Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I think my computer is infected [Solved]


  • This topic is locked This topic is locked

#1
mckinnik

mckinnik

    Member

  • Member
  • PipPip
  • 38 posts

I have reason to believe my computer is infected with something. It has slowed way down the last couple of weeks and it takes a very long time to open programs, to shut down the computer and takes a very long time to download anything, view video's on the internet or even to change pages while on the internet. In addition my scans using Avira seem to hang up at about 45 per cent done and will not finish. It takes a very long time to download updates for Super Anti Spyware and Spybot. I would appreciate some help with this problem. Thanks in advance for anything you can do to help me

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
Ran by Karen McKinnis (administrator) on KILGARRAH (12-12-2015 13:12:00)
Running from C:\Users\Karen McKinnis\Desktop
Loaded Profiles: Karen McKinnis & comp admin & Guest (Available Profiles: Karen McKinnis & comp admin & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
( ) C:\Windows\System32\lxdncoms.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Google Inc.) C:\Users\Karen McKinnis\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Karen McKinnis\AppData\Local\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
(Google Inc.) C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-10-14] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\igfxcui:
HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\Run: [Google Update] => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\Run: [MusicManager] => C:\Users\Karen McKinnis\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MountPoints2: {00fc3e61-0ac0-11e3-9855-00266ca6737b} - E:\AutoLaunch.exe
HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MountPoints2: {cddfa79e-bc23-11e2-ac32-00266ca6737b} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MountPoints2: {e46220cc-0bf5-11e3-985d-00266ca6737b} - E:\AutoLaunch.exe
HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MountPoints2: {fcda94d8-f4f9-11e3-9cc1-00266ca6737b} - F:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-851422437-3431464140-778240321-1003\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-08] (SUPERAntiSpyware)
HKU\S-1-5-21-851422437-3431464140-778240321-1003\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-10-15] (Google Inc.)
HKU\S-1-5-21-851422437-3431464140-778240321-501\...\Run: [Best Buy pc app] => C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2013-12-27]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2013-12-27]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
GroupPolicyScripts-x32: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{1BC4ED45-0C56-4A2E-8C6A-6B107EBFF8B8}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{9BD772A9-DC8C-4DD4-9C84-400D91785FB4}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-851422437-3431464140-778240321-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-851422437-3431464140-778240321-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-851422437-3431464140-778240321-1003\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11ENUS/MSN_WCP
HKU\S-1-5-21-851422437-3431464140-778240321-501\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-851422437-3431464140-778240321-501\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=OIE9HP
HKU\S-1-5-21-851422437-3431464140-778240321-501\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE9ENUS/110
URLSearchHook: HKU\S-1-5-21-851422437-3431464140-778240321-1003 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM -> DefaultScope {295C8D1A-956E-45FF-BF82-4C7D5D969816} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {295C8D1A-956E-45FF-BF82-4C7D5D969816} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {FF4F0CAD-67E0-4E27-864A-EB3D9C1379D3} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2845289
SearchScopes: HKLM-x32 -> {FF4F0CAD-67E0-4E27-864A-EB3D9C1379D3} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> {08D8B2C7-A773-4D96-B40A-15720878911C} URL = hxxp://www.bing.com/search?FORM=U227DF&PC=U227&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> {0DAFCB5E-5BA4-4117-B262-C0B0490EE199} URL = hxxps://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=903578&p={searchTerms}
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> {295C8D1A-956E-45FF-BF82-4C7D5D969816} URL =
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> {626EC889-A90F-4715-A5DD-995534FFFCF8} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1003 -> DefaultScope {FF4F0CAD-67E0-4E27-864A-EB3D9C1379D3} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS421
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1003 -> {1809DA3D-124E-4398-A93B-1C197C838C1F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=WCL2&o=100000082&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^AA2&apn_dtid=^YYYYYY^YY^US&apn_uid=0BE7F339-994C-48B8-8FBF-F6AF21B55540&apn_sauid=4F5B7F40-ED6E-4553-B66F-1237C87D95BF&
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1003 -> {295C8D1A-956E-45FF-BF82-4C7D5D969816} URL =
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1003 -> {6FA1E0C3-62AF-4505-8D53-C52348094393} URL = hxxp://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1003 -> {FF4F0CAD-67E0-4E27-864A-EB3D9C1379D3} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS421
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-501 -> DefaultScope {B3BD2FB0-30FD-40E7-AFEE-5C47F0D7B5B8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-501 -> {B3BD2FB0-30FD-40E7-AFEE-5C47F0D7B5B8} URL = hxxp://www.bing.com/search?q={searchTerms}&form=BIE9DF&pc=BIE9&src=IE-SearchBox
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-09] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-09] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
Toolbar: HKLM-x32 - No Name - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-09-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
Toolbar: HKU\S-1-5-21-851422437-3431464140-778240321-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-09-22] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://aolsvc.aol.com/onlinegames/popzuma/popcaploader_v10.cab
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)

FireFox:
========
FF ProfilePath: C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\windows\system32\npDeployJava1.dll [2013-09-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-14] (Adobe Systems, Inc.)
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-09] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-12-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-12-10] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: @nds.com/PlayerPlugin -> C:\Users\Karen McKinnis\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2013-06-25] (DIRECTV)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: @talk.google.com/O1DPlugin -> C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Karen McKinnis\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Karen McKinnis\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: NDS.com/PlayerPlugin -> C:\Users\Karen McKinnis\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2013-06-25] (DIRECTV)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Karen McKinnis\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Karen McKinnis\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF SearchPlugin: C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\searchplugins\avira-safesearch.xml [2015-08-18]
FF Extension:     Play Pickle TextLinks         - C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2011-08-08] [not signed]
FF Extension: Avira Browser Safety - C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\Extensions\[email protected] [2015-10-24] [not signed]
FF Extension: Avira Safe Search Plus - C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\Extensions\[email protected] [2015-12-04] [not signed]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-11-08] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-08] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-11-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-12-25] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/webhp?sourceid=navclient-ff
CHR Profile: C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-09]
CHR Extension: (Bejeweled) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-04-22]
CHR Extension: (Google Docs) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-09]
CHR Extension: (Google Drive) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (TV) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2015-04-22]
CHR Extension: (YouTube) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-10-20]
CHR Extension: (Facebook for Chrome) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp [2015-08-26]
CHR Extension: (Google Docs Offline) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Crackle) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-09-09]
CHR Extension: (Freemake Video Converter) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2015-04-22]
CHR Extension: (Avira SafeSearch) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjilmcjipkeokomeekfnhkpbnhmgaje [2015-11-30]
CHR Extension: (Skype Click to Call) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-10-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-09]
CHR Extension: (RSS Feed Reader) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2015-11-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-851422437-3431464140-778240321-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Karen McKinnis\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2012-12-25]
CHR HKLM-x32\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lgjlpcjpffjiecfdocmabeenmgnlmnkd] - C:\ProgramData\wxDfast\lgjlpcjpffjiecfdocmabeenmgnlmnkd.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
CHR HKLM-x32\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Karen McKinnis\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\ProgramData\Browser Manager\2.5.911.18\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\mngr.crx <not found>
StartMenuInternet: Google Chrome.F7MOBJCLTVQD3HV3IATKQYRXT4 - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-22] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [243968 2015-10-14] (Avira Operations GmbH & Co. KG)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2012-09-07] (Freemake) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 lxdn_device; C:\windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 lxdn_device; C:\windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1095976 2015-12-10] (RealNetworks, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-08-29] (Windows ® Win 7 DDK provider)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
S4 LMIRfsClientNP; no ImagePath
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 ZTEusbgps; C:\Windows\System32\DRIVERS\ZTEusbgps.sys [123520 2010-12-08] (ZTE Incorporated) [File not signed]
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [235008 2011-04-09] (ZTE Incorporated) [File not signed]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 PCTINDIS5X64; \??\C:\windows\system32\PCTINDIS5X64.SYS [X]
S3 RkHit; \??\C:\windows\system32\drivers\RKHit.sys [X]
S3 ZTEusbMB; system32\DRIVERS\ZTEusbnmeaext2.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-12 13:08 - 2015-12-12 13:11 - 00054256 _____ C:\Users\Karen McKinnis\Desktop\Addition.txt
2015-12-12 13:07 - 2015-12-12 13:12 - 00036110 _____ C:\Users\Karen McKinnis\Desktop\FRST.txt
2015-12-12 13:06 - 2015-12-12 13:12 - 00000000 ____D C:\FRST
2015-12-12 13:04 - 2015-12-12 13:04 - 02369536 _____ (Farbar) C:\Users\Karen McKinnis\Desktop\FRST64.exe
2015-12-10 10:39 - 2015-12-10 10:39 - 00428727 _____ C:\Users\Karen McKinnis\AppData\Local\census.cache
2015-12-10 10:39 - 2015-12-10 10:39 - 00207101 _____ C:\Users\Karen McKinnis\AppData\Local\ars.cache
2015-12-10 09:56 - 2015-05-29 00:43 - 00307352 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2015-12-10 09:52 - 2015-12-10 09:52 - 00000036 _____ C:\Users\Karen McKinnis\AppData\Local\housecall.guid.cache
2015-12-10 09:19 - 2015-12-10 09:21 - 02494944 _____ (Trend Micro Inc.) C:\Users\Karen McKinnis\Downloads\HousecallLauncher64.exe
2015-12-10 08:41 - 2015-12-10 08:41 - 00001732 _____ C:\Users\Karen McKinnis\Documents\cc_20151210_084056.reg
2015-12-10 07:49 - 2015-12-10 07:49 - 00000982 _____ C:\Users\Public\Desktop\RealPlayer (RealTimes).lnk
2015-12-10 07:48 - 2015-12-10 07:48 - 00003382 _____ C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-851422437-3431464140-778240321-1000
2015-12-10 07:48 - 2015-12-10 07:48 - 00003266 _____ C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-851422437-3431464140-778240321-1000
2015-12-10 07:48 - 2015-12-10 07:48 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Roaming\RealNetworks
2015-12-10 07:47 - 2015-12-10 07:47 - 00000000 ____D C:\ProgramData\RealNetworks
2015-12-10 07:47 - 2015-12-10 07:47 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2015-12-10 07:44 - 2015-12-10 07:44 - 00200976 _____ (RealNetworks, Inc.) C:\windows\SysWOW64\rmoc3260.dll
2015-12-10 07:43 - 2015-12-10 07:43 - 00278800 _____ (Progressive Networks) C:\windows\SysWOW64\pncrt.dll
2015-12-10 07:41 - 2015-12-10 07:41 - 00505616 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp71.dll
2015-12-10 07:41 - 2015-12-10 07:41 - 00354064 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll
2015-12-08 02:56 - 2015-12-08 02:56 - 00000458 _____ C:\Users\Karen McKinnis\Documents\cc_20151208_025609.reg
2015-12-08 02:47 - 2015-12-08 02:51 - 06801752 _____ (Piriform Ltd) C:\Users\Karen McKinnis\Downloads\ccsetup512.exe
2015-12-08 02:22 - 2015-12-08 02:22 - 00003744 _____ C:\Users\Karen McKinnis\Documents\cc_20151208_022237.reg
2015-12-02 11:10 - 2015-12-02 11:11 - 00000000 ____D C:\Users\Karen McKinnis\Documents\Principal Financial Group 2015
2015-11-18 17:39 - 2015-11-18 17:39 - 00000580 _____ C:\Users\Karen McKinnis\Documents\cc_20151118_173926.reg
2015-11-18 06:14 - 2015-11-18 06:14 - 00002061 _____ C:\Users\Karen McKinnis\Desktop\Free Antivirus Profile Scan for rootkits (2).LNK
2015-11-15 10:07 - 2015-11-15 10:07 - 00000460 _____ C:\Users\Karen McKinnis\Documents\cc_20151115_100659.reg
2015-11-15 08:23 - 2015-11-15 08:23 - 00000468 _____ C:\Users\Karen McKinnis\Documents\cc_20151115_082347.reg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-12 13:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows
2015-12-12 13:05 - 2015-06-29 05:35 - 00000944 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000UA.job
2015-12-12 12:58 - 2009-07-13 21:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-12 12:58 - 2009-07-13 21:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-12 12:41 - 2010-10-15 10:41 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-12 12:17 - 2014-09-22 18:52 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-12-12 09:59 - 2015-01-31 13:16 - 00003966 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{844D8B97-4D15-4F29-99E6-DEE9E1BC4065}
2015-12-11 19:05 - 2015-06-29 05:35 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000Core.job
2015-12-11 18:41 - 2010-10-15 10:41 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-11 13:46 - 2011-09-01 11:09 - 00000000 ____D C:\ProgramData\lx_Cats
2015-12-11 11:59 - 2013-05-13 18:45 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Local\HTC MediaHub
2015-12-11 11:59 - 2011-12-16 10:45 - 00000435 _____ C:\windows\system32\Drivers\etc\hosts.ics
2015-12-11 11:58 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-11 11:50 - 2012-11-29 09:07 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-10 09:10 - 2011-09-20 10:27 - 00000000 ____D C:\windows\pss
2015-12-10 08:56 - 2014-03-17 07:59 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-10 08:27 - 2009-07-13 22:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2015-12-10 08:27 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2015-12-10 08:21 - 2011-11-25 07:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-10 07:55 - 2015-07-18 08:59 - 00003444 _____ C:\windows\System32\Tasks\RealDownloader Update Check
2015-12-10 07:50 - 2011-03-20 14:46 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Roaming\Real
2015-12-10 07:49 - 2011-03-20 14:46 - 00000000 ____D C:\Program Files (x86)\Real
2015-12-10 07:48 - 2015-07-18 08:58 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-10 07:48 - 2013-08-02 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2015-12-10 07:48 - 2011-03-20 14:46 - 00000000 ____D C:\ProgramData\Real
2015-12-08 02:20 - 2011-03-12 16:33 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Local\CrashDumps
2015-12-04 18:36 - 2010-10-15 10:41 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 18:36 - 2010-10-15 10:41 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 13:18 - 2011-03-02 03:33 - 00301728 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-12-02 10:15 - 2015-08-21 07:11 - 00002042 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2015-12-02 10:15 - 2011-12-04 13:22 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Local\Downloaded Installations
2015-12-01 19:00 - 2015-06-29 05:35 - 00003936 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000UA
2015-12-01 19:00 - 2015-06-29 05:35 - 00003540 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000Core
2015-12-01 03:46 - 2015-08-17 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-01 03:44 - 2015-08-17 16:47 - 00162072 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2015-12-01 03:44 - 2015-08-17 16:47 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-12-01 03:44 - 2015-08-17 16:47 - 00075472 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2015-11-26 12:19 - 2015-11-01 13:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-17 15:57 - 2009-07-13 21:45 - 00417872 _____ C:\windows\system32\FNTCACHE.DAT
2015-11-15 13:30 - 2011-03-01 12:04 - 00110456 _____ C:\Users\Karen McKinnis\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-15 08:26 - 2015-11-08 12:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-15 08:26 - 2015-03-01 19:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== Files in the root of some directories =======

2012-10-25 07:32 - 2015-03-01 18:34 - 0032768 ___SH () C:\Users\Karen McKinnis\AppData\Roaming\Thumbs.db
2012-02-09 21:04 - 2012-02-09 21:04 - 0027702 _____ () C:\Users\Karen McKinnis\AppData\Roaming\UserTile.png
2015-12-10 10:39 - 2015-12-10 10:39 - 0207101 _____ () C:\Users\Karen McKinnis\AppData\Local\ars.cache
2015-12-10 10:39 - 2015-12-10 10:39 - 0428727 _____ () C:\Users\Karen McKinnis\AppData\Local\census.cache
2011-03-31 17:53 - 2014-04-19 22:38 - 0123904 _____ () C:\Users\Karen McKinnis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-05 04:00 - 2014-07-05 04:01 - 0000084 _____ () C:\Users\Karen McKinnis\AppData\Local\DVDPATH.TXT
2015-12-10 09:52 - 2015-12-10 09:52 - 0000036 _____ () C:\Users\Karen McKinnis\AppData\Local\housecall.guid.cache
2011-03-01 20:30 - 2015-08-14 07:42 - 0007654 _____ () C:\Users\Karen McKinnis\AppData\Local\Resmon.ResmonCfg
2011-03-01 15:25 - 2011-03-01 15:25 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-09-01 11:11 - 2011-09-01 11:11 - 0000252 _____ () C:\ProgramData\FastPics.log
2011-12-21 16:00 - 2015-02-19 11:48 - 0001102 _____ () C:\ProgramData\lxdnDiagnostics.log
2013-11-03 11:32 - 2013-11-03 11:32 - 0677028 _____ () C:\ProgramData\SPL4B1D.tmp
2014-05-12 12:30 - 2014-05-12 12:34 - 3916231 _____ () C:\ProgramData\SPL4BE3.tmp
2011-09-01 12:18 - 2011-09-01 12:18 - 2455600 _____ () C:\ProgramData\SPL6946.tmp
2013-10-24 10:04 - 2013-10-24 10:04 - 0677028 _____ () C:\ProgramData\SPL69E9.tmp
2011-09-01 21:22 - 2011-09-01 21:23 - 0000126 _____ () C:\ProgramData\tbsched.log
2011-09-01 11:13 - 2011-09-01 11:13 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

Files to move or delete:
====================
C:\Users\Public\AlexaNSISPlugin.3328.dll


Some files in TEMP:
====================
C:\Users\Karen McKinnis\AppData\Local\Temp\avgnt.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-10 11:53

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by Karen McKinnis (2015-12-12 13:12:53)
Running from C:\Users\Karen McKinnis\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-03-01 19:00:25)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-851422437-3431464140-778240321-500 - Administrator - Disabled)
comp admin (S-1-5-21-851422437-3431464140-778240321-1003 - Administrator - Enabled) => C:\Users\comp admin
Guest (S-1-5-21-851422437-3431464140-778240321-501 - Limited - Enabled) => C:\Users\Guest.KarenMcKinnis
HomeGroupUser$ (S-1-5-21-851422437-3431464140-778240321-1002 - Limited - Enabled)
Karen McKinnis (S-1-5-21-851422437-3431464140-778240321-1000 - Administrator - Enabled) => C:\Users\Karen McKinnis

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira Launcher (HKLM-x32\...\{59c4462d-a177-4d44-a95b-deda1be79844}) (Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.49.18939 - Avira Operations GmbH & Co. KG) Hidden
Best Buy pc app (HKU\S-1-5-21-851422437-3431464140-778240321-1003\...\e55b814e55744b76) (Version: 3.2.605.2 - Best Buy)
Best Buy pc app (HKU\S-1-5-21-851422437-3431464140-778240321-501\...\48e4cff94f039634) (Version: 3.0.0.0 - Best Buy)
Bricks of Atlantis (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11050883}) (Version:  - Oberon Media)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Chuzzle (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version:  - Oberon Media)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DIRECTV Player (HKLM-x32\...\{69b8745b-65c2-4a2d-b5db-00e0cd841f1e}) (Version: 9.0 - DIRECTV)
Dynasty (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}) (Version:  - Oberon Media)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free All-In-One Media Player (HKLM-x32\...\Free Media Player_is1) (Version:  - Free Software Group)
Free FLAC to MP3 Converter 1.0 (HKLM-x32\...\{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1) (Version:  - PolySoft Solutions)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Freemake Video Converter version 3.2.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation)
G-Force (HKLM-x32\...\G-Force) (Version: 3.9.1 - SoundSpectrum)
Google Chrome (HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.6904.2028 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.64.0 - HTC)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
[email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version:  - Lexmark International, Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Mavis Beacon Teaches Typing Platinum 20 (HKLM-x32\...\{58F9D852-9443-4955-A1ED-12C9E0504DD0}) (Version: 20.00.0000 - Broderbund)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Morphyre (HKLM-x32\...\Morphyre) (Version:  - )
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MusicManager) (Version:  - Google, Inc.)
OpenSource Flash Video Splitter (remove only) (HKLM-x32\...\OpenSource Flash Video Splitter) (Version:  - )
Pale Moon 12.3 (x86 en-US) (HKLM-x32\...\Pale Moon 12.3 (x86 en-US)) (Version: 12.3 - Mozilla)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 18.1.2.176 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.2.179 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.2 - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RescuePRO™ 3.0 (HKLM-x32\...\RescuePRO-3.0) (Version:  - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1136 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{76078303-BAA2-4FBF-BA13-D1065195E696}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.3.7 - Shark007)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-851422437-3431464140-778240321-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Karen McKinnis\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-851422437-3431464140-778240321-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Karen McKinnis\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2013-01-21 10:59 - 00445399 ____R C:\windows\system32\Drivers\etc\hosts

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.10sek.com
127.0.0.1    10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    www.123fporn.info
127.0.0.1    123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15286 more lines.


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0295E8BB-5F4D-4DC2-B877-1CA1880965BD} - \Microsoft_MKC_Logon_Task_ipoint.exe -> No File <==== ATTENTION
Task: {035E4ED5-F80D-47A2-92A8-3CE99549675B} - \{FBB03403-4435-4D6C-B749-DEB66FFDBDB1} -> No File <==== ATTENTION
Task: {14027216-A724-488B-A1A8-2509B1951589} - \Microsoft_Hardware_Launch_devicecenter_exe -> No File <==== ATTENTION
Task: {211F968F-363B-4F5C-9998-DB72CD5BB890} - \{43148735-6D08-462E-8A2D-A2BED8FB1BEA} -> No File <==== ATTENTION
Task: {22810756-8480-4FAD-883D-FBEF5B2F72E7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {24FEFB76-2477-480A-92AD-B112928AF264} - \{A68FFA67-292F-4368-98CA-2E9A0A827772} -> No File <==== ATTENTION
Task: {4082F654-6FED-4DC2-9EE4-76FC04A34D74} - \PCSafePRO_Start -> No File <==== ATTENTION
Task: {45E5DE3B-1195-4DAF-AEB3-564EBB627774} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000Core => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {460E95D9-3FEB-40B9-A815-327B8C7A2D07} - \{CCFF6434-156E-4D41-AA85-1826B1945794} -> No File <==== ATTENTION
Task: {51F164DD-DE88-4228-960D-A52A93AD5540} - \{270F64CF-BBF4-4AAA-BD43-868E3BB8AB94} -> No File <==== ATTENTION
Task: {5F76E66B-A38B-4DAC-9C78-9C62DEE86E04} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-11-04] ()
Task: {66861258-FA96-4F39-9D2B-F99439677543} - \YourFile DownloaderUpdate -> No File <==== ATTENTION
Task: {787E823C-B0D3-40D3-AB96-18E7C21D3E9A} - \RealUpgradeLogonTaskS-1-5-21-851422437-3431464140-778240321-1000 -> No File <==== ATTENTION
Task: {798092B1-E41C-491F-8A4D-0F2134143614} - \{4B970EA6-9BDE-40DE-9E2A-4FC72BF5EBD1} -> No File <==== ATTENTION
Task: {83A8799A-FE1C-4766-86FD-B56D3A5367CA} - \Spybot - Search & Destroy -  Scheduled Task -> No File <==== ATTENTION
Task: {8460CDA7-D46A-4B06-A882-8DB16D3D87D2} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-851422437-3431464140-778240321-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {8D7EA35B-5E4E-40A4-B24C-55C8B2F36AC2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-851422437-3431464140-778240321-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {903087C8-D0BF-41AF-9457-A109C1604081} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade
Task: {9035E000-8BD9-4241-B96D-A370B465F883} - \{26EC24DD-FA05-4025-8620-B043F77B17DB} -> No File <==== ATTENTION
Task: {980D9688-30C0-403D-8064-9FABC7A98C64} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> No File <==== ATTENTION
Task: {9D2B7B94-D522-477B-846A-256D6D10FBF3} - \Microsoft_MKC_Logon_Task_itype.exe -> No File <==== ATTENTION
Task: {A0CE6B2E-788C-43E5-8733-4986FF59C461} - \PCSafePRO_Popup -> No File <==== ATTENTION
Task: {A1605CE0-1E24-43C7-A6CC-33EECDFA630D} - \RealUpgradeScheduledTaskS-1-5-21-851422437-3431464140-778240321-1000 -> No File <==== ATTENTION
Task: {A850F9DC-88A1-4C6A-B3A7-D4682CB2D9DA} - \{F5E50DD1-523D-4D5B-8B61-D9F0F2F4DDC5} -> No File <==== ATTENTION
Task: {AB9CC5FE-E1E6-43F2-96EC-185E4832D74C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {AFE9D5E5-5568-4FC0-8970-F55299F84480} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo
Task: {B5135A42-8E05-40B1-88E5-031180483391} - \Test TimeTrigger -> No File <==== ATTENTION
Task: {B7C1273F-16FE-4F68-8BBB-63A550AC7835} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\MatSvc\DataUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RetryDataUpload
Task: {B9FAF1D9-6D73-4D72-99EE-B341C16522C6} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ReportUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunUploadWinReports
Task: {BF13A229-932B-40A3-B3B9-33F915BED027} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.)
Task: {C005D3A0-ABEE-44D2-8D69-C9D9EE5618A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C1C9B998-2022-4712-BCFB-085A924FD781} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000UA => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C5FF9FBF-5A18-4B65-B189-009F691504B0} - \{D134A4FB-B31D-44E0-B93E-3C890C5545BC} -> No File <==== ATTENTION
Task: {D749846B-79C4-45C8-BE37-F658B18A5CB8} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {D915A784-DDD7-422C-8C2C-0C0AAC59421D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {DACC143D-8033-41D2-A0E0-3B3BCF735835} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {E06B8B9A-E1A0-4A88-830A-6CB96A224F91} - \Microsoft_Hardware_Launch_itype_exe -> No File <==== ATTENTION
Task: {F3DADA61-1C49-419E-9649-EB08240C6BD3} - \{95019DFA-8101-43E1-B474-8FAFC21F4605} -> No File <==== ATTENTION
Task: {FE4B978F-E7D6-4908-BFD7-A15AA6A448E2} - \Microsoft_Hardware_Launch_ipoint_exe -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000Core.job => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000UA.job => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2011-09-01 20:17 - 2009-08-13 12:06 - 00177152 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2013-05-13 18:44 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-11-04 15:20 - 2015-11-04 15:20 - 00033088 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2009-05-14 13:47 - 2009-05-14 13:47 - 00025088 _____ () C:\windows\system32\lxdncaps64.dll
2009-07-23 19:54 - 2009-07-23 19:54 - 01024512 _____ () C:\windows\system32\lxdndrs64.dll
2007-10-02 14:51 - 2007-10-02 14:51 - 00054784 _____ () C:\windows\system32\lxdncnv464.dll
2009-05-27 09:02 - 2009-05-27 09:02 - 01401856 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxdnptpc.dll
2009-08-13 12:07 - 2009-08-13 12:07 - 00195072 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxdndrui.dll
2009-08-13 12:05 - 2009-08-13 12:05 - 00273408 _____ () C:\windows\system32\spool\DRIVERS\x64\3\lxdndr.dll
2015-11-04 13:28 - 2015-11-04 13:28 - 00719632 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2015-07-14 15:35 - 2015-07-14 15:35 - 00030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2015-11-24 16:02 - 2015-11-24 16:02 - 00604288 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2015-07-14 15:36 - 2015-07-14 15:36 - 00059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2015-07-14 15:35 - 2015-07-14 15:35 - 00035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2015-07-14 15:36 - 2015-07-14 15:36 - 00079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2015-07-14 15:37 - 2015-07-14 15:37 - 00129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2015-07-14 15:39 - 2015-07-14 15:39 - 00223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00037720 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2015-11-04 15:19 - 2015-11-04 15:19 - 00039768 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00037728 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2015-11-04 13:20 - 2015-11-04 13:20 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2015-07-18 08:55 - 2015-12-10 07:42 - 00653608 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll
2015-11-04 13:28 - 2015-11-04 13:28 - 00077584 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll
2015-12-08 19:50 - 2015-12-04 14:32 - 01583432 _____ () C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
2015-12-08 19:50 - 2015-12-04 14:32 - 00081224 _____ () C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\47.0.2526.80\libegl.dll
2015-12-08 19:50 - 2015-12-04 14:32 - 16573256 _____ () C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\47.0.2526.80\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:4BB26BE9
AlternateDataStreams: C:\ProgramData\TEMP:AA9519A6
AlternateDataStreams: C:\ProgramData\TEMP:F4921BC9

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7783 more sites.

IE trusted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\microsoft.com -> hxxp://office.microsoft.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\123simsen.com -> www.123simsen.com

There are 7783 more sites.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-851422437-3431464140-778240321-1000\Control Panel\Desktop\\Wallpaper ->
HKU\S-1-5-21-851422437-3431464140-778240321-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\comp admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-851422437-3431464140-778240321-501\Control Panel\Desktop\\Wallpaper -> C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Freemake Improver => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: RealPlayerUpdateSvc => 2
MSCONFIG\Services: RealTimes Desktop Service => 2
MSCONFIG\Services: TappInAgent => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk.disabled => C:\windows\pss\McAfee Security Scan Plus.lnk.disabled.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^RealTimes.lnk => C:\windows\pss\RealTimes.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Karen McKinnis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Karen McKinnis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Socialbox.lnk => C:\windows\pss\Socialbox.lnk.Startup
MSCONFIG\startupreg: (default) =>
MSCONFIG\startupreg: 00TCrdMain => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: BingDesktop => c:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
MSCONFIG\startupreg: CA74985D9AF18030BF22B5025D7C5C1DFED33CD9._service_run => "C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: EzPrint => "C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe"
MSCONFIG\startupreg: Google Update => "C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_8FCAB53A557408FE6A58F9DDE3A544E7 => "C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\windows\system32\hkcmd.exe
MSCONFIG\startupreg: Intel AppUp(SM) center => "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
MSCONFIG\startupreg: Intel AppUp(SM) center Systray => "C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.exe" --domain F0399437-FD0C-4A48-B101-F0314A6172E4 --openmode trayicon
MSCONFIG\startupreg: Intel AppUp(SM) center_Nagware => "C:\Program Files (x86)\Intel\IntelAppStore\bin\AppUp.lnk"
MSCONFIG\startupreg: IntelliType Pro => "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: lxdnamon => "C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe"
MSCONFIG\startupreg: lxdnmon.exe => "C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe"
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: MusicManager => "C:\Users\Karen McKinnis\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: PSUAMain => "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RealDownloader => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: Spotify => "C:\Users\Karen McKinnis\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Karen McKinnis\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SpybotSD TeaTimer => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TkBellExe => "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: VNT => C:\Program Files (x86)\VNT\vntldr.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7FCA74BA-F136-4E24-8B65-1DAE2C5A40EE}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EB20C4E5-739F-4FEF-9849-D5923D807933}] => (Allow) LPort=2869
FirewallRules: [{A17F1F14-DA92-474F-8B09-17ADE5CE7063}] => (Allow) LPort=1900
FirewallRules: [{24FBD22E-FDFB-41E8-81F9-A221F15C95D6}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{DE901B0C-E238-48A0-865B-E5B7B0A6F7E5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{78584274-F6A9-454E-8492-5D5DE3547B64}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{9C1133CB-BA47-4B42-BFF3-772792176C35}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{E5BBC32E-9E02-4753-BC37-94A53E2BFCE6}] => (Allow) LPort=7000
FirewallRules: [{5E3E7C2B-F3F9-4D44-AD86-C253B15E3353}] => (Allow) LPort=7000
FirewallRules: [TCP Query User{C61187D2-2447-4158-8033-9DD8B527392F}C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe] => (Allow) C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe
FirewallRules: [UDP Query User{5C581281-C62E-4073-993F-E05FF7BCAE3F}C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe] => (Allow) C:\program files (x86)\soundspectrum\g-force\g-force standalone.exe
FirewallRules: [{D25A8072-C6D6-4195-81D0-62832E1D1481}] => (Allow) C:\Users\Karen McKinnis\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{22D602BD-5DD1-4F69-91AE-3766279A81C9}] => (Allow) C:\Users\Karen McKinnis\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{DEA854F0-9085-466C-B5D1-9A7C618272E6}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnjswx.exe
FirewallRules: [{D9B8B402-057E-4951-96A2-9C9086C49746}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnjswx.exe
FirewallRules: [TCP Query User{F5B1BF57-5BF3-41FE-89CF-8C670705E9BD}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe] => (Allow) C:\program files (x86)\lexmark 2600 series\lxdnmon.exe
FirewallRules: [UDP Query User{4346C047-031A-4F84-814B-CB8131734324}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe] => (Allow) C:\program files (x86)\lexmark 2600 series\lxdnmon.exe
FirewallRules: [{BAFAFF8E-AD6D-47E5-83DC-97A3F29E27C3}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{9036EBBA-39C6-43EA-9C22-47CB1414653F}] => (Allow) C:\Windows\SysWOW64\lxdncoms.exe
FirewallRules: [{FE70B963-A4E6-4955-A8CD-03F28BCE5ED8}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
FirewallRules: [{71234215-3680-429A-B552-93BE69960E5E}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
FirewallRules: [{C861787F-8887-4CF9-96CB-3697E58DCCAA}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe
FirewallRules: [{B88F9419-7212-46A9-B94B-81BD162D5A35}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe
FirewallRules: [{8CC6E6E9-77AF-40CC-9B81-C04579FF7218}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\frun.exe
FirewallRules: [{019731D3-FD45-45BB-8DF7-128C6561AACF}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\frun.exe
FirewallRules: [{61716BBA-9216-4753-A278-E51290EA71F7}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdntime.exe
FirewallRules: [{5BCAFB65-A514-48A3-A488-697ADBC9259B}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\lxdntime.exe
FirewallRules: [{4DAC1466-318B-477A-BD48-C546B16FED5C}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{3B6EA9E4-AC3E-4D15-80D4-185A5871C664}] => (Allow) C:\Windows\System32\lxdncoms.exe
FirewallRules: [{10A32C7F-3CE4-42E3-8B30-5231143BE947}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnpswx.exe
FirewallRules: [{9BC2D15B-127D-4232-9EFD-6665A9D39D4E}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxdnpswx.exe
FirewallRules: [TCP Query User{AB546C4F-CEF3-4AF8-89E2-23B5515665D4}C:\users\karen mckinnis\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\karen mckinnis\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{DE4ED9AF-621F-4DD5-84A2-EE35AF13FA82}C:\users\karen mckinnis\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\karen mckinnis\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A808EE16-6968-4DD9-8E77-BE1F1349FC45}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe
FirewallRules: [{9D714269-38C3-4FF7-BB67-838BDEE85A8A}] => (Allow) C:\Program Files (x86)\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe
FirewallRules: [TCP Query User{349971DF-9EB4-4218-9613-D5FDBE9D7211}C:\program files (x86)\soundspectrum\g-force\g-force v-bar.exe] => (Allow) C:\program files (x86)\soundspectrum\g-force\g-force v-bar.exe
FirewallRules: [UDP Query User{6AF36AC2-190E-4B61-8D80-2964F32AB8AF}C:\program files (x86)\soundspectrum\g-force\g-force v-bar.exe] => (Allow) C:\program files (x86)\soundspectrum\g-force\g-force v-bar.exe
FirewallRules: [{0FB121D4-96A4-4060-BF1C-3F8084ECD024}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{C5498301-7B8B-4EF0-B5A9-7E4A2ED5E140}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{B7581333-6081-4A6E-BF5B-642680376DD2}C:\program files (x86)\lexmark 2600 series\frun.exe] => (Allow) C:\program files (x86)\lexmark 2600 series\frun.exe
FirewallRules: [UDP Query User{D01D4F4F-AA0D-4049-9411-49B9D62B103A}C:\program files (x86)\lexmark 2600 series\frun.exe] => (Allow) C:\program files (x86)\lexmark 2600 series\frun.exe
FirewallRules: [TCP Query User{5EA905FC-3BE4-41E4-B125-F75829BDAE0B}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe
FirewallRules: [UDP Query User{4C0FBB50-5291-44BC-A285-B25B0369930C}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe
FirewallRules: [{650DB092-FFFE-40FC-8707-B57BE1599707}] => (Allow) C:\Program Files (x86)\Toolbar Cleaner\ToolbarCleaner.exe
FirewallRules: [{D7AEABDF-0C71-4DC5-8195-A7F859AF6AAE}] => (Allow) C:\Program Files (x86)\Toolbar Cleaner\ToolbarCleaner.exe
FirewallRules: [{EE63225E-2E1C-4578-9CDA-1FF951B00D7D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5346DFFF-F7D4-457E-9FA5-5B221B91E0FF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AA3295E4-DEB2-42C0-B545-3391EC5F18C9}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{65B3139C-645D-450A-8940-48BC82AE5AF2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F95C95B6-57D7-4D9B-8B26-6407839C8459}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F35BE0AE-15C2-4085-A046-E07382B8AB57}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{BC6354C0-06AB-403C-9632-0340DE6A6A79}] => (Allow) C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
FirewallRules: [{9CE03297-2C28-488D-AA07-6CC8D8292CC7}] => (Allow) C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{B90B4F6A-B9F5-46FC-813C-477D357848EB}] => (Allow) c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider
Description: LogMeIn Kernel Information Provider
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: LMIInfo
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2015 09:23:42 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/11/2015 09:23:42 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/11/2015 09:23:42 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/11/2015 09:23:42 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (12/11/2015 09:23:33 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/11/2015 09:23:32 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
    The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (12/11/2015 09:23:32 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/11/2015 09:23:32 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
    The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/11/2015 09:23:32 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
    0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

Error: (12/11/2015 09:23:31 AM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (4088) Windows: Error -1811 occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS00098.log.


System errors:
=============
Error: (12/12/2015 01:09:34 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (12/12/2015 12:39:33 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (12/12/2015 11:39:32 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (12/12/2015 09:39:28 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (12/12/2015 08:39:25 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (12/12/2015 12:15:33 AM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (12/11/2015 01:00:36 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/11/2015 12:58:34 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0

Error: (12/11/2015 11:59:54 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.3192.168.137.0255.255.255.0

Error: (12/11/2015 11:59:54 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:


==================== Memory info ===========================

Processor: Intel® Celeron® CPU 925 @ 2.30GHz
Percentage of memory in use: 67%
Total physical RAM: 2939.98 MB
Available physical RAM: 953.19 MB
Total Virtual: 5878.16 MB
Available Virtual: 2965.38 MB

==================== Drives ================================

Drive c: (TI106034W0C) (Fixed) (Total:221.24 GB) (Free:153.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive i: (TOSHIBA HDD) (Fixed) (Total:931.28 GB) (Free:750.02 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 5FBA0294)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=221.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=17)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B86F9514)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)

==================== End of Addition.txt ============================


  • 1

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hello McKinnik and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.

    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    I'll need a bit of time to analyse the logs and will post a fix back. :)

  • 0

#3
mckinnik

mckinnik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Thank you Bruce1270 for your prompt reply to my problem. I already have one question and a comment. Concerning the follow button. Per the instructions when I submitted my information I clicked that button after I posted. Now the button says unfollow this comment. I guess I missed the "receive notefication" box. Is there anyway I can fix that? Second I forgot to mention that I'm having to run the SuperAntiSpyware program two or three times a day and I'm finding 80 to 100 issues each time. I also noticed some stuff on the logs I pasted that really concern me ... like sex sites and [bleep] sites. I'm a 60 year old woman and I don't visit those sites, so I'm confused about that. At any rate, thanks again for the prompt answer and I'm looking forward to working with you to resolve these issues.


  • 0

#4
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi MckInnik

My apologies as you had already set "follow this topic". Just to be sure you receive notifications please click on "Unfollow this topic" link at the top right of the topic and confirm Unfollow this topic. Then click Follow this topic. Don't change any setting and confirm by clicking on Follow this topic. This will ensure you will receive notifications.

At the moment please do not run any further programs such as SuperAntiSpyware or such and only run the tools/programs I instruct you to. This will make it easier to clean up. :)

I think what you are referring to in your logs are lines such as these.
 

127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info


A software you have installed for protection called Spybot has a list of known bad sites which it is programmed to prevent access to. This is what you are seeing in the logs. It is not signs of an infection on your machine or are any sites you have visited so please don't be alarmed by these.

Hope I have put your mond at rest a bit and will post my next instructions soon once I have finished examining your logs.

Thanks
  • 0

#5
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Mckinnik

Let's see if we can improve things for you. :)

Step1-Optional uninstall


I see that you have Spybot Search & Destroy. We no longer recommend this product because of the poor testing results. I recommend uninstalling this program. If you don't want to uninstall the program then please at least disable Tea Timer while performing any of my instructions. You can re-enable it when we are all done. Instructions for that are here. If you do decide to uninstall the program, first Undo your immunization before uninstalling. You can do that by clicking the Undo button with Spybot S&D and then remove from Add/Remove programs.
immunize.JPG

Question for you
 

ATTENTION: System Restore is disabled

It seems that your windows system restore is turned off. Are you aware of this or turned it off yourself?

If you have not turned this off please renable it by doing the following:
  • Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.
  • In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Under Protection Settings, click the disk, and then click Configure.
  • To be able to restore system settings and previous versions of files, click Restore system settings and previous versions of files.
  • Click OK, and then click OK again.


    Step2 - FRST fix


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

    Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   10.4KB   134 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step3 - Junkware Removal Tool


    Download Junkware Removal Tool by Malwarebytes and save it to your desktop.

    Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

    1.Ensure all programs and windows are closed before proceeding.
    2.Simply double-click the program icon to run it. It will ask for administrator privileges.
    3.A black window will appear. Press any key to continue.
    4.Wait for it to finish. It won't take long.
    5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
    7. Reboot your machine and enable your anti virus again.


    Step4 - AdwCleaner Scan


    Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner_zpslhu4ltda.jpg
  • Click the Scan button and wait for the program to finish.
  • Upon completion, click Logfile. A log (AdwCleaner[S*].txt) will open.
  • Please copy and paste this in your next reply.


    Things for your next post:
  • Confirmation if you have uninstalled Spybot.
  • Answer to my question on System Restore and if you have now enabled it?
  • fixlog.txt
  • JRT.txt
  • AdwCleaner[S*].txt

  • 0

#6
mckinnik

mckinnik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Good morning Bruce1270

 

Step #1 Spybot has been uninstalled

 

Step #2  I was not aware that system restore had been turned off, but has now been turned on

 

Step #2  I ran into problems doing this step. Everything went fine at first but then FRST hung up while deleting Mozilla Firefox user profiles. I used task manger to quit and tried a second time. I had a message from my Avira antivirus program that it had blocked access to host files, the program continued on but once again hung up while deleting Mozilla Firefox user profiles. It did however give me a text file this time which I am pasting below. Should I have turned off Avira before performing this step?  I will not continue on to step #3 unitl I hear back from you. Thank you again for helping me with this problem. Have a great day.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01
Ran by Karen McKinnis (2015-12-14 09:20:50) Run:2
Running from C:\Users\Karen McKinnis\Desktop
Loaded Profiles: Karen McKinnis & comp admin & Guest (Available Profiles: Karen McKinnis & comp admin & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MountPoints2: F - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MountPoints2: {00fc3e61-0ac0-11e3-9855-00266ca6737b} - E:\AutoLaunch.exe
HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MountPoints2: {cddfa79e-bc23-11e2-ac32-00266ca6737b} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MountPoints2: {e46220cc-0bf5-11e3-985d-00266ca6737b} - E:\AutoLaunch.exe
HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MountPoints2: {fcda94d8-f4f9-11e3-9cc1-00266ca6737b} - F:\VZW_Software_upgrade_assistant_installer.exe
HKU\S-1-5-21-851422437-3431464140-778240321-501\...\Run: [Best Buy pc app] => C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKU\S-1-5-18\...\RunOnce: [panda] => reg.exe delete "HKCU\Software\AppDataLow\Software\panda" /f
HKU\S-1-5-18\...\RunOnce: [panda_XP] => reg.exe delete "HKCU\Software\panda" /f
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2013-12-27]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [2013-12-27]
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (No File)
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bit
GroupPolicyScripts-x32: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
URLSearchHook: HKU\S-1-5-21-851422437-3431464140-778240321-1003 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
SearchScopes: HKLM-x32 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2845289
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> {295C8D1A-956E-45FF-BF82-4C7D5D969816} URL =
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1003 -> {1809DA3D-124E-4398-A93B-1C197C838C1F} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=WCL2&o=100000082&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^AA2&apn_dtid=^YYYYYY^YY^US&apn_uid=0BE7F339-994C-48B8-8FBF-F6AF21B55540&apn_sauid=4F5B7F40-ED6E-4553-B66F-1237C87D95BF&
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1003 -> {295C8D1A-956E-45FF-BF82-4C7D5D969816} URL =
Toolbar: HKLM-x32 - No Name - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} -  No File
Toolbar: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> No Name - {41564952-412D-5637-4300-7A786E7484D7} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} -  No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} -  No File
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
eployJava1.dll [2013-09-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF SearchPlugin: C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\searchplugins\avira-safesearch.xml [2015-08-18]
FF Extension: Avira Browser Safety - C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\Extensions\[email protected] [2015-10-24] [not signed]
FF Extension: Avira Safe Search Plus - C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\Extensions\[email protected] [2015-12-04] [not signed]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2015-11-08] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext => not found
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found
CHR Extension: (Avira SafeSearch) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjilmcjipkeokomeekfnhkpbnhmgaje [2015-11-30]
CHR HKU\S-1-5-21-851422437-3431464140-778240321-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [oajgghejjpgkmpgbchgjieahoefimdle] - C:\Users\Karen McKinnis\AppData\Local\CRE\oajgghejjpgkmpgbchgjieahoefimdle.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lgjlpcjpffjiecfdocmabeenmgnlmnkd] - C:\ProgramData\wxDfast\lgjlpcjpffjiecfdocmabeenmgnlmnkd.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lgjlpcjpffjiecfdocmabeenmgnlmnkd] - C:\ProgramData\wxDfast\lgjlpcjpffjiecfdocmabeenmgnlmnkd.crx <not found>
S4 LMIRfsClientNP; no ImagePath
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 PCTINDIS5X64; \??\C:\windows\system32\PCTINDIS5X64.SYS [X]
S3 RkHit; \??\C:\windows\system32\drivers\RKHit.sys [X]
S3 ZTEusbMB; system32\DRIVERS\ZTEusbnmeaext2.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
C:\Users\Public\AlexaNSISPlugin.3328.dll
Task: {0295E8BB-5F4D-4DC2-B877-1CA1880965BD} - \Microsoft_MKC_Logon_Task_ipoint.exe -> No File <==== ATTENTION
Task: {035E4ED5-F80D-47A2-92A8-3CE99549675B} - \{FBB03403-4435-4D6C-B749-DEB66FFDBDB1} -> No File <==== ATTENTION
Task: {14027216-A724-488B-A1A8-2509B1951589} - \Microsoft_Hardware_Launch_devicecenter_exe -> No File <==== ATTENTION
Task: {211F968F-363B-4F5C-9998-DB72CD5BB890} - \{43148735-6D08-462E-8A2D-A2BED8FB1BEA} -> No File <==== ATTENTION
Task: {24FEFB76-2477-480A-92AD-B112928AF264} - \{A68FFA67-292F-4368-98CA-2E9A0A827772} -> No File <==== ATTENTION
Task: {4082F654-6FED-4DC2-9EE4-76FC04A34D74} - \PCSafePRO_Start -> No File <==== ATTENTION
Task: {460E95D9-3FEB-40B9-A815-327B8C7A2D07} - \{CCFF6434-156E-4D41-AA85-1826B1945794} -> No File <==== ATTENTION
Task: {51F164DD-DE88-4228-960D-A52A93AD5540} - \{270F64CF-BBF4-4AAA-BD43-868E3BB8AB94} -> No File <==== ATTENTION
Task: {66861258-FA96-4F39-9D2B-F99439677543} - \YourFile DownloaderUpdate -> No File <==== ATTENTION
Task: {787E823C-B0D3-40D3-AB96-18E7C21D3E9A} - \RealUpgradeLogonTaskS-1-5-21-851422437-3431464140-778240321-1000 -> No File <==== ATTENTION
Task: {798092B1-E41C-491F-8A4D-0F2134143614} - \{4B970EA6-9BDE-40DE-9E2A-4FC72BF5EBD1} -> No File <==== ATTENTION
Task: {83A8799A-FE1C-4766-86FD-B56D3A5367CA} - \Spybot - Search & Destroy -  Scheduled Task -> No File <==== ATTENTION
Task: {9035E000-8BD9-4241-B96D-A370B465F883} - \{26EC24DD-FA05-4025-8620-B043F77B17DB} -> No File <==== ATTENTION
Task: {980D9688-30C0-403D-8064-9FABC7A98C64} - \Microsoft_Hardware_Launch_mousekeyboardcenter_exe -> No File <==== ATTENTION
Task: {9D2B7B94-D522-477B-846A-256D6D10FBF3} - \Microsoft_MKC_Logon_Task_itype.exe -> No File <==== ATTENTION
Task: {A0CE6B2E-788C-43E5-8733-4986FF59C461} - \PCSafePRO_Popup -> No File <==== ATTENTION
Task: {A1605CE0-1E24-43C7-A6CC-33EECDFA630D} - \RealUpgradeScheduledTaskS-1-5-21-851422437-3431464140-778240321-1000 -> No File <==== ATTENTION
Task: {A850F9DC-88A1-4C6A-B3A7-D4682CB2D9DA} - \{F5E50DD1-523D-4D5B-8B61-D9F0F2F4DDC5} -> No File <==== ATTENTION
Task: {B5135A42-8E05-40B1-88E5-031180483391} - \Test TimeTrigger -> No File <==== ATTENTION
Task: {C5FF9FBF-5A18-4B65-B189-009F691504B0} - \{D134A4FB-B31D-44E0-B93E-3C890C5545BC} -> No File <==== ATTENTION
Task: {E06B8B9A-E1A0-4A88-830A-6CB96A224F91} - \Microsoft_Hardware_Launch_itype_exe -> No File <==== ATTENTION
Task: {F3DADA61-1C49-419E-9649-EB08240C6BD3} - \{95019DFA-8101-43E1-B474-8FAFC21F4605} -> No File <==== ATTENTION
Task: {FE4B978F-E7D6-4908-BFD7-A15AA6A448E2} - \Microsoft_Hardware_Launch_ipoint_exe -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:4BB26BE9
AlternateDataStreams: C:\ProgramData\TEMP:AA9519A6
AlternateDataStreams: C:\ProgramData\TEMP:F4921BC9
C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy
C:\ProgramData\Best Buy pc app
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:
 
