HKLM\...\Run: [] => [X] HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MountPoints2: {00fc3e61-0ac0-11e3-9855-00266ca6737b} - E:\AutoLaunch.exe HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MountPoints2: {cddfa79e-bc23-11e2-ac32-00266ca6737b} - F:\HTC_Sync_Manager_PC.exe HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MountPoints2: {e46220cc-0bf5-11e3-985d-00266ca6737b} - E:\AutoLaunch.exe HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MountPoints2: {fcda94d8-f4f9-11e3-9cc1-00266ca6737b} - F:\VZW_Software_upgrade_assistant_installer.exe HKU\S-1-5-21-851422437-3431464140-778240321-501\...\Run: [Best Buy pc app] => C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2013-12-27] ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2013-12-27] ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File) BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit GroupPolicyScripts-x32: Restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q= HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q= HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q= HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q= HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q= HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q= URLSearchHook: HKU\S-1-5-21-851422437-3431464140-778240321-1003 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File SearchScopes: HKLM-x32 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2845289 SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> {295C8D1A-956E-45FF-BF82-4C7D5D969816} URL = SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1003 -> {1809DA3D-124E-4398-A93B-1C197C838C1F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=WCL2&o=100000082&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^AA2&apn_dtid=^YYYYYY^YY^US&apn_uid=0BE7F339-994C-48B8-8FBF-F6AF21B55540&apn_sauid=4F5B7F40-ED6E-4553-B66F-1237C87D95BF& SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1003 -> {295C8D1A-956E-45FF-BF82-4C7D5D969816} URL = Toolbar: HKLM-x32 - No Name - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - No File Toolbar: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> No Name - {41564952-412D-5637-4300-7A786E7484D7} - No File Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File] eployJava1.dll [2013-09-27] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File] FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF SearchPlugin: C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\searchplugins\avira-safesearch.xml [2015-08-18] FF Extension: Avira Browser Safety - C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\Extensions\abs@avira.com [2015-10-24] [not signed] FF Extension: Avira Safe Search Plus - C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\Extensions\safesearchplus@avira.com.xpi [2015-12-04] [not signed] FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com [2015-11-08] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext => not found FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found CHR Extension: (Avira SafeSearch) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjilmcjipkeokomeekfnhkpbnhmgaje [2015-11-30] CHR HKU\S-1-5-21-851422437-3431464140-778240321-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Karen McKinnis\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx CHR HKLM-x32\...\Chrome\Extension: [lgjlpcjpffjiecfdocmabeenmgnlmnkd] - C:\ProgramData\wxDfast\lgjlpcjpffjiecfdocmabeenmgnlmnkd.crx CHR HKLM-x32\...\Chrome\Extension: [lgjlpcjpffjiecfdocmabeenmgnlmnkd] - C:\ProgramData\wxDfast\lgjlpcjpffjiecfdocmabeenmgnlmnkd.crx S4 LMIRfsClientNP; no ImagePath S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 PCTINDIS5X64; \??\C:\windows\system32\PCTINDIS5X64.SYS [X] S3 RkHit; \??\C:\windows\system32\drivers\RKHit.sys [X] S3 ZTEusbMB; system32\DRIVERS\ZTEusbnmeaext2.sys [X] S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X] S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X] S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X] C:\Users\Public\AlexaNSISPlugin.3328.dll Task: {0295E8BB-5F4D-4DC2-B877-1CA1880965BD} - \Microsoft_MKC_Logon_Task_ipoint.exe -> No File <==== ATTENTION Task: {035E4ED5-F80D-47A2-92A8-3CE99549675B} - \{FBB03403-4435-4D6C-B749-DEB66FFDBDB1} -> No File <==== ATTENTION Task: {14027216-A724-488B-A1A8-2509B1951589} - \Microsoft_Hardware_Launch_devicecenter_exe -> No File <==== ATTENTION Task: {211F968F-363B-4F5C-9998-DB72CD5BB890} - \{43148735-6D08-462E-8A2D-A2BED8FB1BEA} -> No File <==== ATTENTION Task: {24FEFB76-2477-480A-92AD-B112928AF264} - \{A68FFA67-292F-4368-98CA-2E9A0A827772} -> No File <==== ATTENTION Task: {4082F654-6FED-4DC2-9EE4-76FC04A34D74} - \PCSafePRO_Start -> No File <==== ATTENTION Task: {460E95D9-3FEB-40B9-A815-327B8C7A2D07} - \{CCFF6434-156E-4D41-AA85-1826B1945794} -> No File <==== ATTENTION Task: {51F164DD-DE88-4228-960D-A52A93AD5540} - \{270F64CF-BBF4-4AAA-BD43-868E3BB8AB94} -> No File <==== ATTENTION Task: {66861258-FA96-4F39-9D2B-F99439677543} - \YourFile DownloaderUpdate -> No File <==== ATTENTION Task: {787E823C-B0D3-40D3-AB96-18E7C21D3E9A} - \RealUpgradeLogonTaskS-1-5-21-851422437-3431464140-778240321-1000 -> No File <==== ATTENTION Task: {798092B1-E41C-491F-8A4D-0F2134143614} - \{4B970EA6-9BDE-40DE-9E2A-4FC72BF5EBD1} -> No File <==== ATTENTION Task: {83A8799A-FE1C-4766-86FD-B56D3A5367CA} - \Spybot - Search & Destroy - Scheduled Task -> No File <==== ATTENTION Task: {9035E000-8BD9-4241-B96D-A370B465F883} - \{26EC24DD-FA05-4025-8620-B043F77B17DB} -> No File <==== ATTENTION Task: {980D9688-30C0-403D-8064-9FABC7A98C64} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> No File <==== ATTENTION Task: {9D2B7B94-D522-477B-846A-256D6D10FBF3} - \Microsoft_MKC_Logon_Task_itype.exe -> No File <==== ATTENTION Task: {A0CE6B2E-788C-43E5-8733-4986FF59C461} - \PCSafePRO_Popup -> No File <==== ATTENTION Task: {A1605CE0-1E24-43C7-A6CC-33EECDFA630D} - \RealUpgradeScheduledTaskS-1-5-21-851422437-3431464140-778240321-1000 -> No File <==== ATTENTION Task: {A850F9DC-88A1-4C6A-B3A7-D4682CB2D9DA} - \{F5E50DD1-523D-4D5B-8B61-D9F0F2F4DDC5} -> No File <==== ATTENTION Task: {B5135A42-8E05-40B1-88E5-031180483391} - \Test TimeTrigger -> No File <==== ATTENTION Task: {C5FF9FBF-5A18-4B65-B189-009F691504B0} - \{D134A4FB-B31D-44E0-B93E-3C890C5545BC} -> No File <==== ATTENTION Task: {E06B8B9A-E1A0-4A88-830A-6CB96A224F91} - \Microsoft_Hardware_Launch_itype_exe -> No File <==== ATTENTION Task: {F3DADA61-1C49-419E-9649-EB08240C6BD3} - \{95019DFA-8101-43E1-B474-8FAFC21F4605} -> No File <==== ATTENTION Task: {FE4B978F-E7D6-4908-BFD7-A15AA6A448E2} - \Microsoft_Hardware_Launch_ipoint_exe -> No File <==== ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:4BB26BE9 AlternateDataStreams: C:\ProgramData\TEMP:AA9519A6 AlternateDataStreams: C:\ProgramData\TEMP:F4921BC9 C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy C:\ProgramData\Best Buy pc app Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F CMD: bitsadmin /reset /allusers CMD: netsh advfirewall reset CMD: netsh advfirewall set allprofiles state on Hosts: EmptyTemp: