EFCC.64). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {e3dd6656-8da4-478c-83c4-60754e6e12f7}

Error: (12/06/2016 03:49:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c4,(null),0,REG_BINARY,0101FA04.64). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {94b7c036-0733-4d75-912f-8a8875752359}

Error: (12/06/2016 03:49:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001f4,(null),0,REG_BINARY,0130F0C4.64). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
Writer Name: Shadow Copy Optimization Writer
Writer Instance ID: {60794a72-b815-41ea-bfea-3f1361b84e6f}

Error: (12/06/2016 03:49:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000298,(null),0,REG_BINARY,0314EA8C.64). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {7bea8836-8acc-4623-93c1-669533f452d8}

Error: (12/06/2016 03:49:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001b8,(null),0,REG_BINARY,0115F364.64). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {afbab4a2-367d-4d15-a586-71dbb18f8485}
Writer Name: Registry Writer
Writer Instance ID: {9654aef8-b606-4ec7-a147-181b68385618}

Error: (12/06/2016 03:49:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x00000960,(null),0,REG_BINARY,0410EF90.64). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {cd3f2362-8bef-46c7-9181-d62844cdc0b2}
Writer Name: MSSearch Service Writer
Writer Instance ID: {67715e36-d695-4670-a056-f7fc6ba3cb0a}

Error: (12/06/2016 03:49:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x0000071c,(null),0,REG_BINARY,01E3EFB8.64). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {a6ad56c2-b509-4e6c-bb19-49d8f43532f0}
Writer Name: WMI Writer
Writer Instance ID: {e3dd6656-8da4-478c-83c4-60754e6e12f7}

Error: (12/06/2016 03:49:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine RegSetValueExW(0x000001c4,(null),0,REG_BINARY,0101F9F0.64). hr = 0x80070005, Access is denied.
.


Operation:
BackupShutdown Event

Context:
Execution Context: Writer
Writer Class Id: {542da469-d3e1-473c-9f4f-7847f01fc64f}
Writer Name: COM+ REGDB Writer
Writer Instance ID: {94b7c036-0733-4d75-912f-8a8875752359}


System errors:
=============
Error: (12/06/2016 03:52:31 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The HitmanPro 3.7 Crusader (Boot) service terminated with service-specific error The operation completed successfully.
.

Error: (12/02/2016 12:03:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2} did not register with DCOM within the required timeout.

Error: (08/01/2016 12:01:21 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

Error: (07/31/2016 11:30:41 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:29:47 AM on ‎8/‎1/‎2016 was unexpected.

Error: (05/25/2016 08:59:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (05/25/2016 08:59:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (05/25/2016 08:59:54 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (05/25/2016 07:29:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Personal Firewall Service service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (05/25/2016 07:29:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the McAfee Personal Firewall Service service to connect.

Error: (05/05/2016 09:19:51 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {C98F04D7-CD30-4BB0-B7D7-8DD7448520F2} did not register with DCOM within the required timeout.


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz
Percentage of memory in use: 76%
Total physical RAM: 2038.05 MB
Available physical RAM: 488.67 MB
Total Virtual: 4076.11 MB
Available Virtual: 2539.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:142.59 GB) (Free:65.14 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:6.46 GB) (Free:0.76 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: E978F772)
Partition 1: (Active) - (Size=142.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=6.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[TwinHeadedEagle]

Hello,


Is this company/business computer?

 

[Susan Mah]

No, it's my friend's personal computer.

 

[TwinHeadedEagle]

Fix with AdwCleaner

Please download AdwCleaner by Xplode and save the file to your Desktop.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
• Accept the Terms of use.
• Wait until the database is updated.
• Click Scan.
• When finished, please click Clean.
• Your PC should reboot now.
• After reboot, logfile will be opened. Copy its content into your next reply.

Note: Reports will be saved in your system partition, usually at C:\Adwcleaner

 

[Susan Mah]

I'll give this a try. Thank you!

 

[Susan Mah]

Below is the report. Unfortunately, the RegClean Pro window is still popping up.

# AdwCleaner v6.040 - Logfile created 08/12/2016 at 15:21:12
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-07.1 [Server]
# Operating System : Windows 7 Ultimate (X86)
# Username : Ann-Margaret - ANN-MARGARET-PC
# Running from : C:\Users\Ann-Margaret\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\ANN-MA~1\AppData\Local\Temp\AirInstaller


***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-899527790-1624991411-125816496-1000\Software\ContentExplorer
[#] Key deleted on reboot: HKCU\Software\ContentExplorer
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{597FB4A5-DD86-4316-A410-7E8074CC2CCE}


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1105 Bytes] - [08/12/2016 15:21:12]
C:\AdwCleaner\AdwCleaner[S0].txt - [1400 Bytes] - [08/12/2016 15:19:16]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1251 Bytes] ##########

 

[TwinHeadedEagle]

Let me know if this fixed it:

Fix with Farbar Recovery Scan Tool

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

​

Download attached fixlist.txt file and save it to the Desktop:

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).
• Press the Fix button just once and wait.
• If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
• When finishes FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

 

[Susan Mah]

Thanks!

 

[TwinHeadedEagle]

Thanks!

?

 

[Susan Mah]

Sorry, didn't try the scan until now.

• Right-click on
  
  icon and select
  
  Run as Administrator to start the tool.
  (XP users click run after receipt of Windows Security Warning - Open File).

This worked okay.

• Press the Fix button just once and wait.

A window then popped up with the message below so couldn't continue.

No fixlist.txt found.
The fixlist.txt should be in the same folder/directory the tool is located.

 

[TwinHeadedEagle]

Exactly, you need to put fixlist on the same location as FRST tool.

 

[Susan Mah]

There wasn't any fixlist.txt downloaded so I didn't have a file to place on the same location as FRST tool.

 

[Susan Mah]

There was no fixlist.txt but I have done a scan with the FarBar Recovery Tool. Below are FRST.txt and Addition.txt files. Would this help?

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016
Ran by Ann-Margaret (administrator) on ANN-MARGARET-PC (07-12-2016 11:34:26)
Running from C:\Users\Ann-Margaret\Downloads
Loaded Profiles: Ann-Margaret (Available Profiles: Ann-Margaret)
Platform: Microsoft Windows 7 Ultimate (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
() C:\Program Files\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(PC Drivers Headquarters) C:\Program Files\Driver Support\Driver Support\DriverSupport.exe
(TomTom) C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe
(Dropbox, Inc.) C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\CSP\1.5.495.0\McCSPServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\McChHost.exe
(McAfee, Inc.) C:\Program Files\McAfee\SiteAdvisor\saUI.exe
(Google Inc.) C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [322104 2009-08-20] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [582288 2015-09-03] (McAfee, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe [563200 2015-04-02] (McAfee, Inc.)
HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Run: [Google Update] => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-08] (Google Inc.)
HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Run: [Driver Support] => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [4785504 2014-05-07] (PC Drivers Headquarters)
HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Run: [Dropbox Update] => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-12-02] (Dropbox, Inc.)
HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Run: [MyDriveConnect.exe] => C:\Program Files\MyDrive Connect\TomTom MyDrive Connect.exe [1917832 2015-06-04] (TomTom)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll [2016-11-28] (Dropbox, Inc.)
Startup: C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-12-02]
ShortcutTarget: Dropbox.lnk -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-02-15]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-899527790-1624991411-125816496-1000] => http=127.0.0.1:49498;https=127.0.0.1:49498
AutoConfigURL: [S-1-5-21-899527790-1624991411-125816496-1000] => http=127.0.0.1:49498;https=127.0.0.1:49498
Tcpip\Parameters: [DhcpNameServer] 137.82.1.2 142.103.1.42
Tcpip\..\Interfaces\{40E5ADB9-F95D-48F1-9D58-362DFAAA4399}: [DhcpNameServer] 137.82.1.2 142.103.1.42
Tcpip\..\Interfaces\{A3C2AEF2-0C06-4432-99C6-548D8DF2E365}: [DhcpNameServer] 216.57.207.18 216.57.207.19

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-899527790-1624991411-125816496-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-899527790-1624991411-125816496-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-899527790-1624991411-125816496-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/?rd=1
HKU\S-1-5-21-899527790-1624991411-125816496-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.youtube.com/results?search_query=jonalyn+viray+la+diva++philippines+2014
hxxps://ca.yahoo.com/?p=us
URLSearchHook: HKU\S-1-5-21-899527790-1624991411-125816496-1000 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKU\S-1-5-21-899527790-1624991411-125816496-1000 -> DefaultScope {6CCE3E8C-05E3-4E6B-99D6-5DF6CF78BF54} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US876D20140828&p={searchTerms}
SearchScopes: HKU\S-1-5-21-899527790-1624991411-125816496-1000 -> {0499BC2B-7A6A-4571-BDEB-53A451B5E889} URL = hxxp://websearch.shaw.ca/shaw/ws/results/Web/{SearchTerms}/1/417/TopNavigation/Relevance/iq=true/zoom=off/_iceUrlFlag=7?_IceUrl=true&ua=ie-tb-cd
SearchScopes: HKU\S-1-5-21-899527790-1624991411-125816496-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-899527790-1624991411-125816496-1000 -> {6CCE3E8C-05E3-4E6B-99D6-5DF6CF78BF54} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=B011US876D20140828&p={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-22] (Oracle Corporation)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-01] (Skype Technologies S.A.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-22] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-12] (McAfee, Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-01] (Skype Technologies S.A.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll [2015-09-03] (McAfee, Inc.)

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files\McAfee\SiteAdvisor\saffplg.xpi [2016-12-06]
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-03-28] [not signed]
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll [2012-10-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2012-10-22] (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-03] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll [2010-09-16] ( Microsoft Corporation)
FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Ann-Margaret\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-12] (Citrix Online)
FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Ann-Margaret\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @talk.google.com/O1DPlugin -> C:\Users\Ann-Margaret\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin HKU\S-1-5-21-899527790-1624991411-125816496-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Ann-Margaret\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Ann-Margaret\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR DefaultProfile: Default
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?fr=mcafee&type=B211US876D20140828&p={searchTerms}
CHR DefaultSearchKeyword: Default -> mcafee
CHR Profile: C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default [2016-12-07]
CHR Extension: (SiteAdvisor) - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-17]
CHR Extension: (Skype) - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-12-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-06]
CHR Extension: (Chrome Media Router) - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-06]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2016-03-28]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-07-01]
StartMenuInternet: Google Chrome - C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [132160 2016-02-12] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [691968 2015-09-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.5.495.0\McCSPServiceHost.exe [180064 2015-06-04] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [481336 2015-04-09] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [196600 2015-02-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [334576 2015-04-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [238288 2015-02-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [291816 2015-04-02] (McAfee, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 A_USBETHMP; C:\Windows\System32\Drivers\usbethmp.sys [14342 2009-07-09] (Intellon Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [61848 2015-02-17] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [304928 2015-02-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [260248 2015-02-17] (McAfee, Inc.)
R0 mfedisk; C:\Windows\System32\DRIVERS\mfedisk.sys [82800 2015-02-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [371648 2015-02-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [648552 2015-02-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [380496 2015-01-16] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [80760 2015-01-16] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [217584 2015-02-17] (McAfee, Inc.)
S3 WLRAWMp50x86; C:\Windows\System32\Drivers\WLRAWMp50x86.sys [28312 2009-07-09] (Logitech, Inc.)
S3 WLRAWSp50x86; C:\Windows\System32\Drivers\WLRAWSp50x86.sys [27032 2009-07-09] (Logitech, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-07 11:34 - 2016-12-07 11:34 - 00018034 _____ C:\Users\Ann-Margaret\Downloads\FRST.txt
2016-12-07 11:33 - 2016-12-07 11:34 - 00000000 ____D C:\FRST
2016-12-07 11:32 - 2016-12-07 11:32 - 01761792 _____ (Farbar) C:\Users\Ann-Margaret\Downloads\FRST.exe
2016-12-07 10:48 - 2016-12-07 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-12-06 16:32 - 2016-12-06 16:35 - 268555280 _____ C:\Users\Ann-Margaret\Downloads\EmsisoftEmergencyKit.exe
2016-12-06 16:25 - 2016-12-07 10:40 - 00000000 ____D C:\EEK
2016-12-06 15:49 - 2016-12-06 15:49 - 00001142 _____ C:\Windows\system32\.crusader
2016-12-06 15:38 - 2016-12-06 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-12-06 15:38 - 2016-12-06 15:38 - 00000000 ____D C:\Program Files\HitmanPro
2016-12-06 15:17 - 2016-12-06 15:49 - 00000000 ____D C:\ProgramData\HitmanPro
2016-12-02 00:19 - 2016-12-02 00:19 - 00000000 ____D C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-07 11:30 - 2013-03-11 21:36 - 00000000 ___RD C:\Users\Ann-Margaret\Dropbox
2016-12-07 11:22 - 2013-03-11 21:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-07 11:17 - 2010-11-16 21:43 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA.job
2016-12-07 11:07 - 2015-07-07 19:34 - 00000946 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA.job
2016-12-07 11:01 - 2009-07-13 20:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-07 11:01 - 2009-07-13 20:34 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-07 10:42 - 2009-07-13 20:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-07 10:41 - 2015-01-12 07:32 - 00000604 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-899527790-1624991411-125816496-1000.job
2016-12-07 10:23 - 2015-07-17 04:35 - 00000700 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-899527790-1624991411-125816496-1000.job
2016-12-07 09:37 - 2015-01-07 20:41 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-07 08:05 - 2016-05-05 21:22 - 00920500 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-07 08:05 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\inf
2016-12-06 15:19 - 2013-07-28 13:03 - 00000000 ____D C:\ProgramData\McAfee
2016-12-02 00:31 - 2010-11-17 19:11 - 00000000 ____D C:\New folder
2016-12-02 00:23 - 2010-11-16 22:00 - 00002406 _____ C:\Users\Ann-Margaret\Desktop\Google Chrome.lnk
2016-12-02 00:23 - 2010-11-16 21:56 - 00002414 _____ C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-02 00:22 - 2013-03-11 21:32 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2016-12-02 00:22 - 2013-03-11 21:32 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2016-12-02 00:22 - 2010-11-16 21:36 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-02 00:20 - 2013-03-11 21:30 - 00000000 ____D C:\Users\Ann-Margaret\AppData\Roaming\Dropbox
2016-12-02 00:18 - 2010-11-16 21:43 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core.job
2016-12-02 00:13 - 2015-07-07 19:34 - 00000000 ____D C:\Users\Ann-Margaret\AppData\Local\Dropbox
2016-12-02 00:05 - 2015-07-07 19:34 - 00000894 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core.job