 
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value not found.
HKU\S-1-5-21-851422437-3431464140-778240321-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F => key not found. 
HKU\S-1-5-21-851422437-3431464140-778240321-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00fc3e61-0ac0-11e3-9855-00266ca6737b} => key not found. 
HKCR\CLSID\{00fc3e61-0ac0-11e3-9855-00266ca6737b} => key not found. 
HKU\S-1-5-21-851422437-3431464140-778240321-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cddfa79e-bc23-11e2-ac32-00266ca6737b} => key not found. 
HKCR\CLSID\{cddfa79e-bc23-11e2-ac32-00266ca6737b} => key not found. 
HKU\S-1-5-21-851422437-3431464140-778240321-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e46220cc-0bf5-11e3-985d-00266ca6737b} => key not found. 
HKCR\CLSID\{e46220cc-0bf5-11e3-985d-00266ca6737b} => key not found. 
HKU\S-1-5-21-851422437-3431464140-778240321-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fcda94d8-f4f9-11e3-9cc1-00266ca6737b} => key not found. 
HKCR\CLSID\{fcda94d8-f4f9-11e3-9cc1-00266ca6737b} => key not found. 
HKU\S-1-5-21-851422437-3431464140-778240321-501\Software\Microsoft\Windows\CurrentVersion\Run\\Best Buy pc app => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\panda_XP => value not found.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => not found.
C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk => not found.
C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe => not found.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
"C:\windows\SysWOW64\GroupPolicy\Machine" => not found.
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKU\S-1-5-21-851422437-3431464140-778240321-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => key not found. 
HKCR\Wow6432Node\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => key not found. 
HKU\S-1-5-21-851422437-3431464140-778240321-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{295C8D1A-956E-45FF-BF82-4C7D5D969816} => key not found. 
HKCR\CLSID\{295C8D1A-956E-45FF-BF82-4C7D5D969816} => key not found. 
HKU\S-1-5-21-851422437-3431464140-778240321-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1809DA3D-124E-4398-A93B-1C197C838C1F} => key not found. 
HKCR\CLSID\{1809DA3D-124E-4398-A93B-1C197C838C1F} => key not found. 
HKU\S-1-5-21-851422437-3431464140-778240321-1003\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{295C8D1A-956E-45FF-BF82-4C7D5D969816} => key not found. 
HKCR\CLSID\{295C8D1A-956E-45FF-BF82-4C7D5D969816} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} => value not found.
HKCR\Wow6432Node\CLSID\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} => key not found. 
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value not found.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found. 
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{41564952-412D-5637-4300-7A786E7484D7} => value not found.
HKCR\CLSID\{41564952-412D-5637-4300-7A786E7484D7} => key not found. 
HKCR\PROTOCOLS\Handler\livecall => key not found. 
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
HKCR\PROTOCOLS\Handler\msnim => key not found. 
HKCR\CLSID\{828030A1-22C1-4009-854F-8E305202313F} => key not found. 
HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0 => key not found. 
eployJava1.dll [2013-09-27] (Oracle Corporation) => Error: No automatic fix found for this entry.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0 => key not found. 
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key not found. 
"C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\searchplugins\avira-safesearch.xml" => not found.
C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\Extensions\[email protected] => not found.
C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\Extensions\[email protected] => not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4} => value not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} => value not found.
C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjilmcjipkeokomeekfnhkpbnhmgaje => not found
HKU\S-1-5-21-851422437-3431464140-778240321-1000\SOFTWARE\Google\Chrome\Extensions\oajgghejjpgkmpgbchgjieahoefimdle => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lgjlpcjpffjiecfdocmabeenmgnlmnkd => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lgjlpcjpffjiecfdocmabeenmgnlmnkd => key not found. 
LMIRfsClientNP => service not found.
LMIInfo => service not found.
massfilter => service not found.
PCTINDIS5X64 => service not found.
RkHit => service not found.
ZTEusbMB => service not found.
ZTEusbmdm6k => service not found.
ZTEusbnmea => service not found.
ZTEusbser6k => service not found.
"C:\Users\Public\AlexaNSISPlugin.3328.dll" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0295E8BB-5F4D-4DC2-B877-1CA1880965BD} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_MKC_Logon_Task_ipoint.exe => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{035E4ED5-F80D-47A2-92A8-3CE99549675B} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FBB03403-4435-4D6C-B749-DEB66FFDBDB1} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{14027216-A724-488B-A1A8-2509B1951589} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_devicecenter_exe => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{211F968F-363B-4F5C-9998-DB72CD5BB890} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{43148735-6D08-462E-8A2D-A2BED8FB1BEA} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24FEFB76-2477-480A-92AD-B112928AF264} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A68FFA67-292F-4368-98CA-2E9A0A827772} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4082F654-6FED-4DC2-9EE4-76FC04A34D74} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCSafePRO_Start => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{460E95D9-3FEB-40B9-A815-327B8C7A2D07} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{CCFF6434-156E-4D41-AA85-1826B1945794} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{51F164DD-DE88-4228-960D-A52A93AD5540} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{270F64CF-BBF4-4AAA-BD43-868E3BB8AB94} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66861258-FA96-4F39-9D2B-F99439677543} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YourFile DownloaderUpdate => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{787E823C-B0D3-40D3-AB96-18E7C21D3E9A} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeLogonTaskS-1-5-21-851422437-3431464140-778240321-1000 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{798092B1-E41C-491F-8A4D-0F2134143614} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4B970EA6-9BDE-40DE-9E2A-4FC72BF5EBD1} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{83A8799A-FE1C-4766-86FD-B56D3A5367CA} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Spybot - Search & Destroy -  Scheduled Task => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9035E000-8BD9-4241-B96D-A370B465F883} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{26EC24DD-FA05-4025-8620-B043F77B17DB} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{980D9688-30C0-403D-8064-9FABC7A98C64} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D2B7B94-D522-477B-846A-256D6D10FBF3} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_MKC_Logon_Task_itype.exe => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0CE6B2E-788C-43E5-8733-4986FF59C461} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCSafePRO_Popup => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1605CE0-1E24-43C7-A6CC-33EECDFA630D} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-851422437-3431464140-778240321-1000 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A850F9DC-88A1-4C6A-B3A7-D4682CB2D9DA} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F5E50DD1-523D-4D5B-8B61-D9F0F2F4DDC5} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5135A42-8E05-40B1-88E5-031180483391} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5FF9FBF-5A18-4B65-B189-009F691504B0} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D134A4FB-B31D-44E0-B93E-3C890C5545BC} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E06B8B9A-E1A0-4A88-830A-6CB96A224F91} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_itype_exe => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3DADA61-1C49-419E-9649-EB08240C6BD3} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{95019DFA-8101-43E1-B474-8FAFC21F4605} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE4B978F-E7D6-4908-BFD7-A15AA6A448E2} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft_Hardware_Launch_ipoint_exe => key not found. 
"C:\ProgramData\TEMP" => ":4BB26BE9" ADS not found.
"C:\ProgramData\TEMP" => ":AA9519A6" ADS not found.
"C:\ProgramData\TEMP" => ":F4921BC9" ADS not found.
"C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy" => not found.
"C:\ProgramData\Best Buy pc app" => not found.
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {AB34F463-A7EB-4262-BC78-68728B8DC0FC}.
Unable to cancel {56D76839-6821-4514-9520-C76921CAB174}.
0 out of 2 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.

  • 0

#7
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi McKinnik

OK. Proceed with steps 3 and 4 from post #5 and download and run junkware removal tool and adwcleaner please and post the logs.

Before running them please disable your anti virus by right clicking on the Avira icon in the system tray and then deselect real time protection.
  • 0

#8
mckinnik

mckinnik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

I seem to have run into another problem. While running the AdwCleaner scan it took a very long time so I left the room for a minute. Upon my return I notice that the program is saying

Waiting for action. Please uncheck  the elements you want to keep. I can't find anything that needs to be unchecked and the program is now just sitting there not doing anything. Please advise at to what I should do now. Thank you


  • 0

#9
mckinnik

mckinnik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Please disregard the previous message as I figured out what was going on. PI'm sorry to be so ignorant of some of this computer stuff. Here are the two logs needed

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 7 Home Premium x64 
Ran by Karen McKinnis (Administrator) on Mon 12/14/2015 at 18:17:09.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 434 
 
Failed to delete: C:\Program Files (x86)\Toolbar Cleaner (Folder)
Failed to delete: C:\Program Files (x86)\Toolbar Cleaner (Folder)
Successfully deleted: C:\ai_recyclebin (Folder) 
Successfully deleted: C:\ProgramData\askpartnernetwork (Folder) 
Successfully deleted: C:\ProgramData\dnsbasic (Folder) 
Successfully deleted: C:\ProgramData\pc drivers headquarters (Folder) 
Successfully deleted: C:\ProgramData\premium (Folder) 
Successfully deleted: C:\ProgramData\trymedia (Folder) 
Successfully deleted: C:\ProgramData\update~1 (Folder) 
Successfully deleted: C:\user.js (File) 
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{006F56B5-ED62-4591-990D-97FB5C03DF3B} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{007C0E0C-63C5-470E-925A-FFDD31AC0546} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{00D1FD0C-199B-4F26-9495-558030D973D6} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{031E2898-3369-4C4A-9134-0F171462821A} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{03A0E146-11DD-4DA7-AFE9-8A047472BF70} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{03E7D08E-8B0B-4D9B-A547-F0B00A1151A2} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{0461BAAB-B0A7-4E8A-9EE5-1B8C60017AD2} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{051B0C01-802F-4A26-A8C3-7DBC74F7CEA7} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{0682E49B-6B46-41FB-BD31-E7EBF337E5EB} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{06AFBE49-B967-451A-AE8E-516AA592FC82} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{07DADCC7-BF2F-4FB2-9612-D10C40CB7611} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{09B4F415-528D-4D1C-8088-7FFB50EF9E29} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{0A46F70E-1C80-449D-A95F-F97906250548} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{0B312F13-89FF-42C1-885F-A16F7E6C02DE} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{0D1C4869-650F-4953-B6BF-7938E58513E5} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{12321E92-4810-4536-BD99-D579691C9401} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{125E1401-B2DB-43A8-9DBA-D17099945F14} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{13E3DF91-9137-441D-9E2B-522088B68D8F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{147C1BE1-A865-431D-A9CD-02F7884BD3C8} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{15FCBB9D-78B5-4784-98DA-AD0442F81EEE} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{17D3697E-97DA-425B-9955-FD7A8710AA56} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{17E13F19-668F-408A-9AB5-C29B6C3BD1D9} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{18875832-61A0-44A0-BC0F-02AFE9D0E3A7} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{19183ADD-3228-4B31-A276-9825B9C3060F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{19622641-D81A-42D4-B6A6-DB8063535885} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{1AC2FCE9-D7C5-4A7D-AD73-471115E936FA} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{1B34D8A3-E54F-4404-8A2F-AE5C4172E7A2} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{1BBE85E3-BCE8-4C35-9461-0D6CAEA56420} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{1BD9FA6E-4CB9-423A-8FBA-2054C8876EA2} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{1C94D6FD-0470-4AF6-BA60-6F133A72F2CB} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{1DD17D09-B3B2-4AAB-B3C9-4FAC06F36C62} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{1F5D0946-F0D8-4F1E-ACE4-37027858A282} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{1FD3676C-14B5-4A54-AC8D-A0411766D793} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{1FF25D5C-8025-4243-84BE-4F841423D5D4} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{204FAAC0-F598-41CE-98DC-4BABCFA5FC51} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{2095C073-FAE3-4CB6-9894-6D426DA25E6D} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{209653D2-1D4F-49F4-B072-DCF34D392CA9} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{21828435-3827-4E54-9752-D9AA09485163} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{21D9A96C-F140-4D1C-9F30-A09479613354} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{2393B1A7-4463-4FAB-8EEC-457245CE6484} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{247C5B32-C253-4554-9290-A549028C6D9C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{2493E8C9-ECE4-4267-908A-7CD5522EF711} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{256A59C8-0D92-4F7B-8375-FBA5E9E4A5CC} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{258BE850-9AA7-4301-80F0-3155665A383A} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{25DE5844-9D79-44D5-94E5-251FAE25D553} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{25E890EE-C606-464B-B9B4-3B1382DE2E53} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{271880BA-622A-43F3-83C2-A43C5AE4A366} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{271F2D99-9739-418D-AE62-17E53BC89C57} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{27B314F5-49F8-49D9-BE2E-934E41649A35} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{2850E53A-83A2-48FA-B6C8-EA1CB5624F5D} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{29B28138-5A54-447C-A599-94FDA5ACF4E7} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{2A3A5466-B992-45A5-8444-860264770D58} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{2A4E0FF3-660D-473C-A359-1EBD059B5993} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{2AD547AB-944F-4737-B306-F8A4E6F979AB} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{2B9CD5F6-A0AA-4328-9A77-2B9977F9F156} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{2BDA67E8-529D-42D3-8C28-6970DE639FD1} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{2DAA74BE-4998-4066-A379-3F50A7182EDE} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{2E1E65F9-3C49-457E-BB0C-5B46451F8461} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{2EFBA208-569F-4DA5-AB20-FA839BE09BC0} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{2FC23E52-73FE-41F8-A7E5-A14D4D59AB57} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{309E01C5-81FC-47D0-9305-E50BA00E1B28} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{3162ED7A-AF14-4FA8-9234-3EAAC185A277} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{328F659C-7F21-4660-8C06-45201BC3F044} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{32B2A007-A63F-4E62-B8DA-B37C1ED36E25} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{339604AC-8963-4AB2-A389-DB16AE123A2E} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{33F93595-7383-4601-AEF7-F7AD21EB243D} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{34736251-B747-45AF-852F-824E59FCB40D} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{36448D47-39FE-468A-9517-5C9BB0E229B9} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{36DDBAED-154B-44EE-A830-D35F6B990CE6} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{3721E4C8-01BD-4D4F-9003-F78240EA9756} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{37440C87-5A46-4A65-A5B2-85C48810745C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{376A0114-7A38-4DD7-B3DF-0D93F6DA07E8} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{380566E3-B8E0-4CB8-BAD8-AFA7A35A7ABC} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{38B96624-B48C-49CE-952B-0334DDF3CD4C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{38BD2888-4AE7-44E1-9938-B3006E618907} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{38DE60AA-3CF4-4143-ACD3-159BB77C0B04} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{3921E6CF-10FB-402B-9DA0-6300973F0E5F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{39F3B84E-BA44-4578-8A35-29DC483F2A1C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{3B1C82FF-51EB-4693-BF66-8BE379891003} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{3B1F068F-F55B-4CD3-A0BB-C028BEF1491C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{3B80F07C-F1DE-4FC2-80C2-E31879F692C1} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{3BE2C848-DFF2-4B93-A45A-0111F9B895A4} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{3C2F50CA-E4D2-4799-8CF9-8E074BF56AFD} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{3CAD1D91-666C-440E-8A28-D22E1E64B4BF} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{3CD2B278-E8B9-4212-986A-05C320C98883} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{3DDCECEC-321E-424B-9436-8F1F98B551F4} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{3E164B15-A797-4494-A187-38C2D395FC94} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{3E644555-2296-4252-9210-30AC99E5639F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{3F2F752D-2931-4119-AD21-390455DE3F15} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{40C49ADC-C047-4120-8828-E47E9240CC5E} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{40E00F5F-480C-4730-A212-42120D0602BD} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{42567906-3BDE-422D-903B-8BC500D71DC6} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{4327F79E-B4A9-4231-B095-6566383809F1} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{4374FFB6-58FA-4E9D-B03B-D0FA66EF6900} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{4465D3E1-8D72-4F47-BC21-790652819140} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{44AAE430-2507-4A64-90C6-8CEAA2855454} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{44DDE9AA-B134-4DD4-8C3B-418425354652} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{4545F1D4-4CC4-431D-933B-031475DBD147} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{47E75F1D-DAB6-462F-8CEC-7FF400F70C77} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{48A55111-0A67-493E-8402-B362F63F5F9B} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{48A5B17C-910A-48DE-A25B-94FF7A846A02} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{49A884A1-2EFC-4ED7-9178-C302B74084FA} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{49C57D4E-9BE7-43C9-A78A-1EE781997133} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{4ADF0214-8F6F-4090-9321-6B62A8A53A3C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{4B0CA69B-81DC-49FC-83F2-EB916C8DD22E} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{4B612F7E-1312-49C3-A437-6FC84D74D4AF} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{4C2B27B5-3F43-4698-9DA5-886B314CB114} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{4CCC518B-A424-459E-B34F-70395EF1B9CD} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{4CD070DA-517E-48DA-9F86-2F9D52F76049} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{4DCF1032-FE13-49BB-B45A-8782C9DE3E70} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{4F3EA012-FBD3-4911-8E60-B4402E5AE1EC} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{4FC15764-0AD8-4E60-8B6E-DB65B61F154D} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{5046BF3C-DA5F-4BE5-81F5-04CB4712E825} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{518D053F-93CD-482D-8C9C-9F910FDF65A4} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{5194D638-DFA8-42CE-A733-8EB71D61D32F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{5275ADD5-8D3B-4E05-B322-5A36A994CFBF} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{52B86A6D-EDEF-45D9-82D6-27344A19D4A0} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{54174E5C-280F-44FB-A27F-C5C3EC952AFC} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{541A18BA-E7A5-42E8-8CA3-25B9B4529CB9} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{54453763-E361-4008-8340-B8DA6C11CAC4} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{56817FF9-3F15-4BF1-94C9-BCBE92F6893F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{56DCFAB3-ABD4-4020-9F6E-A537F8EA1C24} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{56FF19EE-973F-40DC-8F7D-308210285E4D} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{57B3CE85-E88A-4D41-9C2C-DDA7F900E54E} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{584C5742-25AE-4025-9DA4-3D8DC3FC1C77} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{58928311-708B-40BF-A5CB-DA9F7AD413A0} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{58CA4855-4685-4FEF-A29A-B9C498AA2E2F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{59D45BB8-307B-4FD3-BAE2-62A85F2202C8} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{5CDE85EB-DA00-47F1-B8EF-9305E248159E} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{5D728914-7EA1-4CEA-AF75-A6CFB4FC3D6F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{5DB6B6BF-F648-4283-96DF-C4935CB764F6} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{5EFA569A-D8F3-4F61-8E07-E5C2125564FB} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{5F41F995-F0BC-4B24-A978-7E4A92E47A16} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{5FA772FE-27A8-4322-AFB8-F20B1F196F79} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6019ED72-CF13-441C-9BA0-8D06C0D8004A} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{612AEC8B-7164-40DE-86CA-ED9B932EC074} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6167199E-D948-484A-B5F4-9065F0A86B20} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6263AE87-C28E-436C-80BF-09E2451478A0} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{63A79D1D-1A42-4AA3-B42E-741892F04DA5} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{64147D31-2284-4B4D-ADB1-B393BC8838E9} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6452033A-85F9-4398-BB32-12174439BDCE} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{64CD8971-2567-4AC0-9F8B-0E77FA9C9D27} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{64E3525E-4A5D-4FE8-A086-71E5C278422C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6571626E-C7EC-4EF5-987C-4D69A18E53EA} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6630E7C5-F824-4DA7-96DD-8FBBDD623E0B} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{666DA0F8-B217-4ABC-ABF4-B7C68F001FA2} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{66EB95E2-10CC-4FB4-A10B-3FC1AB2E5D1D} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{67886066-78A3-4CAA-852C-7DE406798D26} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6859738E-EC77-401A-A185-3F0D41DAFBCF} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6A2C50FA-816C-48B8-82A3-933554F005A1} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6BC5F4A1-0514-4059-95E3-893BBC8E99E9} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6C9E76FA-136F-4854-BD73-F8D0057015FE} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6CA94687-CEEB-4A1B-B005-68B36AE67FF6} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6CAFEAC5-E41B-4DA7-AE6B-FE423B8C53F4} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6D27BA1D-8311-49E2-BCEA-25837A2D1948} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6E69E125-EC47-48BA-9D6A-9F6A6DCFD3EB} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6EB21E56-1C0E-4B71-A07B-6C1045210C60} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6EDC8BFC-031C-47A6-A967-D93D8B8CE16B} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6F1DB253-7C58-4888-9E28-8D436BA6F08E} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6F96B722-0BCE-45BE-9631-3878D5465A62} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{6FD61279-4C58-4E30-8EB0-8E2A7F2D7EDE} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{70E61040-01AD-4AF2-AD44-F532C6A43371} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{71387CE8-4064-45A9-B724-956DBA164C62} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{71458754-3D93-4F72-9CB8-6D2AF99055E8} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{721BF996-5195-4AED-998D-EF8BD95F5514} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{722C0A01-C2F3-4035-B647-B8706348C335} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{7264A666-6A09-4DC5-86D8-780F7A5A5D3B} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{737BE694-8ACA-4582-B074-C3B51E04876B} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{73D6536A-F791-4E8B-9D25-29E91CDB8A15} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{74651177-1EF5-4D8A-A09D-563A7E58B473} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{762A335B-3CB5-4491-A7BE-81D2DFC6786F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{76D0B8C8-62E1-47A5-BEC9-83B710B98FE0} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{7717CDF2-385A-41B1-8A5C-85D33357B7E3} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{773C95EE-EF87-40DD-BF52-81D81272B295} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{777BDC51-C9AB-4F41-A6A1-48EE30A70CE5} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{77DD3096-859E-40DA-BD70-C2520B6B996F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{7836E27B-AE0E-4FBF-B2E4-DC881F9633EF} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{7843FBBD-C6D4-4BBF-9315-AB24CD5CA4BA} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{78DA5594-735C-4266-816E-BC5DE781AB2C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{7911FD8C-42EE-4CBA-9E18-6AA77FEEE69A} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{79F9B27D-6BB9-40F4-A3AF-54191527BD64} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{7A29946D-D489-456D-B62A-6EDFCE50512C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{7AEC14A3-2894-418C-99BC-400F15DAE76A} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{7C12088C-358D-4CCB-9563-1A29A978BB0B} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{7CAD9AEF-0E9E-4B9F-9108-37D878148B23} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{7D25EC59-CD28-4F16-9C80-095A06E05892} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{7D7520BF-2D8A-42C3-84E0-63659C789486} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{7D92AB2A-F110-4980-8573-4312CA9B58D3} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{7D9CE44F-D150-4F44-A233-132866334DE5} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{7ECCA2CF-2E80-467B-BA03-16C370FFA428} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{7F2EE316-63D0-4442-AB90-C4D27BF61397} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{80EB74D4-5A04-4804-A5F0-FB8FA7EE918E} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{81366776-4127-47AA-B424-ED438CFB7496} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{8143B8CD-DF29-4D54-8A69-3974C25EB55E} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{81C1006F-A1D0-4F73-9242-11803BFE5EFF} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{81EF5975-DB1F-4083-AF9A-A126603128F9} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{8270DA3B-86C4-46D7-85C4-6141B0EBF64E} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{834540DA-F1BF-4302-A6C8-6762DC67F213} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{83E207A2-87B1-405E-A86C-685EAE90AC1B} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{84340F1F-B703-4BA3-A73D-D47B9D9226B6} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{84533005-A09B-4676-AE82-481CD354CFED} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{84C661D1-C7B9-474A-AF7D-95E2779BA696} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{84ED6B6B-8E07-46FB-A846-D4C61F61A9EB} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{85036940-08D1-4A98-B9AE-28A0D5928896} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{85DBF505-5D5C-43CC-9363-152F6E70D884} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{86597B46-E35C-4567-AF4F-C4E9DC0420AE} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{867E0735-B8DA-49BB-B614-DCECF6ADD69A} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{870B3430-82D1-4F89-A4BE-21FCD81B2798} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{87C3DAFE-BA0E-4AEA-AD09-62590CD014A1} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{8847CE0F-26B2-4397-8672-E2AFA43A0929} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{886C37AE-7EFB-4024-A6D0-3E0FA58D22F1} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{88A68784-7377-4D3C-A20A-6BD4A9E8385E} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{88CB7954-C494-4F4D-87F5-B3B68F09769E} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{8978041F-AFA7-4684-8109-2CD4825CAF47} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{89CA0664-3F01-48E1-B146-091F4D84705E} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{8B9FE5ED-3B54-40AD-9374-53E077BF85B9} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{8C88231B-64BB-4C8D-BA44-B25C014CF345} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{8E06CF71-21A0-4C87-9C49-A40DC728A64B} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{8EE2D386-7982-434C-A442-28F21B8C6BAB} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{8F4A7AFD-EFDE-46F5-A1D7-C4C59EB86F1C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{8F4F1A69-9D6D-463D-BF8B-F03465D16705} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{9060BBB6-50C2-4F42-B0A0-C6BBF5E6B0DB} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{92AB07AD-5B47-4A6A-B87D-EAD746C464CB} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{92FA72A2-630E-49F1-A80C-E3A72BB4359F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{937DBB8E-BC7F-42D5-84EE-038E8817636C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{94415F3E-1E3F-4752-A424-A127B81DC746} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{947A0B01-FE6B-402C-9D20-1F69012840F3} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{952E744F-071B-4EE0-9A7A-33E8562039BE} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{95924761-F820-4765-873B-1DA9C1543B58} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{963752BF-7199-40B1-B9B1-9A7848F96D3B} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{9A0E1E14-4F60-414C-BECA-E706A2EDDAA5} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{9A28CE45-DD47-417C-990C-64DBFF39DFC3} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{9B626C5C-0E50-4A15-A13B-390BCB71706E} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{9BF099B0-8B9F-4A6A-92F7-7C41AFC35307} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{9D07679E-CE85-46E2-8F13-30BBFAD5F89D} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{9D8F92FA-8652-432D-B522-ECAEE6EAF927} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{9E7E5EA5-5FB7-4701-84CF-0B14787FC96D} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{9EAF0E2C-4A6A-412B-902B-8396F5222EAC} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{9F634F15-27E8-46CA-87CA-11C37229E98F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{9F6676F7-DED3-446C-9611-B480652C9445} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A02D948E-B314-4EC0-BD30-E9E7C508C990} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A04736D7-56AC-4BCC-930F-589BEDC272BD} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A121893D-697D-4124-A1BE-244038AA21AF} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A1642C55-1C28-4BB2-9F1A-D3C046179764} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A1CBB3F8-8115-467C-B30E-962F56C6C5EA} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A2E1DEEC-C002-4576-87A3-806C19C9D475} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A330A081-2666-4A8C-B63F-6903B7CCAC75} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A33D5D41-7217-4B64-9EAC-3422D012B050} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A357CAB0-1AB6-4C35-BF44-9E04A96C8F97} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A38D259E-7A49-49B2-B433-A31BB2EF3D1C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A397E90D-5510-4FE9-A003-EF6669BDD909} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A3B2E78A-A8A3-443B-9744-4C92C97C99FB} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A4182D0B-EB7F-4B02-A3BC-F1A782CD0163} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A52910AD-8DC7-4D62-8DDF-0A0E9AB6901C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A6B617F6-C4EA-4126-9DC6-AAC7A37426FA} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A841EBDF-E8E9-4DE8-B104-3A41DDB0E0FE} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A8D2A19D-B76D-4857-BFA4-67591A473042} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A983F096-B570-406C-9AF9-6C62675B8AD8} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{A9866A06-C0CB-402D-8A40-22775C487744} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{AA9CF46D-B63C-4EAE-BB32-0F9218F21410} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{AAC39F94-264F-4546-8C8B-216ABE60F8D6} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{AC469181-7044-4736-A04E-C80B0C227560} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{AC6366F4-8AAB-4A03-A967-31A2FB652DC1} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{ADF81C11-AFF0-4270-93CD-895143605B41} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{AEED1A68-BE98-4FBC-9043-41D8395DEE4D} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{AF7E307E-283D-44BF-8AFE-9AE4CCDBB6AD} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{AFCD84A2-BAFD-45DB-AE2E-D6837080217A} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{B052CB2E-41C7-48BF-99C9-02EB045663D5} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{B0775E56-F281-4270-8738-23786E019EB2} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{B12FBC0C-0CD1-462A-9E50-3E5929DD7E28} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{B20174E9-6F1C-4628-82BB-610EF01EA2EC} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{B2A27159-CC85-49BA-B49C-B1FFBA6501B9} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{B2CA3B2A-D805-4EDC-965A-48247DE622FA} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{B360AFF3-A231-4AAF-AD85-45F35C55997D} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{B43A642B-6D34-46A0-9F25-1A7A3B0B13D9} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{B43BBA8C-DD04-4487-B695-99593B418C35} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{B4A8EEA9-D869-47AC-9455-37864595B780} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{B56DAC15-BFFF-4EC7-B4EF-3EF72406237A} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{B5B2FABC-6DC3-4DDA-9526-10378DB50694} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{B5C7656E-3C4F-4456-9E39-A8A5F8FD8673} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{B7A2B37C-653C-4FED-A87E-F228C77A00ED} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{B936ADEA-9F83-481C-B42D-D3F43D21314B} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{B962462B-7D08-4D42-A303-3E2C07F53502} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{B971E295-F2ED-4350-BBC5-A72BD6D53EAD} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{B9F057B7-1EA1-4FDE-9EDD-93EDF10FE759} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{BB3EB066-E239-4839-A108-889D6AD03442} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{BB627846-C1B9-4B6E-9DAC-A93D26426098} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{BBE1E690-D9BF-4D3A-AE1A-A64D165E91A7} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{BC4CEF02-ED09-4A27-8765-CE466112CB4E} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{BDCFF94B-7E7C-474C-91A4-A4D16E453C39} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{BE0F766E-D0E4-40D2-BEB0-76C0785B7451} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{BE49DC85-F6F5-4CD6-862A-1AC6390A9E91} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{BE7EA1CC-C4AA-44CF-81A3-9987AE8300A7} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{BF7847EF-D930-4BA6-9BED-E31050BFAB14} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{BF86DAC6-8D91-4F68-B647-8966514C143E} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{BF9B18B9-F1D4-4E20-8526-0BF0755D65F4} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{C01FE56B-0746-409E-84FF-BAF06831C30F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{C07A72EF-FD99-4A46-B2F9-6B83425A5574} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{C1DB6CE0-5D59-4772-BAE2-3A0EFFF177BA} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{C216F72F-BF91-4363-B418-0ADC3EAB861E} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{C3F5E85D-4641-4160-8C64-C0A55A04ED50} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{C411E943-20EE-45E4-A766-2E75384E3B2C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{C451E7B4-AB9F-49F6-9355-AD55ADBD455B} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{C4C1C8DC-F6AA-4689-8864-C02D08AD396A} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{C50DFE66-D41F-418C-902C-D52CD67D6146} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{C5148D66-A7D5-469F-8975-D5C9796B7F1C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{C578A99D-2F69-4108-83F1-8D2E29C8E0CA} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{C6853845-4D24-43CD-AEF7-4806762A9C5D} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{C85DBC3F-1892-475E-94DE-9CBBFA63AA0F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{C8B1695D-6C35-46F5-8B06-0E708D5DFB9B} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{C8EBBCB7-79B0-47D1-8035-C5ED8CF974EF} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{C92531A7-5BDD-46CF-BA9C-0300F04348C3} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{C9F949F1-0490-4A95-8F1A-CE30D4CC7D9C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{CAA29F9D-3A45-452D-8F43-AA1654F7E81D} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{CB1AC918-D8A9-4FB4-9F0B-83706437E44F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{CC526276-69BC-4CFC-9E90-A5553FE05FB3} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{CD61D064-E140-44DD-804B-4A91AC1248B4} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{CDCC52A8-0844-43CE-A389-4F214D35F7CB} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{CDCCAF1D-7767-4609-802C-316D28747F3F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{CE5B97FD-9D77-4F2A-9A48-91F23D6A7135} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{CEFCEA92-FAE5-472B-B8A1-B8BB3125B203} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{D01C2A62-3932-42CB-B5CB-CE155C29A4F4} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{D0BD3E31-9C8A-41C5-8F91-60327E28657D} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{D2784957-0A8F-4842-9CE3-8E01ECC0E766} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{D2F275D5-1A31-46BE-B65F-2E54F5EA54EB} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{D2FD2662-40CA-4676-9D3D-A4EDDE009D51} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{D3435C91-4A0C-42DF-B634-3B246C1181A5} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{D44B204D-7879-4A48-AFE1-7175E335A7D7} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{D51355C3-AD47-4535-99F5-A2C514FBC7DA} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{D523576B-378E-4266-90FE-9936D0625B1C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{D5A8DB4F-0E5F-4454-8C00-DE4A7F71B54D} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{D5BD78A1-2C16-424A-B403-866F78076318} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{D5C97EB3-F89C-495A-B469-9757D8808E55} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{D5D203B8-6BE7-4A97-9320-A6EF0CBB93D1} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{D5DB645F-CD66-42F5-B080-147923BFDAD8} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{D60F9471-05B1-4775-A9DA-B3442BD40FBF} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{D6B57AF0-CCF0-41E7-A3A4-312A653F0986} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{D723A95A-59B2-4DBA-BDD1-5C16BD065505} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{D79A8CA9-67A5-462D-832C-59E81022E95A} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{DA29C978-8DDD-4048-B3EA-E6C5867F0174} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{DBB81036-C372-4170-AA4B-1A1A0DC66A01} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{DC29F679-FF38-478F-9987-3D129EFD9A7F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{DC78A7B8-A2E3-4C12-93F6-9334E9C4E00D} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{DD533A53-914C-46D1-BDA2-8255B5CEF712} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{DE1311E2-6B7B-4763-9DCD-9FEE063C8376} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{DE67504E-DDCE-4842-9261-043E1779FE82} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{DE82245F-5F44-494A-B4DC-3AFAFE296704} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{DFC2AD83-FA46-486F-9BBC-F049728E84E6} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{DFDE5B17-C28D-441A-8D76-A9E57C3F23E3} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{E02FEBD1-17FE-4411-9036-A75992316D29} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{E1E28F56-79F0-4D2B-BC2E-4AC4A6D34689} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{E22C8055-3B7F-4F0A-B7C4-88E02724DD1B} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{E242E692-DC4E-482C-9760-DDC84422C995} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{E2A72B07-D0AC-4120-9977-D4E5DA0374C0} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{E2B321E7-9822-4D5E-ADE1-AE26019818B5} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{E30D71C8-385B-4765-B9D0-FE29047E6E97} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{E3CFAA3B-36E7-40FB-BA46-1AA5314C7EB1} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{E3FC590E-756D-4F0C-87C5-C533E825419C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{E523CA0F-952A-4532-91CA-23BDDADBE4B0} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{E5334C97-6BF4-4A43-A6AD-2D8E83E3755F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{E5D74B84-F683-4D41-A0AB-58FB90B3F9E0} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{E641C43E-1160-45C9-A0F8-6C03CCC765AE} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{E73A1B3A-B994-495D-8413-80E60C7D0F91} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{E780DBFB-C039-4061-A9B0-36C1ED59CD3A} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{E8C1DC3A-47EA-4F3F-A131-77D813137823} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{E9222346-5F19-4684-B3C6-3236C26916A2} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{E96DB575-651C-4997-833B-69651B342683} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{EAA86279-607F-4F5B-8E87-A454D345DDAB} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{EBBD1AC2-E05D-4A12-97B8-90A6DCB8C542} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{EC0A82DA-78AC-4C78-878C-C75BEA7D40D1} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{EC396BF3-B0ED-45A9-80BE-C266220D5C4A} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{EC76F068-42A5-4874-A95F-BF92BF03AA2F} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{EDCE361E-1EAB-4803-A475-0569FA1C8B82} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{EDD9D2D0-6D22-4D8F-9C7B-471B39FE6685} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{EE507364-E951-47E3-B88F-C3BA0CE3A3F9} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{EE95C06B-6A55-4519-9788-3D466924E0AC} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{EFFA3F10-FA32-4760-BBAA-5A2BAC091635} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{F0188DE9-45EC-4097-AC0B-FE32F5B95512} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{F28FC724-9F61-4A4D-9B1F-8BBBC2754978} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{F2E68BBC-3D1A-4E51-B752-3CF5AE2ACD86} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{F31F6EB3-B346-4BFF-B72C-1F7FBC7E3169} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{F3B8C63C-5E79-464B-B0DA-FF648EFA5C54} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{F3D734F9-C363-49E9-9897-25B6F75261EA} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{F3D8C79F-3A5B-4A27-8214-59DB15100235} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{F3E7CA87-BF9E-43BA-A9E1-8DABC4963FA7} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{F44609D6-D0B6-459F-BA28-E02DAF8DAF86} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{F57B44AD-BEA1-41B3-B707-415502C08261} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{F5A120D2-9249-4A29-BDF2-BF2DB066C223} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{F61A8E15-7F88-49EF-AD12-132FD5A60B9C} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{F674D5AA-1E36-442C-8F06-34D9DB2B2B2B} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{F6B35D0A-FEDB-4393-B7CD-25B3FC0FDA18} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{F83D2519-4232-4A5B-AB8E-1928684AF3B6} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{F92F57D2-9A81-4C09-A40A-3EFC081611D4} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{F9992CAB-C580-4C26-BBDC-E6EBA35488EC} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{FAEEFA92-5D1C-416D-9FD6-56282739BC40} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{FBD919B7-1535-4CD4-9B56-5A5684AE3947} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{FC39C79E-3292-4C26-BC6A-47E3899ED860} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{FCFDC237-34C7-4FBB-8C62-A03E5075C801} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{FD18F4F1-30E4-4C75-A26C-60C00EEFEC91} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{FD3C4512-9347-4ECD-A193-FC64185E8C5E} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{FD3D3162-B5E5-4AE1-A005-1F5E96F03338} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{FDE8DC7C-4B7D-41E4-9DB3-7D65E8EBBEBB} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{FDFB17C1-2763-43D4-892C-52E6B08042C9} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{FE5A4433-12CF-4579-AEA7-45DCF01134AD} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{FEDFD9C9-7D5E-42A8-812E-13BFB3D34AA9} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{FEE4634C-C475-4A25-83F4-53A2E53CA53E} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\{FEEBB266-825A-4B36-8649-62E7571A41CC} (Empty Folder)
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\apn (Folder) 
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\best buy pc app (Folder) 
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\com (Folder) 
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdalhedleemkkdjddjgfjmcnbpejpapp (Folder) 
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj (Folder) 
Successfully deleted: C:\Users\Karen McKinnis\AppData\Local\stronghold_llc (Folder) 
Successfully deleted: C:\Users\Karen McKinnis\Appdata\LocalLow\koyotesofttoolbarnew (Folder) 
Successfully deleted: C:\Users\Karen McKinnis\Appdata\LocalLow\utorrentbar (Folder) 
Successfully deleted: C:\Users\Karen McKinnis\AppData\Roaming\strongvault (Folder) 
Successfully deleted: C:\windows\wininit.ini (File) 
Successfully deleted: C:\Program Files (x86)\dnsbasic (Folder) 
Successfully deleted: C:\Program Files (x86)\predm (Folder) 
Successfully deleted: C:\ProgramData\SPL4B1D.tmp (File) 
Successfully deleted: C:\ProgramData\SPL4BE3.tmp (File) 
Successfully deleted: C:\ProgramData\SPL6946.tmp (File) 
Successfully deleted: C:\ProgramData\SPL69E9.tmp (File) 
 
Deleted the following from C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\prefs.js
user_pref(avira.safe_search.installed, [\safesearchplus\]);
user_pref(browser.uiCustomization.state, {\placements\:{\PanelUI-contents\:[\edit-controls\,\new-window-button\,\privatebrowsing-button\,\save-page-button\,\fu
user_pref(extensions.safesearch.MP_DISTINCT_ID, \afa77adff196d42f0990cdaf7b73803f5b465037\);
user_pref(extensions.safesearch.install, 1439906875303);
user_pref(extensions.[email protected]_DISTINCT_ID, afa77adff196d42f0990cdaf7b73803f5b465037);
user_pref([email protected], 1439906875303);
user_pref([email protected]_1_2_1, true);
user_pref([email protected], resource://safesearchplus-at-avira-dot-com/);
user_pref([email protected], safesearchplus-at-avira-dot-com);
user_pref([email protected], startup);
user_pref([email protected], jar:file:///C:/Users/Karen%20McKinnis/AppData/Roaming/Mozilla/Firefox/Profiles/nvxwbi68.default/extensions/safese
user_pref([email protected], 1.3.0);
 
 
 
Registry: 4 
 
Successfully deleted: HKLM\Software\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj (Registry Key) 
Successfully deleted: HKLM\Software\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph (Registry Key) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Main\\SearchAssistant (Registry Value) 
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 12/14/2015 at 18:22:01.34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
# AdwCleaner v5.025 - Logfile created 14/12/2015 at 18:47:22
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Karen McKinnis - KILGARRAH
# Running from : C:\Users\Karen McKinnis\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\Program Files (x86)\Red Sky
Folder Found : C:\Program Files (x86)\Uninstaller
Folder Found : C:\ProgramData\SecTaskMan
Folder Found : C:\Users\comp admin\AppData\Local\PackageAware
Folder Found : C:\Users\Karen McKinnis\AppData\Local\Tuguu_SL
Folder Found : C:\Users\Karen McKinnis\AppData\Local\DriverTuner
Folder Found : C:\Users\Karen McKinnis\AppData\Roaming\Device
Folder Found : C:\Users\Karen McKinnis\AppData\Roaming\serv
Folder Found : C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Converter
 