==================== Files in the root of some directories =======

2010-11-16 22:20 - 2010-11-16 22:20 - 0000000 _____ () C:\Users\Ann-Margaret\AppData\Local\AtStart.txt
2010-11-16 22:20 - 2010-11-16 22:20 - 0000000 _____ () C:\Users\Ann-Margaret\AppData\Local\DSwitch.txt
2010-11-16 22:20 - 2010-11-16 22:20 - 0000000 _____ () C:\Users\Ann-Margaret\AppData\Local\QSwitch.txt

Some files in TEMP:
====================
C:\Users\Ann-Margaret\AppData\Local\Temp\air1B54.exe
C:\Users\Ann-Margaret\AppData\Local\Temp\air40A9.exe
C:\Users\Ann-Margaret\AppData\Local\Temp\air8F37.exe
C:\Users\Ann-Margaret\AppData\Local\Temp\CitrixOnlineLauncher.exe
C:\Users\Ann-Margaret\AppData\Local\Temp\DD80_TeamViewer_Setup_en.exe
C:\Users\Ann-Margaret\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp7tihfw.dll
C:\Users\Ann-Margaret\AppData\Local\Temp\ose00000.exe
C:\Users\Ann-Margaret\AppData\Local\Temp\ose00001.exe
C:\Users\Ann-Margaret\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Ann-Margaret\AppData\Local\Temp\yopw-2xv.dll
C:\Users\Ann-Margaret\AppData\Local\Temp\zjtw59kz.dll
C:\Users\Ann-Margaret\AppData\Local\Temp\_is5F8.exe
C:\Users\Ann-Margaret\AppData\Local\Temp\{C433DE69-E21F-49EE-9B8F-561C337E0397}-DropboxClient_3.20.1.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-08 01:19

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-12-2016
Ran by Ann-Margaret (09-12-2016 08:34:37)
Running from C:\Users\Ann-Margaret\Downloads
Microsoft Windows 7 Ultimate (X86) (2010-11-17 05:09:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-899527790-1624991411-125816496-500 - Administrator - Disabled)
Ann-Margaret (S-1-5-21-899527790-1624991411-125816496-1000 - Administrator - Enabled) => C:\Users\Ann-Margaret
Guest (S-1-5-21-899527790-1624991411-125816496-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-899527790-1624991411-125816496-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader X (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.3 - Broadcom Corporation)
Citrix Online Launcher (HKLM\...\{A08A6B7D-1F21-4843-85A3-77B8D15FAE0E}) (Version: 1.0.244 - Citrix)
Conexant HD Audio (HKLM\...\CNXT_HDAUDIO) (Version: - )
Dropbox (HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Dropbox) (Version: 15.4.22 - Dropbox, Inc.)
Google Chrome (HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
GoToMeeting 7.3.0.3499 (HKU\S-1-5-21-899527790-1624991411-125816496-1000\...\GoToMeeting) (Version: 7.3.0.3499 - CitrixOnline)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDA_HSF) (Version: - )
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.15.281 - SurfRight B.V.)
HP Pavilion Webcam Driver for Vista v061.001.00006 (HKLM\...\{5CA81D12-9EC2-4082-972B-43ECA63F41F2}) (Version: 061.001.00006 - Chicony)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.5.1 - Hewlett-Packard)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: - )
Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee SecurityCenter (HKLM\...\MSC) (Version: 14.0.1127 - McAfee, Inc.)
McAfee SiteAdvisor (HKLM\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.290 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50917.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
MyDriveConnect 4.0.3.2180 (HKLM\...\MyDriveConnect) (Version: 4.0.3.2180 - TomTom)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
RICOH Media Driver (HKLM\...\{F5CC2EF8-20A4-4366-A681-3FE849E65809}) (Version: 2.10.00.04 - RICOH)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Skype Toolbars (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.5.7896 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.28223 - TeamViewer)
Visual Studio C++ 10.0 Runtime (HKLM\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
WiLife Command Center 2.5 (HKLM\...\{49143692-9C1E-4D35-8A82-9BE0378846CB}) (Version: 2.5.968 - WiLife)
WiLife Command Center 2.5 (Version: 2.5.968 - WiLife) Hidden
WiLife Command Center USB Driver x86 (Version: 2.5.0000 - Logitech) Hidden
Windows Driver Package - Dibcom (MODBDA2) Media (07/25/2006 1.0.0.15) (HKLM\...\F5181EF8C578455A008679430DF657AC907C67A5) (Version: 07/25/2006 1.0.0.15 - Dibcom)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version: - )
WizeFeed 2.1.5 (HKLM\...\W1Z3F33D-CD0C-4AC4-86B4-X11E5511AA18_is1) (Version: 2.1.0.5 - GlobalTec Solutions, LLP)
Wizetrade® Stocks (HKLM\...\W1Z3T4D3-L00K-1T1Z-H3R3-UN1NST4LLTH3_is1) (Version: 2.1.2.1 - The Wizetrade Group, LLP)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.135\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.99\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{0A368B9B-3566-4730-B40E-EAF6858A53AF}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.27.33\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.25.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.23.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.145\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.153\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\2128\G2MOutlookAddin.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.24.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.22.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.165\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.115\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.27.29\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.31.5\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.22.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.21.111\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\DropboxExt.3.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Google\Update\1.3.24.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-899527790-1624991411-125816496-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08CF8986-421E-4E08-A8FB-5EC245BC9BDB} - System32\Tasks\{634ABF9A-CD5F-40C0-8071-213B12689A16} => pcalua.exe -a F:\sp34464.exe -d F:\
Task: {18F5657D-1AFC-4731-AA1B-92EBA3D57E04} - System32\Tasks\{C041C7E4-6707-4FD6-B67C-BC0030D1A897} => pcalua.exe -a "C:\Program Files\HP DVB-T TV Tuner\DPInst_Setup.exe" -d "C:\Program Files\HP DVB-T TV Tuner"
Task: {23CFAB43-EF49-434D-B4A2-C2918932156C} - System32\Tasks\Driver Support-RTMUpdater => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-05-07] (PC Drivers Headquarters)
Task: {26E4F7F8-09CA-4155-ABB2-AD5E3C6F6E47} - System32\Tasks\{715AD13E-9F51-434E-8CFC-1333EFD7637C} => C:\Program Files\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {29D8BBC9-212A-44CF-BB94-15B7FC8D1547} - System32\Tasks\{162116ED-57CD-489A-A837-16A07798E133} => C:\Program Files\Skype\\Phone\Skype.exe [2014-10-01] (Skype Technologies S.A.)
Task: {3ADB4070-6A96-4D4F-941D-04560B50DC2B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-02] (Adobe Systems Incorporated)
Task: {4E96B8E7-7D3D-4356-98A7-AB845C07AD22} - System32\Tasks\G2MUpdateTask-S-1-5-21-899527790-1624991411-125816496-1000 => C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe [2015-09-23] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4F8849C9-37C3-4C64-B032-528D37D0285E} - System32\Tasks\Driver Support-RTMRules => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-05-07] (PC Drivers Headquarters)
Task: {52043947-E06F-4634-BF86-C14AB4156BDE} - System32\Tasks\G2MUploadTask-S-1-5-21-899527790-1624991411-125816496-1000 => C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe [2015-09-23] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {6F29A5D4-7C1D-414B-97DB-E60A84912DA5} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-05-18] (McAfee, Inc.)
Task: {72A23ED5-9688-4896-A0F0-A43DD02AA28B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {7F3D7E16-48E4-4B85-A3F1-B8114BEE9D56} - System32\Tasks\{412F4DBB-02B5-44CF-B6FD-6BC3AE17134D} => Chrome.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain
Task: {8706BF7C-DE59-477A-B491-1DC0B96CA9E1} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-12-02] (Dropbox, Inc.)
Task: {AD756287-CDEE-4644-A19B-55CA811CAA41} - System32\Tasks\Driver Support-RTMScan => C:\Program Files\Driver Support\Driver Support\DriverSupport.exe [2014-05-07] (PC Drivers Headquarters)
Task: {B33132E4-C0D6-49C3-AD61-4571CE1B01D8} - System32\Tasks\{0F655E5E-61E8-4C84-BD76-78BAE26B8642} => pcalua.exe -a F:\sp35850.exe -d F:\
Task: {ED5E14BD-A59B-4D91-BB45-ADFE321BEBB4} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [2015-09-08] (Google Inc.)
Task: {FC6C5B43-9168-4863-A9A9-9B9E256F648C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-12-02] (Dropbox, Inc.)
Task: {FC6E8327-A7D7-42BC-9553-5C68E344A101} - System32\Tasks\Reg Pro Cleaner =>

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core.job => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA.job => C:\Users\Ann-Margaret\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-899527790-1624991411-125816496-1000.job => C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\3499\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-899527790-1624991411-125816496-1000.job => C:\Users\Ann-Margaret\AppData\Local\Citrix\GoToMeeting\3499\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000Core.job => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-899527790-1624991411-125816496-1000UA.job => C:\Users\Ann-Margaret\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-09-10 19:46 - 2014-08-13 02:50 - 04047328 _____ () C:\Program Files\Bull Softwares\Reg Pro Cleaner\RegProCleaner.exe
2014-05-07 12:31 - 2014-05-07 12:31 - 00428424 _____ () C:\Program Files\Driver Support\Driver Support\Agent.Communication.XmlSerializers.dll
2016-12-02 00:19 - 2016-10-28 15:50 - 00035792 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2016-12-02 00:19 - 2016-10-28 15:50 - 00145864 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2016-12-02 00:19 - 2016-10-28 15:51 - 00019408 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2016-12-02 00:19 - 2016-10-28 15:50 - 00116688 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2016-12-02 00:19 - 2016-10-28 15:50 - 00100296 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2016-12-02 00:19 - 2016-10-28 15:50 - 00018888 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\select.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00019760 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2016-12-02 00:19 - 2016-10-28 15:50 - 00694224 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00020816 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2016-12-02 00:19 - 2016-10-28 15:51 - 00123856 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 01682760 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00020808 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00105928 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00021312 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00052024 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00038696 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\fastpath.pyd
2016-12-02 00:19 - 2016-10-28 15:50 - 00392144 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2016-12-02 00:19 - 2016-10-28 15:53 - 00020936 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00024528 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32event.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00116176 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32security.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00381752 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00124880 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00025424 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00024016 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00175560 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32gui.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00030160 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00043472 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32process.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00048592 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32service.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00057808 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00024016 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32profile.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00246592 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00026456 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-12-02 00:19 - 2016-10-28 15:52 - 00241104 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00020280 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00028616 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32ts.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00020800 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00019776 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.winerror._winffi_winerror.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00020800 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.wininet._winffi_wininet.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00023376 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00350152 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00022352 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00024392 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2016-12-02 00:19 - 2016-10-28 15:49 - 00036296 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\librsync.dll
2016-12-02 00:19 - 2016-11-28 06:16 - 00084280 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-12-02 00:19 - 2016-11-28 06:16 - 01826096 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2016-12-02 00:19 - 2016-10-28 15:51 - 00083912 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\sip.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00531248 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 03928880 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 01972528 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00133424 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00224056 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00207672 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00020288 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.user32._winffi_user32.pyd
2016-12-02 00:19 - 2016-10-28 15:56 - 00017864 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\libEGL.dll
2016-12-02 00:19 - 2016-10-28 15:56 - 01631184 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-12-02 00:19 - 2016-10-28 15:56 - 14419408 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\opengl32sw.dll
2016-12-02 00:19 - 2016-11-28 06:16 - 00042808 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00168760 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00357680 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-12-02 00:19 - 2016-10-28 15:53 - 00060880 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\win32print.pyd
2016-12-02 00:19 - 2016-11-28 06:17 - 00024904 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-12-02 00:19 - 2016-11-28 06:16 - 00546096 _____ () C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2016-12-06 16:38 - 2016-09-06 11:00 - 05197312 _____ () C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libglesv2.dll
2016-12-06 16:38 - 2016-09-06 11:00 - 00147456 _____ () C:\Users\Ann-Margaret\AppData\Local\Google\Chrome\User Data\SwiftShader\3.3.0.1\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:04 - 2009-06-10 13:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-899527790-1624991411-125816496-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ann-Margaret\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 137.82.1.2 - 142.103.1.42
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{BC832D4C-AB84-4B86-B49E-64291051C321}] => C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{A7EEBE7C-5E87-4407-9B09-4CBC9DF61983}] => C:\Program Files\WiLife Command Center\Werks.exe
FirewallRules: [{D4D667B4-0B30-4E71-8359-DF65CF87C03D}] => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1D94917A-1BD0-4EB1-8DA3-1413460E4AAA}] => C:\Users\Ann-Margaret\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{A7114956-9EC4-4DCA-9126-428726C8615F}C:\users\ann-margaret\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\ann-margaret\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{23B4D86E-6B08-4386-8B2F-A94C6F81E0E5}C:\users\ann-margaret\appdata\roaming\dropbox\bin\dropbox.exe] => C:\users\ann-margaret\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{2F1FEA04-1914-41DF-A97E-0513AA8A02B8}] => C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
FirewallRules: [{D8019906-FA39-4F60-9125-B52E0C12CA34}] => C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
FirewallRules: [{37C212E1-048D-4DA8-83C0-E3625641CAD7}] => C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{AAFF564B-E8EE-4A5A-9466-C0BEE1018FC5}] => C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3B50D008-EB9D-4ED4-B2A2-C0B5F33D4733}] => C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{3DCD3780-15C4-4787-AE62-C8C8D4620110}] => C:\Program Files\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{BF3E7FB3-D46E-4210-A653-E44A0A97DF77}] => C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{87F358F7-8A81-459A-A4EE-3BEDC41ECA1E}] => C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{89CD8D93-B367-4619-B411-EA0D0D5CA044}] => C:\Program Files\Skype\Phone\Skype.exe

==================== Restore Points =========================

13-07-2015 15:39:06 Scheduled Checkpoint
24-08-2015 11:10:00 Scheduled Checkpoint
23-09-2015 10:55:54 Scheduled Checkpoint
06-12-2016 15:47:12 Checkpoint by HitmanPro
06-12-2016 15:49:12 Checkpoint by HitmanPro
07-12-2016 09:35:25 Checkpoint by HitmanPro

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/09/2016 08:31:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (12/09/2016 08:31:28 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (12/09/2016 08:31:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (12/09/2016 08:31:15 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (12/09/2016 08:30:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (12/09/2016 08:30:59 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (12/09/2016 08:30:53 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (12/09/2016 08:30:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (12/09/2016 08:30:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.

Error: (12/09/2016 08:30:51 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: The data is invalid.
.


System errors:
=============
Error: (12/08/2016 03:21:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Modules Installer service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (12/08/2016 03:21:55 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The TrustedInstaller service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (12/08/2016 03:20:24 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
An instance of the service is already running.

Error: (12/08/2016 03:19:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (12/08/2016 03:19:55 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/08/2016 03:19:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Com4QLBEx service terminated unexpectedly. It has done this 1 time(s).

Error: (12/08/2016 03:19:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/08/2016 03:19:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The hpqwmiex service terminated unexpectedly. It has done this 1 time(s).

Error: (12/08/2016 03:19:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The XAudioService service terminated unexpectedly. It has done this 1 time(s).

Error: (12/08/2016 03:19:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz
Percentage of memory in use: 73%
Total physical RAM: 2038.05 MB
Available physical RAM: 543.48 MB
Total Virtual: 4076.11 MB
Available Virtual: 2581.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:142.59 GB) (Free:63.87 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (HP_RECOVERY) (Fixed) (Total:6.46 GB) (Free:0.76 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: E978F772)
Partition 1: (Active) - (Size=142.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=6.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

[Susan Mah]

How do I create the fixlist.txt? When I click the Fix button, a window pops up saying no fixlist.txt found.

 

[TwinHeadedEagle]

I attached fixlist for your above, please look carefully.

 

[Susan Mah]

I will try this on Tuesday since my friend's computer is at work. Thanks!

 

[Susan Mah]

This worked! Thanks TwinHeadedEagle

 

[TwinHeadedEagle]

Since there are no more problems, we can declare this PC clean

Now, we can proceed with post-cleanup procedures. Let's remove my tools and create a new, non infected restore point concurrently deleting old ones.


Step 1. - Creation of system restore point and tools removal.


Download DelFix by Xplode and save it to your desktop.

• Run the tool by right click on the
  
  icon and Run as administrator option.
• Make sure that these ones are checked:
  • Remove disinfection tools
  • Purge system restore
  • Reset system settings
• Push Run and wait until the tool completes his work.
• All tools we used should be gone. Tool will create an report for you (C:\DelFix.txt). I don't need it for review.

Tool deletes old system restore points and creates a fresh system restore point after cleaning.


Step 2. - Tips and tricks to keep your computer clean, safe and in a good shape.


Security tips - highly recommended reading:

• Simple and easy ways to keep your computer safe and secure on the Internet

Maintenance tips:

• Optimize Windows for better performance

Additional software that I personally use and install on all my clients devices:

• Zemana AntiMalware (paid version highly recommended) - to work as a supplement for your antivirus but with excellent remediation and protection
• Zemana AntiLogger - keep everything you type on keyboard out of sight of bad guys trying to steal your credantials
• Malwarebytes' Anti-Exploit - to prevent plenty of mostly exploited vulnerabilities.
• McShield - to prevent infections spread by removable media.
• Unchecky - to prevent from installing additional foistware, implemented in legitimate installations.
• uBlock - to surf the web without annoying ads!
• Qualys BrowserCheck - cloud service that scans your browsers and plugins to see if they’re all up-to-date.

My help is free for everybody.
If you're happy with the help provided and/or wish to show your appreciaton, please consider a donation:
Thank you!​

Stay safe,
TwinHeadedEagle

 

[Susan Mah]

Will do! Thanks so much!