***** [ Files ] *****
 
File Found : C:\Program Files (x86)\Mozilla Firefox\user.js
File Found : C:\Program Files (x86)\Pale Moon\searchplugins\yahoo.xml
File Found : C:\windows\Downloaded Program Files\popcaploader.inf
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
Task Found : OpenCandyHelperRunOnce
Task Found : OpenCandyHelperRunAsStandardUser
 
***** [ Registry ] *****
 
Key Found : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
Key Found : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKCU\Software\59edb8db739ba15
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
Key Found : HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26f85065-c8fd-4f8e-afaa-76262785688e}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26f85065-c8fd-4f8e-afaa-76262785688e}
Key Found : HKCU\Software\APN DTX
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKCU\Software\DriverTuner_Init
Key Found : HKCU\Software\DriverTuner
Key Found : HKCU\Software\Burn4Free
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKLM\SOFTWARE\GamesBarSetup
Key Found : HKLM\SOFTWARE\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\Video Converter
Key Found : HKLM\SOFTWARE\Web Assistant
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : [x64] HKLM\SOFTWARE\Web Assistant
Key Found : HKU\.DEFAULT\Software\AskPartnerNetwork
Key Found : HKU\.DEFAULT\Software\IBUpdaterService
Key Found : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\media enhance
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0DAFCB5E-5BA4-4117-B262-C0B0490EE199}
 
***** [ Web browsers ] *****
 
[C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\prefs.js] [Preference] Found : user_pref("avira.safe_search.installed", "[\"safesearchplus\"]");
[C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\prefs.js] [Preference] Found : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"fullscreen-button\",\"find-[...]
[C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\prefs.js] [Preference] Found : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"afa77adff196d42f0990cdaf7b73803f5b465037\"");
[C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : websearch.ask.com
[C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : babylon.com
[C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.conduit.com
[C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : toolbar.inbox.com
[C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com_
[C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [7634 bytes] ##########
 

  • 0

#10
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi McKinnink

No need to apologise. Your doing great! :thumbsup:

The hosts file didn't reset in the first FRST fix, possibly due to some spybot folders still lurking about so we will remove them and then reset the hosts file. Then following a reboot run adwcCleaner again this time selecting Clean and finally we will also run a scan with Malwarebytes.

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
C:\ProgramData\Spybot Search & Destroy
Hosts:
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - Run AdwCleaner again
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • Click the Scan button and wait for the program to finish.
  • Click on options - untick Reset proxy settings and Reset winsock settings.
  • Tick Reset Internet Explorer Policies and Reset Chrome Policies
  • When finished, please click Cleaning button.
  • Upon completion, click Logfile. A log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Step3 - Malwarebytes scan


    Please download Malwarebytes' Anti-Malware from Here or Here
    • Double Click the downloaded mbam-setup-x.x.x.xxxx.exe to install the application. (x.x.x.xxxx represents the current version number).
    • During installation, make sure uncheck Enable free trial of Malwarebytes Anti-Malware Premium, then click Finish. You can always upgrade later ;) :
      MBAM1_zps65d773c0.png
    • If an update is found, it will download and install the latest updates automatically:
      MBAM2_zps52e3211b.png
    • Now select the Settings tab, and check the box next to Scan for rootkits:
      MBAM3_zps83324155.png
    • Go back to the Dashboard tab, and click the Scan Now button:
      MBAM4_zpse3cd4a79.png
    • The scan may take some time to finish,so please be patient.
      MBAM5_zps36d7537b.png
    • When the scan is complete, it will show you the results. (This one is clean):
      MBAM65_zpsb0aa143c.png
    • Make sure that everything is checked, and click Quarantine All (or similar).
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note below) If the log doesn't open, select View detailed log in the Scan tab:
      MBAM7_zps782405f0.png
    • The log is automatically saved by MBAM and can be viewed by going to the History tab and clicking on Application Logs:
      MBAM9_zps1f87702b.png
    • Choose the latest Scan Log, and click on the View button:
      MBAM10_zps5a48f689.png
    • In the bottom of the Scanning History Log window that opens, you can click on Export > Save to Text file (*.txt). Save the report to your Desktop.
      MBAM8_zpsad402941.png
    • Copy & Paste the entire contents of the report log in your next reply.

    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

    *** In your next reply, I need you to Copy&Paste the contents of the MBAM log file.



    Things for your next post:
  • fixlog.txt
  • adwCleaner[S*].txt
  • MBAM log file
  • How is your computer running now?

  • 0

Advertisements


#11
mckinnik

mckinnik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Good morning Bruce1270,

 

I ran the scans you requested on Wednesday and it took the better part of the afternoon and evening. I had trouble running all three scans. FRST updated when I opened it, put the old version in a folder and the new version on my desktop. When I tried to run the scan I got a message that it could not run the 32 bit version on my machine. Huh? So I put the updated version in the recycle bin, took the old version out of it's folder and put it on my desktop. It again updated, put the old version in a folder, but this time the scan ran like it should.

 

It took me three tries to run the Adwarecleaner scan as it would hang up and task manager reported  that it was not responding. After each failed try I would shut down my computer and reboot. Finally on the third try the scan was successful.

 

The Malwarebyte scan was a nightmare for me ... apparently I had an old version of Malwarebyte on my machine that I had forgotten about. It had none of the buttons listed in you instructions and when I did try to run a scan it informed me that my free version was expired, so I uninstalled and downloaded again. This time I was able to run the scan but I'm not sure I understand every thing that happened. It did take a very long time as you had warned me it would. Upon completion it informed me that my database was out of date and showed something like 317 PUP entries, what ever those are. I could not find any sort of log in the history tab so decided to close the program and send you an email. When I tried to close the program it began to run the scan again. I cancelled the scan and tried again to close the program and once again it started running the scan. I decided to let it scan again, since it obviously wanted to (joke) and halfway through it sent a message that the PUP entries had been successfully quarantined. What?????? I let the scan complete and this time there were three logs in the history tab. I picked the one that had the earliest time as I assume that was my first scan. The results of all three scans are below. Thank you again for your time in helping me with these issues and sorry for the delay in posting. Since running the scans stressed me a bit I took the day off yesterday. My computer seems to be running a bit better with the exception of Google Chrome. It takes forever to load web pages and the three games I play on facebook take so long to load and then glitch and stutter as I try to play the games.  Take care and have a wonderful day.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-12-2015
Ran by Karen McKinnis (2015-12-16 16:41:07) Run:3
Running from C:\Users\Karen McKinnis\Desktop
Loaded Profiles: Karen McKinnis (Available Profiles: Karen McKinnis & comp admin & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
C:\ProgramData\Spybot Search & Destroy
Hosts:
EmptyTemp:
*****************
 
Restore point was successfully created.
"C:\ProgramData\Spybot Search & Destroy" => not found.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
EmptyTemp: => 588.2 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 16:56:40 ====
 
# AdwCleaner v5.025 - Logfile created 16/12/2015 at 18:46:39
# Updated 13/12/2015 by Xplode
# Database : 2015-12-13.2 [Local]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Karen McKinnis - KILGARRAH
# Running from : C:\Users\Karen McKinnis\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\Red Sky
[-] Folder Deleted : C:\Program Files (x86)\Uninstaller
[-] Folder Deleted : C:\ProgramData\SecTaskMan
[-] Folder Deleted : C:\Users\comp admin\AppData\Local\PackageAware
[-] Folder Deleted : C:\Users\Karen McKinnis\AppData\Local\Tuguu_SL
[-] Folder Deleted : C:\Users\Karen McKinnis\AppData\Local\DriverTuner
[-] Folder Deleted : C:\Users\Karen McKinnis\AppData\Roaming\Device
[-] Folder Deleted : C:\Users\Karen McKinnis\AppData\Roaming\serv
[-] Folder Deleted : C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video Converter
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js
[-] File Deleted : C:\Program Files (x86)\Pale Moon\searchplugins\yahoo.xml
[-] File Deleted : C:\windows\Downloaded Program Files\popcaploader.inf
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : OpenCandyHelperRunOnce
[-] Task Deleted : OpenCandyHelperRunAsStandardUser
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2
[-] Key Deleted : HKLM\Software\Classes\popcaploader.popcaploaderctrl2.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKCU\Software\59edb8db739ba15
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C9C5DEAF-0A1F-4660-8279-9EDFAD6FEFE1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3EC1A45C-8BC3-4BFE-B226-4051C5D3D068}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26f85065-c8fd-4f8e-afaa-76262785688e}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4E3E0F8-CD30-4380-8CE9-B96904BDEFCA}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE8A736F-4124-4D9C-B4B1-3B12381EFABE}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26f85065-c8fd-4f8e-afaa-76262785688e}
[-] Key Deleted : HKCU\Software\APN DTX
[-] Key Deleted : HKCU\Software\APN PIP
[-] Key Deleted : HKCU\Software\IM
[-] Key Deleted : HKCU\Software\ImInstaller
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\DriverTuner_Init
[-] Key Deleted : HKCU\Software\DriverTuner
[-] Key Deleted : HKCU\Software\Burn4Free
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
[-] Key Deleted : HKLM\SOFTWARE\GamesBarSetup
[-] Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
[-] Key Deleted : HKLM\SOFTWARE\Video Converter
[-] Key Deleted : HKLM\SOFTWARE\Web Assistant
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
[-] Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key Deleted : HKU\.DEFAULT\Software\IBUpdaterService
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\media enhance
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0DAFCB5E-5BA4-4117-B262-C0B0490EE199}
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\prefs.js] [Preference] Deleted : user_pref("avira.safe_search.installed", "[\"safesearchplus\"]");
[-] [C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\prefs.js] [Preference] Deleted : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"fullscreen-button\",\"find-[...]
[-] [C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\nvxwbi68.default\prefs.js] [Preference] Deleted : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"afa77adff196d42f0990cdaf7b73803f5b465037\"");
 
*************************
 
:: "Tracing" keys removed
:: Chrome policies deleted
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7327 bytes] ##########
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/16/2015
Scan Time: 9:21 PM
Logfile: Malware scan.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.09.22.05
Rootkit Database: v2015.09.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Karen McKinnis
 
Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 0
(No malicious items detected)
Time Elapsed: 0 min, 16 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 

  • 0

#12
mckinnik

mckinnik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

I tried using Mozilla Firefox this morning and it's even worse than Chrome


  • 0

#13
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi McKinnik
 

I tried using Mozilla Firefox this morning and it's even worse than Chrome


Ok. Thanks for the update. We will have a look at this a bit later.

The MBAM log looks like it was one that was cancelled. Please copy/paste all the MBAM logs from Wednesday 16 December in your next reply.

To do this.
  • Double click on Malwarebytes to open the application.
  • Click on History
  • Click on application logs.
  • under the heading type, locate the latest log called Scan Log and double click to select it.
  • In the next window that opens click Export then select Text file (.txt). Save this to your desktop. You can call the file MBAM, MBAM1 etc.
  • Copy and paste the entire contents of the report into your next reply.

  • 0

#14
mckinnik

mckinnik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Whoops ... sorry about that. Hopefully this is the one you want. As I look all the logs say cancelled. I'm really confused now.

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/16/2015
Scan Time: 9:21 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.09.22.05
Rootkit Database: v2015.09.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Karen McKinnis
 
Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 0
(No malicious items detected)
Time Elapsed: 0 min, 16 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#15
mckinnik

mckinnik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Just in case, there was another log called daily protection .... somehow I don't think the scan ran right or I did something wrong

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Update, 12/16/2015 7:39 PM, SYSTEM, KILGARRAH, Manual, Failed, Unable to access update server, 
Error, 12/16/2015 7:56 PM, SYSTEM, KILGARRAH, Manual, 0, 
Update, 12/16/2015 7:56 PM, SYSTEM, KILGARRAH, Manual, Malware Database, Failed, Unable to access update server, 2015.9.22.5, 2015.12.16.6, 
Update, 12/16/2015 9:21 PM, SYSTEM, KILGARRAH, Manual, Failed, Unable to access update server, 
Update, 12/16/2015 9:31 PM, SYSTEM, KILGARRAH, Manual, Failed, Unable to access update server, 
Scan, 12/16/2015 9:46 PM, SYSTEM, KILGARRAH, Manual, Start:12/16/2015 9:21 PM, Duration:0 min 16 sec, Threat Scan, Cancelled, 0 Malware Detections, 0 Non-Malware Detections, 
Update, 12/16/2015 10:23 PM, SYSTEM, KILGARRAH, Manual, Remediation Database, 2015.9.16.1, 2015.12.15.2, 
Update, 12/16/2015 10:23 PM, SYSTEM, KILGARRAH, Manual, IP Database, 2015.9.21.2, 2015.12.16.2, 
Error, 12/16/2015 10:24 PM, SYSTEM, KILGARRAH, Manual, 0, 
Update, 12/16/2015 10:24 PM, SYSTEM, KILGARRAH, Manual, Domain Database, Failed, Unable to access update server, 2015.9.22.3, 2015.12.17.5, 
Error, 12/16/2015 10:24 PM, SYSTEM, KILGARRAH, Manual, 0, 
Update, 12/16/2015 10:24 PM, SYSTEM, KILGARRAH, Manual, Malware Database, Failed, Unable to access update server, 2015.9.22.5, 2015.12.17.1, 
Scan, 12/16/2015 11:20 PM, SYSTEM, KILGARRAH, Manual, Start:12/16/2015 10:24 PM, Duration:55 min 18 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections, 
 
(end)

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP