Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I think my computer is infected [Solved]


  • This topic is locked This topic is locked

#16
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi McKinnik

Thank you for the protection log. The scan worked and did not find any detections! :)
 

Scan, 12/16/2015 11:20 PM, SYSTEM, KILGARRAH, Manual, Start:12/16/2015 10:24 PM, Duration:55 min 18 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,


As you are having problems with browsers let's see if resetting them will help.

Step1 - Reset Web browsers
  • Please see this guide on how to reset your web browsers.
  • Please follow the instructions for Chrome, FireFox and Internet Explorer.


    Step2 - Revo Uninstaller

    The Hosts file still seems to not want resetting so we'll try another way.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on Spybot.
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • When prompted click on Yes and then on next.
  • Put a check on any folders that are found and select delete
  • When prompted select yes then on next
  • Once done click Finish.


    Things for your next post:
  • Are the web browers better after the reset?
  • Any issues with Step2 uninstall?

  • 0

Advertisements


#17
mckinnik

mckinnik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

I was able to reset Chrome and Firefox with no problems. Initally I was very pleased as all web pages loaded up faster than before. I then reset Internet Explorer which was previously almost unusable. It took quiet awhile for it to open and after the reset it wanted me to restart my computer which I did. After the restart all three browsers went back to their previous condition. I downloaded the Revco uninstaller but Spybot is not on the list of programs to uninstall.


  • 0

#18
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi McKinnik
 

After the restart all three browsers went back to their previous condition.


Sorry, just for clarity can you confirm what happens when you open the browsers?

Also please run a fresh set of FRST logs.
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Addition.txt box under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt and Addition.txt to your reply.

    Thanks

  • 0

#19
mckinnik

mckinnik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

The problems I am having with my web browsers is that it takes several minutes to access each web page. Watching Netflix means buffering several times during one half hour program. Games on facebook take up to 15 minutes or more to load. Clearing browser data seems to help but is only temporary.Internet Explorer is the worst. When I first start it, it comes up but sets there as a blank page for 5 or so minutes before giving me my home page and menu bars. Downloading anything takes quite a long time also. It took me several try's to update the Fubar Recovery Scan tool as my browser would become unresponsive and not update. I finally reset Chrome once more and remembering something some one told me once, I completely shut down my computer, waited for five minutes and restarted. Fubar was able to update after that and I was able to run the scans.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Karen McKinnis (administrator) on KILGARRAH (22-12-2015 17:03:16)
Running from C:\Users\Karen McKinnis\Desktop
Loaded Profiles: Karen McKinnis (Available Profiles: Karen McKinnis & comp admin & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
( ) C:\Windows\System32\lxdncoms.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\update.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\updrgui.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\igfxcui: 
HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\Run: [Google Update] => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{1BC4ED45-0C56-4A2E-8C6A-6B107EBFF8B8}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{9BD772A9-DC8C-4DD4-9C84-400D91785FB4}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/
SearchScopes: HKLM -> DefaultScope {295C8D1A-956E-45FF-BF82-4C7D5D969816} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {295C8D1A-956E-45FF-BF82-4C7D5D969816} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {FF4F0CAD-67E0-4E27-864A-EB3D9C1379D3} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {FF4F0CAD-67E0-4E27-864A-EB3D9C1379D3} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> DefaultScope {FE11B435-125E-42BF-B030-A6DF941B2B48} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> {295C8D1A-956E-45FF-BF82-4C7D5D969816} URL = 
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> {FE11B435-125E-42BF-B030-A6DF941B2B48} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-09] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-09] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
 
FireFox:
========
FF ProfilePath: C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\59le680l.default-1450624724047
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-16] ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\windows\system32\npDeployJava1.dll [2013-09-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-14] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-09] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-12-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-12-10] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: @nds.com/PlayerPlugin -> C:\Users\Karen McKinnis\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2013-06-25] (DIRECTV)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: @talk.google.com/O1DPlugin -> C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Karen McKinnis\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Karen McKinnis\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: NDS.com/PlayerPlugin -> C:\Users\Karen McKinnis\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2013-06-25] (DIRECTV)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Karen McKinnis\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Karen McKinnis\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Play Pickle TextLinks - C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2011-08-08] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-12-20] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-12-20] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/webhp?sourceid=navclient-ff
CHR DefaultSearchURL: Default -> hxxps://safesearch.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://safesearch.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-09]
CHR Extension: (Bejeweled) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-04-22]
CHR Extension: (Google Docs) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-09]
CHR Extension: (Google Drive) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (TV) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2015-04-22]
CHR Extension: (YouTube) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-12-15]
CHR Extension: (Google Docs Offline) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Crackle) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-09-09]
CHR Extension: (Avira SafeSearch) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjilmcjipkeokomeekfnhkpbnhmgaje [2015-12-22]
CHR Extension: (Skype) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-09]
CHR Extension: (RSS Feed Reader) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2015-12-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
StartMenuInternet: Google Chrome.F7MOBJCLTVQD3HV3IATKQYRXT4 - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-22] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [249624 2015-11-23] (Avira Operations GmbH & Co. KG)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2012-09-07] (Freemake) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 lxdn_device; C:\windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 lxdn_device; C:\windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1095976 2015-12-10] (RealNetworks, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-08-29] (Windows ® Win 7 DDK provider)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 ZTEusbgps; C:\Windows\System32\DRIVERS\ZTEusbgps.sys [123520 2010-12-08] (ZTE Incorporated) [File not signed]
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [235008 2011-04-09] (ZTE Incorporated) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-22 15:24 - 2015-12-22 15:29 - 03254603 _____ (Piriform Ltd) C:\Users\Karen McKinnis\Downloads\Unconfirmed 565457.crdownload
2015-12-20 14:23 - 2015-12-22 12:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-20 09:51 - 2015-12-20 09:51 - 00001275 _____ C:\Users\Karen McKinnis\Desktop\Revo Uninstaller.lnk
2015-12-20 09:51 - 2015-12-20 09:51 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2015-12-20 09:51 - 2015-12-20 09:51 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-12-20 09:46 - 2015-12-20 09:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Karen McKinnis\Desktop\revosetup.exe
2015-12-18 17:42 - 2015-12-18 17:42 - 00001517 _____ C:\Users\Karen McKinnis\Desktop\MBAM2.txt
2015-12-18 17:41 - 2015-12-18 17:41 - 00001517 _____ C:\MBAM2.txt
2015-12-18 17:38 - 2015-12-18 17:38 - 00001084 _____ C:\Users\Karen McKinnis\Desktop\MBAM.txt
2015-12-18 17:36 - 2015-12-18 17:36 - 00001060 _____ C:\MBAM.txt
2015-12-17 12:58 - 2015-12-17 12:58 - 00001092 _____ C:\Users\Karen McKinnis\Desktop\Malware scan.txt
2015-12-16 19:36 - 2015-12-18 17:43 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-16 19:35 - 2015-12-16 19:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-16 19:35 - 2015-12-16 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-16 19:35 - 2015-12-16 19:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-16 19:35 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-12-16 19:35 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-12-16 19:35 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-12-16 19:22 - 2015-12-16 19:24 - 22908888 _____ (Malwarebytes ) C:\Users\Karen McKinnis\Desktop\mbam-setup-majorgeeks-2.2.0.1024 (1).exe
2015-12-16 18:56 - 2015-12-16 18:56 - 00007430 _____ C:\Users\Karen McKinnis\Desktop\AdwCleaner[C1].txt
2015-12-16 16:39 - 2015-12-22 17:02 - 00000000 ____D C:\Users\Karen McKinnis\Desktop\FRST-OlderVersion
2015-12-16 14:51 - 2015-12-16 15:02 - 22908888 _____ (Malwarebytes ) C:\Users\Karen McKinnis\Desktop\mbam-setup-majorgeeks-2.2.0.1024.exe
2015-12-14 19:30 - 2015-12-14 19:30 - 00007737 _____ C:\Users\Karen McKinnis\Desktop\AdwCleaner[S1].txt
2015-12-14 18:39 - 2015-12-16 18:46 - 00000000 ____D C:\AdwCleaner
2015-12-14 18:33 - 2015-12-14 18:36 - 01740288 _____ C:\Users\Karen McKinnis\Desktop\AdwCleaner.exe
2015-12-14 18:22 - 2015-12-14 18:22 - 00051038 _____ C:\Users\Karen McKinnis\Desktop\JRT.txt
2015-12-14 18:06 - 2015-12-14 18:06 - 01599336 _____ (Malwarebytes) C:\Users\Karen McKinnis\Desktop\JRT.exe
2015-12-14 09:05 - 2015-12-16 16:56 - 00000763 _____ C:\Users\Karen McKinnis\Desktop\Fixlog.txt
2015-12-12 13:08 - 2015-12-12 13:14 - 00054256 _____ C:\Users\Karen McKinnis\Desktop\Addition.txt
2015-12-12 13:07 - 2015-12-22 17:03 - 00024830 _____ C:\Users\Karen McKinnis\Desktop\FRST.txt
2015-12-12 13:06 - 2015-12-22 17:03 - 00000000 ____D C:\FRST
2015-12-12 13:04 - 2015-12-22 17:02 - 02370560 _____ (Farbar) C:\Users\Karen McKinnis\Desktop\FRST64.exe
2015-12-10 10:39 - 2015-12-10 10:39 - 00428727 _____ C:\Users\Karen McKinnis\AppData\Local\census.cache
2015-12-10 10:39 - 2015-12-10 10:39 - 00207101 _____ C:\Users\Karen McKinnis\AppData\Local\ars.cache
2015-12-10 09:56 - 2015-05-29 00:43 - 00307352 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2015-12-10 09:52 - 2015-12-10 09:52 - 00000036 _____ C:\Users\Karen McKinnis\AppData\Local\housecall.guid.cache
2015-12-10 09:19 - 2015-12-10 09:21 - 02494944 _____ (Trend Micro Inc.) C:\Users\Karen McKinnis\Downloads\HousecallLauncher64.exe
2015-12-10 08:41 - 2015-12-10 08:41 - 00001732 _____ C:\Users\Karen McKinnis\Documents\cc_20151210_084056.reg
2015-12-10 07:49 - 2015-12-10 07:49 - 00000982 _____ C:\Users\Public\Desktop\RealPlayer (RealTimes).lnk
2015-12-10 07:48 - 2015-12-10 07:48 - 00003382 _____ C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-851422437-3431464140-778240321-1000
2015-12-10 07:48 - 2015-12-10 07:48 - 00003266 _____ C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-851422437-3431464140-778240321-1000
2015-12-10 07:48 - 2015-12-10 07:48 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Roaming\RealNetworks
2015-12-10 07:47 - 2015-12-10 07:47 - 00000000 ____D C:\ProgramData\RealNetworks
2015-12-10 07:47 - 2015-12-10 07:47 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2015-12-10 07:44 - 2015-12-10 07:44 - 00200976 _____ (RealNetworks, Inc.) C:\windows\SysWOW64\rmoc3260.dll
2015-12-10 07:43 - 2015-12-10 07:43 - 00278800 _____ (Progressive Networks) C:\windows\SysWOW64\pncrt.dll
2015-12-10 07:41 - 2015-12-10 07:41 - 00505616 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp71.dll
2015-12-10 07:41 - 2015-12-10 07:41 - 00354064 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll
2015-12-08 02:56 - 2015-12-08 02:56 - 00000458 _____ C:\Users\Karen McKinnis\Documents\cc_20151208_025609.reg
2015-12-08 02:47 - 2015-12-08 02:51 - 06801752 _____ (Piriform Ltd) C:\Users\Karen McKinnis\Downloads\ccsetup512.exe
2015-12-08 02:22 - 2015-12-08 02:22 - 00003744 _____ C:\Users\Karen McKinnis\Documents\cc_20151208_022237.reg
2015-12-02 11:10 - 2015-12-02 11:11 - 00000000 ____D C:\Users\Karen McKinnis\Documents\Principal Financial Group 2015
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-22 16:51 - 2015-01-31 13:16 - 00003966 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{844D8B97-4D15-4F29-99E6-DEE9E1BC4065}
2015-12-22 16:41 - 2010-10-15 10:41 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-22 16:38 - 2009-07-13 21:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-22 16:38 - 2009-07-13 21:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-22 16:31 - 2013-05-13 18:45 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Local\HTC MediaHub
2015-12-22 16:31 - 2010-10-15 10:41 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-22 16:30 - 2011-12-16 10:45 - 00000434 _____ C:\windows\system32\Drivers\etc\hosts.ics
2015-12-22 16:29 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-22 16:17 - 2014-09-22 18:52 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-12-22 16:05 - 2015-06-29 05:35 - 00000944 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000UA.job
2015-12-22 15:05 - 2011-09-01 11:09 - 00000000 ____D C:\ProgramData\lx_Cats
2015-12-22 12:30 - 2015-03-01 19:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-21 19:05 - 2015-06-29 05:35 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000Core.job
2015-12-20 08:27 - 2011-03-01 12:05 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Local\Google
2015-12-20 08:18 - 2014-04-07 16:31 - 00000000 ____D C:\Users\Karen McKinnis\Desktop\Old Firefox Data
2015-12-19 16:46 - 2009-07-13 22:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2015-12-19 16:46 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2015-12-19 16:44 - 2011-03-12 16:33 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Local\CrashDumps
2015-12-18 11:24 - 2015-07-18 08:58 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-18 10:21 - 2015-11-10 09:50 - 00001145 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-12-18 10:21 - 2015-08-17 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-16 21:44 - 2012-05-14 01:33 - 00000000 ____D C:\ProgramData\InstallMate
2015-12-16 21:44 - 2009-07-13 20:20 - 00000000 ____D C:\windows\Web
2015-12-16 18:47 - 2009-07-13 22:32 - 00000000 ____D C:\windows\Downloaded Program Files
2015-12-16 09:27 - 2014-09-22 18:52 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-12-16 09:27 - 2012-06-18 10:48 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-12-16 09:27 - 2012-06-18 10:48 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-16 05:57 - 2011-03-01 15:41 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Roaming\Mozilla
2015-12-14 18:18 - 2009-07-13 20:20 - 00000000 ____D C:\Windows
2015-12-14 10:36 - 2011-03-01 20:30 - 00007654 _____ C:\Users\Karen McKinnis\AppData\Local\Resmon.ResmonCfg
2015-12-14 09:06 - 2011-03-22 17:20 - 00000000 ____D C:\Users\Karen McKinnis\AppData\LocalLow\Temp
2015-12-14 09:05 - 2009-07-13 20:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2015-12-14 08:53 - 2012-11-29 09:07 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-14 08:53 - 2012-11-29 09:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2015-12-14 08:53 - 2012-11-29 09:07 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2015-12-10 09:10 - 2011-09-20 10:27 - 00000000 ____D C:\windows\pss
2015-12-10 08:56 - 2014-03-17 07:59 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-10 08:21 - 2011-11-25 07:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-10 07:55 - 2015-07-18 08:59 - 00003444 _____ C:\windows\System32\Tasks\RealDownloader Update Check
2015-12-10 07:50 - 2011-03-20 14:46 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Roaming\Real
2015-12-10 07:49 - 2011-03-20 14:46 - 00000000 ____D C:\Program Files (x86)\Real
2015-12-10 07:48 - 2013-08-02 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2015-12-10 07:48 - 2011-03-20 14:46 - 00000000 ____D C:\ProgramData\Real
2015-12-04 18:36 - 2010-10-15 10:41 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 18:36 - 2010-10-15 10:41 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 13:18 - 2011-03-02 03:33 - 00301728 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-12-02 10:15 - 2015-08-21 07:11 - 00002042 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2015-12-02 10:15 - 2011-12-04 13:22 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Local\Downloaded Installations
2015-12-01 19:00 - 2015-06-29 05:35 - 00003936 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000UA
2015-12-01 19:00 - 2015-06-29 05:35 - 00003540 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000Core
2015-12-01 03:44 - 2015-08-17 16:47 - 00162072 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2015-12-01 03:44 - 2015-08-17 16:47 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-12-01 03:44 - 2015-08-17 16:47 - 00075472 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2015-11-26 12:19 - 2015-11-01 13:45 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
 
==================== Files in the root of some directories =======
 
2012-10-25 07:32 - 2015-03-01 18:34 - 0032768 ___SH () C:\Users\Karen McKinnis\AppData\Roaming\Thumbs.db
2012-02-09 21:04 - 2012-02-09 21:04 - 0027702 _____ () C:\Users\Karen McKinnis\AppData\Roaming\UserTile.png
2015-12-10 10:39 - 2015-12-10 10:39 - 0207101 _____ () C:\Users\Karen McKinnis\AppData\Local\ars.cache
2015-12-10 10:39 - 2015-12-10 10:39 - 0428727 _____ () C:\Users\Karen McKinnis\AppData\Local\census.cache
2011-03-31 17:53 - 2014-04-19 22:38 - 0123904 _____ () C:\Users\Karen McKinnis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-05 04:00 - 2014-07-05 04:01 - 0000084 _____ () C:\Users\Karen McKinnis\AppData\Local\DVDPATH.TXT
2015-12-10 09:52 - 2015-12-10 09:52 - 0000036 _____ () C:\Users\Karen McKinnis\AppData\Local\housecall.guid.cache
2011-03-01 20:30 - 2015-12-14 10:36 - 0007654 _____ () C:\Users\Karen McKinnis\AppData\Local\Resmon.ResmonCfg
2011-03-01 15:25 - 2011-03-01 15:25 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-09-01 11:11 - 2011-09-01 11:11 - 0000252 _____ () C:\ProgramData\FastPics.log
2011-12-21 16:00 - 2015-02-19 11:48 - 0001102 _____ () C:\ProgramData\lxdnDiagnostics.log
2011-09-01 21:22 - 2011-09-01 21:23 - 0000126 _____ () C:\ProgramData\tbsched.log
2011-09-01 11:13 - 2011-09-01 11:13 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some files in TEMP:
====================
C:\Users\Karen McKinnis\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-20 00:23
 
==================== End of FRST.txt ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Karen McKinnis (2015-12-22 17:05:01)
Running from C:\Users\Karen McKinnis\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-03-01 19:00:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-851422437-3431464140-778240321-500 - Administrator - Disabled)
comp admin (S-1-5-21-851422437-3431464140-778240321-1003 - Administrator - Enabled) => C:\Users\comp admin
Guest (S-1-5-21-851422437-3431464140-778240321-501 - Limited - Enabled) => C:\Users\Guest.KarenMcKinnis
HomeGroupUser$ (S-1-5-21-851422437-3431464140-778240321-1002 - Limited - Enabled)
Karen McKinnis (S-1-5-21-851422437-3431464140-778240321-1000 - Administrator - Enabled) => C:\Users\Karen McKinnis
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira Launcher (HKLM-x32\...\{d0e166af-1634-4c0b-ae96-2180e61f9d38}) (Version: 1.1.52.15531 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.52.15531 - Avira Operations GmbH & Co. KG) Hidden
Bricks of Atlantis (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11050883}) (Version:  - Oberon Media)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Chuzzle (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version:  - Oberon Media)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DIRECTV Player (HKLM-x32\...\{69b8745b-65c2-4a2d-b5db-00e0cd841f1e}) (Version: 9.0 - DIRECTV)
Dynasty (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}) (Version:  - Oberon Media)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free All-In-One Media Player (HKLM-x32\...\Free Media Player_is1) (Version:  - Free Software Group)
Free FLAC to MP3 Converter 1.0 (HKLM-x32\...\{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1) (Version:  - PolySoft Solutions)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Freemake Video Converter version 3.2.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation)
G-Force (HKLM-x32\...\G-Force) (Version: 3.9.1 - SoundSpectrum)
Google Chrome (HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.64.0 - HTC)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
[email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version:  - Lexmark International, Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mavis Beacon Teaches Typing Platinum 20 (HKLM-x32\...\{58F9D852-9443-4955-A1ED-12C9E0504DD0}) (Version: 20.00.0000 - Broderbund)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Morphyre (HKLM-x32\...\Morphyre) (Version:  - )
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MusicManager) (Version:  - Google, Inc.)
OpenSource Flash Video Splitter (remove only) (HKLM-x32\...\OpenSource Flash Video Splitter) (Version:  - )
Pale Moon 12.3 (x86 en-US) (HKLM-x32\...\Pale Moon 12.3 (x86 en-US)) (Version: 12.3 - Mozilla)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 18.1.2.176 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.2.179 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.2 - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RescuePRO™ 3.0 (HKLM-x32\...\RescuePRO-3.0) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1136 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{76078303-BAA2-4FBF-BA13-D1065195E696}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.3.7 - Shark007)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-851422437-3431464140-778240321-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Karen McKinnis\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-851422437-3431464140-778240321-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Karen McKinnis\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
14-12-2015 00:00:02 Scheduled Checkpoint
14-12-2015 18:17:11 JRT Pre-Junkware Removal
16-12-2015 07:03:01 Windows Update
16-12-2015 16:41:17 Restore Point Created by FRST
19-12-2015 09:55:18 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2013-01-21 10:59 - 00445399 ____N C:\windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15286 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {22810756-8480-4FAD-883D-FBEF5B2F72E7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {45E5DE3B-1195-4DAF-AEB3-564EBB627774} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000Core => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5DA29C60-6351-4464-A4E8-A7D18C1C2716} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\MatSvc\DataUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RetryDataUpload
Task: {5F76E66B-A38B-4DAC-9C78-9C62DEE86E04} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-11-04] ()
Task: {8460CDA7-D46A-4B06-A882-8DB16D3D87D2} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-851422437-3431464140-778240321-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {8D7EA35B-5E4E-40A4-B24C-55C8B2F36AC2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-851422437-3431464140-778240321-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {903087C8-D0BF-41AF-9457-A109C1604081} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade
Task: {AB9CC5FE-E1E6-43F2-96EC-185E4832D74C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-16] (Adobe Systems Incorporated)
Task: {AFE9D5E5-5568-4FC0-8970-F55299F84480} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo
Task: {B9FAF1D9-6D73-4D72-99EE-B341C16522C6} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ReportUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunUploadWinReports
Task: {BF13A229-932B-40A3-B3B9-33F915BED027} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.)
Task: {C005D3A0-ABEE-44D2-8D69-C9D9EE5618A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C1C9B998-2022-4712-BCFB-085A924FD781} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000UA => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D749846B-79C4-45C8-BE37-F658B18A5CB8} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {D915A784-DDD7-422C-8C2C-0C0AAC59421D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {DACC143D-8033-41D2-A0E0-3B3BCF735835} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000Core.job => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000UA.job => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-09-01 20:17 - 2009-08-13 12:06 - 00177152 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2013-05-13 18:44 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-11-04 15:20 - 2015-11-04 15:20 - 00033088 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2009-07-23 19:54 - 2009-07-23 19:54 - 01024512 _____ () C:\windows\system32\lxdndrs64.dll
2009-05-14 13:47 - 2009-05-14 13:47 - 00025088 _____ () C:\windows\system32\lxdncaps64.dll
2007-10-02 14:51 - 2007-10-02 14:51 - 00054784 _____ () C:\windows\system32\lxdncnv464.dll
2015-07-14 15:35 - 2015-07-14 15:35 - 00030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2015-11-24 16:02 - 2015-11-24 16:02 - 00604288 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2015-07-14 15:36 - 2015-07-14 15:36 - 00059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2015-07-14 15:35 - 2015-07-14 15:35 - 00035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2015-07-14 15:36 - 2015-07-14 15:36 - 00079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2015-07-14 15:37 - 2015-07-14 15:37 - 00129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2015-07-14 15:39 - 2015-07-14 15:39 - 00223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00037720 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2015-11-04 15:19 - 2015-11-04 15:19 - 00039768 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00037728 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\europacasino.com -> www.europacasino.com
IE trusted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\microsoft.com -> hxxp://office.microsoft.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\europacasino.com -> www.europacasino.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{2E2CA84B-150C-41AE-9E29-77AF4BE45107}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe
FirewallRules: [UDP Query User{515D7572-6AA8-4A4C-AC7F-F1A96738D3A1}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe
FirewallRules: [{FD6DA8D1-A974-4329-B464-47A1A5D70EBF}] => (Allow) C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe
FirewallRules: [{393EC0A9-D9C9-42BA-8173-ABE73B219B54}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CD946484-4609-4A54-97E8-0C9C26DB8DDB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/22/2015 04:40:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 17.12.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 101c
 
Start Time: 01d13d11ee18775e
 
Termination Time: 16
 
Application Path: C:\Users\Karen McKinnis\Desktop\FRST64.exe
 
Report Id: 42f80b8b-a905-11e5-9987-00266ca6737b
 
Error: (12/22/2015 03:36:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 17.12.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d9c
 
Start Time: 01d13d0891a51cb2
 
Termination Time: 78
 
Application Path: C:\Users\Karen McKinnis\Desktop\FRST64.exe
 
Report Id: 53778c49-a8fc-11e5-9e9f-00266ca6737b
 
Error: (12/22/2015 03:12:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 17.12.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ad0
 
Start Time: 01d13d05af253cc7
 
Termination Time: 234
 
Application Path: C:\Users\Karen McKinnis\Desktop\FRST64.exe
 
Report Id: 1501c308-a8f9-11e5-845a-00266ca6737b
 
Error: (12/22/2015 03:10:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 17.12.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11b0
 
Start Time: 01d13d0518560d1c
 
Termination Time: 172
 
Application Path: C:\Users\Karen McKinnis\Desktop\FRST64.exe
 
Report Id: b56d4c08-a8f8-11e5-845a-00266ca6737b
 
Error: (12/20/2015 11:03:33 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0xC004F00E
.
 
Error: (12/20/2015 11:03:33 PM) (Source: MatSvc) (EventID: 3) (User: )
Description: The MATS service encountered a web service failure. hr=0x80072EFE
 
Error: (12/20/2015 08:53:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/20/2015 08:53:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/20/2015 08:53:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (12/19/2015 04:43:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: downloader2.exe, version: 18.1.2.179, time stamp: 0x563a787e
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0xd3c
Faulting application start time: 0xdownloader2.exe0
Faulting application path: downloader2.exe1
Faulting module path: downloader2.exe2
Report Id: downloader2.exe3
 
 
System errors:
=============
Error: (12/22/2015 04:30:25 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.3192.168.137.0255.255.255.0
 
Error: (12/22/2015 04:30:25 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (12/22/2015 03:16:22 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.3192.168.137.0255.255.255.0
 
Error: (12/22/2015 03:16:21 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (12/22/2015 03:02:23 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
 
Error: (12/22/2015 02:37:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
 
Error: (12/22/2015 12:32:04 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.3192.168.137.0255.255.255.0
 
Error: (12/22/2015 12:32:04 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (12/22/2015 08:46:55 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
Error: (12/22/2015 08:46:47 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 925 @ 2.30GHz
Percentage of memory in use: 41%
Total physical RAM: 2939.98 MB
Available physical RAM: 1706.09 MB
Total Virtual: 5878.16 MB
Available Virtual: 4305.63 MB
 
==================== Drives ================================
 
Drive c: (TI106034W0C) (Fixed) (Total:221.24 GB) (Free:147.75 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive i: (TOSHIBA HDD) (Fixed) (Total:931.28 GB) (Free:750.02 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 5FBA0294)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=221.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B86F9514)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

  • 0

#20
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi McKinnik

I haven't forgotten about you. :)

I have a fix awaiting approval but due to Christmas time etc there is a bit of delay. Hope you understand.

Hope you had a good Christmas. :)
  • 0

#21
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Mckinnik

OK let try this.

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
Task: C:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\ProgramData\Spybot - Search & Destroy
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
C:\Program Files (x86)\Spybot - Search & Destroy
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:

  • Save this as fixlist.txt, in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - Run Fresh FRST scan
  • Please run Farbars Recovery Scan Tool again. Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
  • Please tick the Shortcut.txt and Addition.txt boxes under Optional Scan.
  • Press Scan button.
  • It will make logs FRST.txt, Shortcut.txt & Addition.txt in the same directory the tool is run.
  • Please copy and paste the FRST.txt, Shortcut.txt and Addition.txt to your reply.


    Step3

    Lets try running Internet Explorer with no add ons to see if that speeds up the browsing as it may be an add on causing an issue.
  • Click on Start.
  • Then All Programs
  • Accessories
  • Then System Tools
  • Select Internet Explorer (No Add Ons)

    Try opening some web pages and browsing to see if this is better.

    Things for your next post:
  • fixlog.txt
  • FRST.txt, Shortcut.txt and Addition.txt logs
  • How is Internet Explorer running?

  • 0

#22
mckinnik

mckinnik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Hello Bruce1270,

 

I did have a really nice Christmas and I pretty much figured that you would be taking some time off for the holidays. I ran the fix and scan as you requested and you will find the logs below.The fix ran perfectly and I encountered no problems. There were a couple of problems once again when I tried to run the scan. It hung up twice during the update that FRST wanted to do. Once again I completely shut down my computer and was able to run the scan. Part way through my Avira Anti-virus informed me that it was blocking the host file. There didn't seem to be anything I could do about that and the scan finished with no other problems.Internet Explorer did seem to run quite a bit better when I ran it with no add ones enabled.

 

Here are the logs you requested

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Karen McKinnis (2015-12-28 13:47:47) Run:4
Running from C:\Users\Karen McKinnis\Desktop
Loaded Profiles: Karen McKinnis (Available Profiles: Karen McKinnis & comp admin & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
Task: C:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\ProgramData\Spybot - Search & Destroy
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
C:\Program Files (x86)\Spybot - Search & Destroy
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
 
*****************
 
Restore point was successfully created.
C:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job => not found.
C:\ProgramData\Spybot - Search & Destroy => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy => moved successfully
C:\Program Files (x86)\Spybot - Search & Destroy => moved successfully
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ip reset c:\resetlog.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows IP Configuration
 
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::d077:a736:697e:d796%10
   Default Gateway . . . . . . . . . : 
 
========= End of CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows IP Configuration
 
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
 
Wireless LAN adapter Wireless Network Connection 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::d077:a736:697e:d796%10
   IPv4 Address. . . . . . . . . . . : 192.168.0.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => 733.9 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 13:52:18 ====
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Karen McKinnis (administrator) on KILGARRAH (28-12-2015 16:39:30)
Running from C:\Users\Karen McKinnis\Desktop
Loaded Profiles: Karen McKinnis (Available Profiles: Karen McKinnis & comp admin & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
( ) C:\Windows\System32\lxdncoms.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\igfxcui: 
HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\Run: [Google Update] => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{1BC4ED45-0C56-4A2E-8C6A-6B107EBFF8B8}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{9BD772A9-DC8C-4DD4-9C84-400D91785FB4}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/
SearchScopes: HKLM -> DefaultScope {295C8D1A-956E-45FF-BF82-4C7D5D969816} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {295C8D1A-956E-45FF-BF82-4C7D5D969816} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {FF4F0CAD-67E0-4E27-864A-EB3D9C1379D3} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {FF4F0CAD-67E0-4E27-864A-EB3D9C1379D3} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> DefaultScope {FE11B435-125E-42BF-B030-A6DF941B2B48} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> {295C8D1A-956E-45FF-BF82-4C7D5D969816} URL = 
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> {FE11B435-125E-42BF-B030-A6DF941B2B48} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-09] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-09] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-18] (Google Inc.)
Toolbar: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-18] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
 
FireFox:
========
FF ProfilePath: C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\59le680l.default-1450624724047
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-16] ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\windows\system32\npDeployJava1.dll [2013-09-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-16] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-14] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-09] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-12-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-12-10] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: @nds.com/PlayerPlugin -> C:\Users\Karen McKinnis\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2013-06-25] (DIRECTV)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: @talk.google.com/O1DPlugin -> C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Karen McKinnis\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Karen McKinnis\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: NDS.com/PlayerPlugin -> C:\Users\Karen McKinnis\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2013-06-25] (DIRECTV)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Karen McKinnis\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Karen McKinnis\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Extension: Play Pickle TextLinks - C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2011-08-08] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-12-20] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-12-20] [not signed]
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/webhp?sourceid=navclient-ff
CHR DefaultSearchURL: Default -> hxxps://safesearch.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://safesearch.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-09]
CHR Extension: (Bejeweled) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2015-04-22]
CHR Extension: (Google Docs) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-09]
CHR Extension: (Google Drive) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (TV) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2015-04-22]
CHR Extension: (YouTube) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-09]
CHR Extension: (Avira Browser Safety) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-12-15]
CHR Extension: (Google Docs Offline) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (Crackle) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-09-09]
CHR Extension: (Avira SafeSearch) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjilmcjipkeokomeekfnhkpbnhmgaje [2015-12-22]
CHR Extension: (Skype) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-09]
CHR Extension: (RSS Feed Reader) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2015-12-14]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
StartMenuInternet: Google Chrome.F7MOBJCLTVQD3HV3IATKQYRXT4 - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-22] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [249624 2015-11-23] (Avira Operations GmbH & Co. KG)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2012-09-07] (Freemake) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 lxdn_device; C:\windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 lxdn_device; C:\windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1095976 2015-12-10] (RealNetworks, Inc.)
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-08-29] (Windows ® Win 7 DDK provider)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 ZTEusbgps; C:\Windows\System32\DRIVERS\ZTEusbgps.sys [123520 2010-12-08] (ZTE Incorporated) [File not signed]
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [235008 2011-04-09] (ZTE Incorporated) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-22 19:08 - 2015-12-22 19:08 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Local\CrashRpt
2015-12-20 14:23 - 2015-12-22 12:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-20 09:51 - 2015-12-20 09:51 - 00001275 _____ C:\Users\Karen McKinnis\Desktop\Revo Uninstaller.lnk
2015-12-20 09:51 - 2015-12-20 09:51 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2015-12-20 09:51 - 2015-12-20 09:51 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-12-20 09:46 - 2015-12-20 09:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Karen McKinnis\Desktop\revosetup.exe
2015-12-18 17:42 - 2015-12-18 17:42 - 00001517 _____ C:\Users\Karen McKinnis\Desktop\MBAM2.txt
2015-12-18 17:41 - 2015-12-18 17:41 - 00001517 _____ C:\MBAM2.txt
2015-12-18 17:38 - 2015-12-18 17:38 - 00001084 _____ C:\Users\Karen McKinnis\Desktop\MBAM.txt
2015-12-18 17:36 - 2015-12-18 17:36 - 00001060 _____ C:\MBAM.txt
2015-12-17 12:58 - 2015-12-17 12:58 - 00001092 _____ C:\Users\Karen McKinnis\Desktop\Malware scan.txt
2015-12-16 19:36 - 2015-12-18 17:43 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-16 19:35 - 2015-12-16 19:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-16 19:35 - 2015-12-16 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-16 19:35 - 2015-12-16 19:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-16 19:35 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-12-16 19:35 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-12-16 19:35 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-12-16 19:22 - 2015-12-16 19:24 - 22908888 _____ (Malwarebytes ) C:\Users\Karen McKinnis\Desktop\mbam-setup-majorgeeks-2.2.0.1024 (1).exe
2015-12-16 18:56 - 2015-12-16 18:56 - 00007430 _____ C:\Users\Karen McKinnis\Desktop\AdwCleaner[C1].txt
2015-12-16 16:39 - 2015-12-22 17:02 - 00000000 ____D C:\Users\Karen McKinnis\Desktop\FRST-OlderVersion
2015-12-16 14:51 - 2015-12-16 15:02 - 22908888 _____ (Malwarebytes ) C:\Users\Karen McKinnis\Desktop\mbam-setup-majorgeeks-2.2.0.1024.exe
2015-12-14 19:30 - 2015-12-14 19:30 - 00007737 _____ C:\Users\Karen McKinnis\Desktop\AdwCleaner[S1].txt
2015-12-14 18:39 - 2015-12-16 18:46 - 00000000 ____D C:\AdwCleaner
2015-12-14 18:33 - 2015-12-14 18:36 - 01740288 _____ C:\Users\Karen McKinnis\Desktop\AdwCleaner.exe
2015-12-14 18:22 - 2015-12-14 18:22 - 00051038 _____ C:\Users\Karen McKinnis\Desktop\JRT.txt
2015-12-14 18:06 - 2015-12-14 18:06 - 01599336 _____ (Malwarebytes) C:\Users\Karen McKinnis\Desktop\JRT.exe
2015-12-14 09:05 - 2015-12-28 13:52 - 00004440 _____ C:\Users\Karen McKinnis\Desktop\Fixlog.txt
2015-12-12 13:08 - 2015-12-22 17:06 - 00033928 _____ C:\Users\Karen McKinnis\Desktop\Addition.txt
2015-12-12 13:07 - 2015-12-28 16:40 - 00024502 _____ C:\Users\Karen McKinnis\Desktop\FRST.txt
2015-12-12 13:06 - 2015-12-28 16:39 - 00000000 ____D C:\FRST
2015-12-12 13:04 - 2015-12-22 17:02 - 02370560 _____ (Farbar) C:\Users\Karen McKinnis\Desktop\FRST64.exe
2015-12-10 10:39 - 2015-12-10 10:39 - 00428727 _____ C:\Users\Karen McKinnis\AppData\Local\census.cache
2015-12-10 10:39 - 2015-12-10 10:39 - 00207101 _____ C:\Users\Karen McKinnis\AppData\Local\ars.cache
2015-12-10 09:56 - 2015-05-29 00:43 - 00307352 _____ (Trend Micro Inc.) C:\windows\system32\Drivers\tmcomm.sys
2015-12-10 09:52 - 2015-12-10 09:52 - 00000036 _____ C:\Users\Karen McKinnis\AppData\Local\housecall.guid.cache
2015-12-10 09:19 - 2015-12-10 09:21 - 02494944 _____ (Trend Micro Inc.) C:\Users\Karen McKinnis\Downloads\HousecallLauncher64.exe
2015-12-10 08:41 - 2015-12-10 08:41 - 00001732 _____ C:\Users\Karen McKinnis\Documents\cc_20151210_084056.reg
2015-12-10 07:49 - 2015-12-10 07:49 - 00000982 _____ C:\Users\Public\Desktop\RealPlayer (RealTimes).lnk
2015-12-10 07:48 - 2015-12-10 07:48 - 00003382 _____ C:\windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-851422437-3431464140-778240321-1000
2015-12-10 07:48 - 2015-12-10 07:48 - 00003266 _____ C:\windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-851422437-3431464140-778240321-1000
2015-12-10 07:48 - 2015-12-10 07:48 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Roaming\RealNetworks
2015-12-10 07:47 - 2015-12-10 07:47 - 00000000 ____D C:\ProgramData\RealNetworks
2015-12-10 07:47 - 2015-12-10 07:47 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2015-12-10 07:44 - 2015-12-10 07:44 - 00200976 _____ (RealNetworks, Inc.) C:\windows\SysWOW64\rmoc3260.dll
2015-12-10 07:43 - 2015-12-10 07:43 - 00278800 _____ (Progressive Networks) C:\windows\SysWOW64\pncrt.dll
2015-12-10 07:41 - 2015-12-10 07:41 - 00505616 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp71.dll
2015-12-10 07:41 - 2015-12-10 07:41 - 00354064 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr71.dll
2015-12-08 02:56 - 2015-12-08 02:56 - 00000458 _____ C:\Users\Karen McKinnis\Documents\cc_20151208_025609.reg
2015-12-08 02:47 - 2015-12-08 02:51 - 06801752 _____ (Piriform Ltd) C:\Users\Karen McKinnis\Downloads\ccsetup512.exe
2015-12-08 02:22 - 2015-12-08 02:22 - 00003744 _____ C:\Users\Karen McKinnis\Documents\cc_20151208_022237.reg
2015-12-02 11:10 - 2015-12-02 11:11 - 00000000 ____D C:\Users\Karen McKinnis\Documents\Principal Financial Group 2015
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-28 16:38 - 2011-12-16 10:45 - 00000435 _____ C:\windows\system32\Drivers\etc\hosts.ics
2015-12-28 16:38 - 2010-10-15 10:41 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-28 16:37 - 2013-05-13 18:45 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Local\HTC MediaHub
2015-12-28 16:36 - 2009-07-13 22:08 - 00032556 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-12-28 16:36 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-28 16:17 - 2014-09-22 18:52 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-12-28 16:05 - 2015-06-29 05:35 - 00000944 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000UA.job
2015-12-28 15:59 - 2015-01-31 13:16 - 00003966 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{844D8B97-4D15-4F29-99E6-DEE9E1BC4065}
2015-12-28 15:45 - 2010-10-15 10:41 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-28 14:23 - 2009-07-13 21:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-28 14:23 - 2009-07-13 21:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-28 11:47 - 2011-09-01 11:09 - 00000000 ____D C:\ProgramData\lx_Cats
2015-12-27 19:05 - 2015-06-29 05:35 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000Core.job
2015-12-27 08:08 - 2009-07-13 22:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2015-12-27 08:08 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2015-12-22 17:06 - 2009-07-13 20:20 - 00000000 ____D C:\Windows
2015-12-22 12:30 - 2015-03-01 19:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-20 08:27 - 2011-03-01 12:05 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Local\Google
2015-12-20 08:18 - 2014-04-07 16:31 - 00000000 ____D C:\Users\Karen McKinnis\Desktop\Old Firefox Data
2015-12-19 16:44 - 2011-03-12 16:33 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Local\CrashDumps
2015-12-18 11:24 - 2015-07-18 08:58 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-18 10:21 - 2015-11-10 09:50 - 00001145 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-12-18 10:21 - 2015-08-17 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-16 21:57 - 2009-07-13 20:20 - 00000000 ____D C:\windows\Web
2015-12-16 21:44 - 2012-05-14 01:33 - 00000000 ____D C:\ProgramData\InstallMate
2015-12-16 18:47 - 2009-07-13 22:32 - 00000000 ____D C:\windows\Downloaded Program Files
2015-12-16 09:27 - 2014-09-22 18:52 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-12-16 09:27 - 2012-06-18 10:48 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-12-16 09:27 - 2012-06-18 10:48 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-16 05:57 - 2011-03-01 15:41 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Roaming\Mozilla
2015-12-14 10:36 - 2011-03-01 20:30 - 00007654 _____ C:\Users\Karen McKinnis\AppData\Local\Resmon.ResmonCfg
2015-12-14 09:06 - 2011-03-22 17:20 - 00000000 ____D C:\Users\Karen McKinnis\AppData\LocalLow\Temp
2015-12-14 09:05 - 2009-07-13 20:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2015-12-10 09:10 - 2011-09-20 10:27 - 00000000 ____D C:\windows\pss
2015-12-10 08:56 - 2014-03-17 07:59 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-12-10 08:21 - 2011-11-25 07:49 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-10 07:55 - 2015-07-18 08:59 - 00003444 _____ C:\windows\System32\Tasks\RealDownloader Update Check
2015-12-10 07:50 - 2011-03-20 14:46 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Roaming\Real
2015-12-10 07:49 - 2011-03-20 14:46 - 00000000 ____D C:\Program Files (x86)\Real
2015-12-10 07:48 - 2013-08-02 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2015-12-10 07:48 - 2011-03-20 14:46 - 00000000 ____D C:\ProgramData\Real
2015-12-04 18:36 - 2010-10-15 10:41 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-04 18:36 - 2010-10-15 10:41 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-02 13:18 - 2011-03-02 03:33 - 00301728 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-12-02 10:15 - 2015-08-21 07:11 - 00002042 _____ C:\Users\Public\Desktop\HTC Sync Manager.lnk
2015-12-02 10:15 - 2011-12-04 13:22 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Local\Downloaded Installations
2015-12-01 19:00 - 2015-06-29 05:35 - 00003936 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000UA
2015-12-01 19:00 - 2015-06-29 05:35 - 00003540 _____ C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000Core
2015-12-01 03:44 - 2015-08-17 16:47 - 00162072 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2015-12-01 03:44 - 2015-08-17 16:47 - 00140448 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2015-12-01 03:44 - 2015-08-17 16:47 - 00075472 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
 
==================== Files in the root of some directories =======
 
2012-10-25 07:32 - 2015-03-01 18:34 - 0032768 ___SH () C:\Users\Karen McKinnis\AppData\Roaming\Thumbs.db
2012-02-09 21:04 - 2012-02-09 21:04 - 0027702 _____ () C:\Users\Karen McKinnis\AppData\Roaming\UserTile.png
2015-12-10 10:39 - 2015-12-10 10:39 - 0207101 _____ () C:\Users\Karen McKinnis\AppData\Local\ars.cache
2015-12-10 10:39 - 2015-12-10 10:39 - 0428727 _____ () C:\Users\Karen McKinnis\AppData\Local\census.cache
2011-03-31 17:53 - 2014-04-19 22:38 - 0123904 _____ () C:\Users\Karen McKinnis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-05 04:00 - 2014-07-05 04:01 - 0000084 _____ () C:\Users\Karen McKinnis\AppData\Local\DVDPATH.TXT
2015-12-10 09:52 - 2015-12-10 09:52 - 0000036 _____ () C:\Users\Karen McKinnis\AppData\Local\housecall.guid.cache
2011-03-01 20:30 - 2015-12-14 10:36 - 0007654 _____ () C:\Users\Karen McKinnis\AppData\Local\Resmon.ResmonCfg
2011-03-01 15:25 - 2011-03-01 15:25 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-09-01 11:11 - 2011-09-01 11:11 - 0000252 _____ () C:\ProgramData\FastPics.log
2011-12-21 16:00 - 2015-02-19 11:48 - 0001102 _____ () C:\ProgramData\lxdnDiagnostics.log
2011-09-01 21:22 - 2011-09-01 21:23 - 0000126 _____ () C:\ProgramData\tbsched.log
2011-09-01 11:13 - 2011-09-01 11:13 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some files in TEMP:
====================
C:\Users\Karen McKinnis\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-20 00:23
 
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Karen McKinnis (2015-12-28 16:40:54)
Running from C:\Users\Karen McKinnis\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-03-01 19:00:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-851422437-3431464140-778240321-500 - Administrator - Disabled)
comp admin (S-1-5-21-851422437-3431464140-778240321-1003 - Administrator - Enabled) => C:\Users\comp admin
Guest (S-1-5-21-851422437-3431464140-778240321-501 - Limited - Enabled) => C:\Users\Guest.KarenMcKinnis
HomeGroupUser$ (S-1-5-21-851422437-3431464140-778240321-1002 - Limited - Enabled)
Karen McKinnis (S-1-5-21-851422437-3431464140-778240321-1000 - Administrator - Enabled) => C:\Users\Karen McKinnis
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.228 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira Launcher (HKLM-x32\...\{d0e166af-1634-4c0b-ae96-2180e61f9d38}) (Version: 1.1.52.15531 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.52.15531 - Avira Operations GmbH & Co. KG) Hidden
Bricks of Atlantis (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11050883}) (Version:  - Oberon Media)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Chuzzle (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version:  - Oberon Media)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DIRECTV Player (HKLM-x32\...\{69b8745b-65c2-4a2d-b5db-00e0cd841f1e}) (Version: 9.0 - DIRECTV)
Dynasty (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}) (Version:  - Oberon Media)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free All-In-One Media Player (HKLM-x32\...\Free Media Player_is1) (Version:  - Free Software Group)
Free FLAC to MP3 Converter 1.0 (HKLM-x32\...\{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1) (Version:  - PolySoft Solutions)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Freemake Video Converter version 3.2.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation)
G-Force (HKLM-x32\...\G-Force) (Version: 3.9.1 - SoundSpectrum)
Google Chrome (HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.64.0 - HTC)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
[email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version:  - Lexmark International, Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mavis Beacon Teaches Typing Platinum 20 (HKLM-x32\...\{58F9D852-9443-4955-A1ED-12C9E0504DD0}) (Version: 20.00.0000 - Broderbund)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Morphyre (HKLM-x32\...\Morphyre) (Version:  - )
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MusicManager) (Version:  - Google, Inc.)
OpenSource Flash Video Splitter (remove only) (HKLM-x32\...\OpenSource Flash Video Splitter) (Version:  - )
Pale Moon 12.3 (x86 en-US) (HKLM-x32\...\Pale Moon 12.3 (x86 en-US)) (Version: 12.3 - Mozilla)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 18.1.2.176 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.2.179 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.2 - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RescuePRO™ 3.0 (HKLM-x32\...\RescuePRO-3.0) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)
Skype™ 7.10 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.10.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1136 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{76078303-BAA2-4FBF-BA13-D1065195E696}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.3.7 - Shark007)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-851422437-3431464140-778240321-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Karen McKinnis\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-851422437-3431464140-778240321-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Karen McKinnis\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
14-12-2015 00:00:02 Scheduled Checkpoint
14-12-2015 18:17:11 JRT Pre-Junkware Removal
16-12-2015 07:03:01 Windows Update
16-12-2015 16:41:17 Restore Point Created by FRST
19-12-2015 09:55:18 Windows Update
28-12-2015 13:47:57 Restore Point Created by FRST
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2013-01-21 10:59 - 00445399 ____N C:\windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15286 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {22810756-8480-4FAD-883D-FBEF5B2F72E7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {45E5DE3B-1195-4DAF-AEB3-564EBB627774} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000Core => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5F76E66B-A38B-4DAC-9C78-9C62DEE86E04} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-11-04] ()
Task: {8460CDA7-D46A-4B06-A882-8DB16D3D87D2} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-851422437-3431464140-778240321-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {8D7EA35B-5E4E-40A4-B24C-55C8B2F36AC2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-851422437-3431464140-778240321-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {903087C8-D0BF-41AF-9457-A109C1604081} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade
Task: {A30605F1-D46F-444D-AD26-4F0BB6392173} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\MatSvc\DataUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RetryDataUpload
Task: {AB9CC5FE-E1E6-43F2-96EC-185E4832D74C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-16] (Adobe Systems Incorporated)
Task: {AFE9D5E5-5568-4FC0-8970-F55299F84480} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo
Task: {B9FAF1D9-6D73-4D72-99EE-B341C16522C6} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ReportUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunUploadWinReports
Task: {BF13A229-932B-40A3-B3B9-33F915BED027} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.)
Task: {C005D3A0-ABEE-44D2-8D69-C9D9EE5618A8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C1C9B998-2022-4712-BCFB-085A924FD781} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000UA => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D749846B-79C4-45C8-BE37-F658B18A5CB8} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {D915A784-DDD7-422C-8C2C-0C0AAC59421D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {DACC143D-8033-41D2-A0E0-3B3BCF735835} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000Core.job => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000UA.job => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-09-01 20:17 - 2009-08-13 12:06 - 00177152 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2013-05-13 18:44 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-11-04 15:20 - 2015-11-04 15:20 - 00033088 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2009-07-23 19:54 - 2009-07-23 19:54 - 01024512 _____ () C:\windows\system32\lxdndrs64.dll
2009-05-14 13:47 - 2009-05-14 13:47 - 00025088 _____ () C:\windows\system32\lxdncaps64.dll
2007-10-02 14:51 - 2007-10-02 14:51 - 00054784 _____ () C:\windows\system32\lxdncnv464.dll
2015-07-14 15:35 - 2015-07-14 15:35 - 00030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2015-11-24 16:02 - 2015-11-24 16:02 - 00604288 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2015-07-14 15:36 - 2015-07-14 15:36 - 00059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2015-07-14 15:35 - 2015-07-14 15:35 - 00035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2015-07-14 15:36 - 2015-07-14 15:36 - 00079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2015-07-14 15:37 - 2015-07-14 15:37 - 00129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2015-07-14 15:39 - 2015-07-14 15:39 - 00223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00037720 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2015-11-04 15:19 - 2015-11-04 15:19 - 00039768 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00037728 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\europacasino.com -> www.europacasino.com
IE trusted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\microsoft.com -> hxxp://office.microsoft.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\europacasino.com -> www.europacasino.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/28/2015 04:34:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 20.12.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 428
 
Start Time: 01d141c828588db3
 
Termination Time: 31
 
Application Path: C:\Users\Karen McKinnis\Desktop\FRST64.exe
 
Report Id: 78f38a42-adbb-11e5-9e85-00266ca6737b
 
Error: (12/28/2015 01:47:56 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {291c0cfb-25b5-4566-85ab-b8631027bc1c}
 
Error: (12/27/2015 11:03:40 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0xC004F00E
.
 
Error: (12/27/2015 11:03:40 PM) (Source: MatSvc) (EventID: 3) (User: )
Description: The MATS service encountered a web service failure. hr=0x80072EFE
 
Error: (12/27/2015 09:18:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 47.0.2526.106 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e08
 
Start Time: 01d140bb096f31c6
 
Termination Time: 346
 
Application Path: C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe
 
Report Id: 6bc3d36b-acb5-11e5-a20d-00266ca6737b
 
Error: (12/27/2015 06:34:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SUPERAntiSpyware.exe version 6.0.0.1210 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 78
 
Start Time: 01d140aa7e6604e2
 
Termination Time: 16
 
Application Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
 
Report Id:
 
Error: (12/22/2015 04:40:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 17.12.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 101c
 
Start Time: 01d13d11ee18775e
 
Termination Time: 16
 
Application Path: C:\Users\Karen McKinnis\Desktop\FRST64.exe
 
Report Id: 42f80b8b-a905-11e5-9987-00266ca6737b
 
Error: (12/22/2015 03:36:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 17.12.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: d9c
 
Start Time: 01d13d0891a51cb2
 
Termination Time: 78
 
Application Path: C:\Users\Karen McKinnis\Desktop\FRST64.exe
 
Report Id: 53778c49-a8fc-11e5-9e9f-00266ca6737b
 
Error: (12/22/2015 03:12:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 17.12.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ad0
 
Start Time: 01d13d05af253cc7
 
Termination Time: 234
 
Application Path: C:\Users\Karen McKinnis\Desktop\FRST64.exe
 
Report Id: 1501c308-a8f9-11e5-845a-00266ca6737b
 
Error: (12/22/2015 03:10:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 17.12.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 11b0
 
Start Time: 01d13d0518560d1c
 
Termination Time: 172
 
Application Path: C:\Users\Karen McKinnis\Desktop\FRST64.exe
 
Report Id: b56d4c08-a8f8-11e5-845a-00266ca6737b
 
 
System errors:
=============
Error: (12/28/2015 04:38:09 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.3192.168.137.0255.255.255.0
 
Error: (12/28/2015 04:38:08 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (12/28/2015 01:55:59 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.3192.168.137.0255.255.255.0
 
Error: (12/28/2015 01:55:59 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (12/28/2015 01:43:21 PM) (Source: DCOM) (EventID: 10016) (User: KILGARRAH)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}KILGARRAHKaren McKinnisS-1-5-21-851422437-3431464140-778240321-1000LocalHost (Using LRPC)
 
Error: (12/28/2015 01:40:38 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (12/28/2015 12:40:36 PM) (Source: ipnathlp) (EventID: 31004) (User: )
Description: 0
 
Error: (12/28/2015 11:48:21 AM) (Source: DCOM) (EventID: 10016) (User: KILGARRAH)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}KILGARRAHKaren McKinnisS-1-5-21-851422437-3431464140-778240321-1000LocalHost (Using LRPC)
 
Error: (12/28/2015 11:42:16 AM) (Source: DCOM) (EventID: 10016) (User: KILGARRAH)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}KILGARRAHKaren McKinnisS-1-5-21-851422437-3431464140-778240321-1000LocalHost (Using LRPC)
 
Error: (12/28/2015 11:41:32 AM) (Source: DCOM) (EventID: 10016) (User: KILGARRAH)
Description: machine-defaultLocalActivation{9BA05972-F6A8-11CF-A442-00A0C90A8F39}{9BA05972-F6A8-11CF-A442-00A0C90A8F39}KILGARRAHKaren McKinnisS-1-5-21-851422437-3431464140-778240321-1000LocalHost (Using LRPC)
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 925 @ 2.30GHz
Percentage of memory in use: 43%
Total physical RAM: 2939.98 MB
Available physical RAM: 1666.78 MB
Total Virtual: 5878.16 MB
Available Virtual: 4365.5 MB
 
==================== Drives ================================
 
Drive c: (TI106034W0C) (Fixed) (Total:221.24 GB) (Free:147.65 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive i: (TOSHIBA HDD) (Fixed) (Total:931.28 GB) (Free:750.02 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 5FBA0294)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=221.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B86F9514)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)
 
==================== End of Addition.txt ============================
 
 
 
Users shortcut scan result (x64) Version:20-12-2015
Ran by Karen McKinnis (2015-12-28 16:43:42)
Running from C:\Users\Karen McKinnis\Desktop
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RescuePRO™\Language.lnk -> C:\Program Files (x86)\RescuePRO™\language.bat ()
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Free All-In-One Media Player.lnk -> C:\Program Files (x86)\FreeAllInOneMediaPlayer\FreeMediaPlayer.exe (Free Software Group)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Toshiba Book Place.lnk -> C:\Program Files (x86)\TOSHIBA\Toshiba Book Place\KNFB.Reader.exe (K-NFB Reading Technology)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Fix it Center.lnk -> C:\Program Files\Microsoft Fix it Center\FixitCenter.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk -> C:\Program Files (x86)\Pale Moon\palemoon.exe (Moonchild Productions)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger\Yahoo! Messenger.lnk -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Family Safety.lnk -> C:\Windows\Installer\{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}\fssicon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Toshiba Book Place.lnk -> C:\Program Files (x86)\TOSHIBA\Toshiba Book Place\KNFB.Reader.exe (K-NFB Reading Technology)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\TOSHIBA Bulletin Board.lnk -> C:\Program Files\TOSHIBA\BulletinBoard\TosBulletinBoard.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\TOSHIBA ReelTime.lnk -> C:\Program Files\TOSHIBA\ReelTime\TosReelTime.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Accessibility.lnk -> C:\Program Files\TOSHIBA\Utilities\TACSPROP.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\HDD SSD Alert Help.lnk -> C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\SSDAlert1.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\HDD SSD Alert.lnk -> C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSSDAlert.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\HWSetup.lnk -> C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\PC Diagnostic Tool.lnk -> C:\Program Files (x86)\TOSHIBA\PCDiag\PCDiag.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Restart Flash Cards.lnk -> C:\Program Files\TOSHIBA\FlashCards\TfcRst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Service Station.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Settings for Flash Cards.lnk -> C:\Program Files\TOSHIBA\FlashCards\TfcConf\TfcConf.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\TOSHIBA Assist.lnk -> C:\Program Files\TOSHIBA\Toshiba Assist\TInTouch.exe (TOSHIBA)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Zooming Utility Help.lnk -> C:\Program Files\TOSHIBA\SmoothView\SmoothView.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Zooming Utility.lnk -> C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\TOSHIBA Media Controller\TOSHIBA Media Controller Help.lnk -> C:\Program Files\TOSHIBA\Media Controller\Help\ToshibaMediaController.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\TOSHIBA Media Controller\TOSHIBA Media Controller Plug-in Help.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\Help\index.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\TOSHIBA Media Controller\TOSHIBA Media Controller.lnk -> C:\Program Files\TOSHIBA\Media Controller\MediaController.exe (Toshiba Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Multimedia\TOSHIBA Media Controller\TOSHIBA Media Controller Plug-in Help.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\Help\index.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\CD&DVD Applications\Disc Creator Help.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\CD&DVD Applications\Disc Creator.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\CD&DVD Applications\DVD-RAM Utility.lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\TosRamUtil.exe (TOSHIBA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeleTech\TeleTech WB ISA.lnk -> C:\Program Files (x86)\TeleTech\WBISA\ISA.exe (Teletech)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SweetPacks\Video Converter\Uninstall.lnk -> C:\Program Files (x86)\SweetPacks\VideoConverter\Uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SweetPacks\Video Converter\Video Converter.lnk -> C:\Program Files (x86)\SweetPacks\VideoConverter\VideoConverter.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk -> C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE (SUPERAdBlocker.com and SUPERAntiSpyware.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shark007 Codecs\Settings Application.lnk -> C:\Program Files (x86)\Win7codecs\Tools\Settings32.exe (Shark007)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RescuePRO™\RescuePRO.lnk -> C:\Program Files (x86)\RescuePRO™\RescuePRO.exe (LC Technology International, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealDownloader.lnk -> C:\Windows\Installer\{692AC224-5A8F-4F71-B539-5145190C0A60}\recordingmanager.exe (RealNetworks, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Converter.lnk -> C:\Program Files (x86)\Real\RealPlayer\realconverter.exe (RealNetworks, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer Trimmer.lnk -> C:\Program Files (x86)\Real\RealPlayer\realtrimmer.exe (RealNetworks, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\RichText.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\QTPlayer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO Help.lnk -> C:\Program Files (x86)\PowerISO\PowerISO.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO Virtual Drive Manager.lnk -> C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\PowerISO.lnk -> C:\Program Files (x86)\PowerISO\PowerISO.exe (PowerISO Computing, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO\Uninstall PowerISO.lnk -> C:\Program Files (x86)\PowerISO\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Uninstall.lnk -> C:\Program Files (x86)\Google\Picasa3\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Toshiba\Recovery Media Creator Help.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Recovery Media Creator\TrdcHelp.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Toshiba\Recovery Media Creator.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Recovery Media Creator\TRMCLcher.exe (Toshiba Information Equipment(Hangzhou)Co.,LTD)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Toshiba\Toshiba Application Installer.lnk -> C:\Program Files\TOSHIBA\TOSAPINS\Install.exe (Toshiba)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Toshiba\Toshiba Registration.lnk -> C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistration.exe (Toshiba America Information Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\My Toshiba\User's Guide.lnk -> C:\Program Files (x86)\TOSHIBA\Documentation\userguide.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Groove 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\GrooveIcon.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center\Microsoft Mouse and Keyboard Center.lnk -> c:\Windows\Installer\{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}\DeviceCenter.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Logitech Webcam Software.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\HelpMain\launchershortcut.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\EU Waste Electronics Information.LNK -> C:\Windows\System32\spool\drivers\x64\3\EU_Waste_Electronic_Information.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\Lexmark Productivity Studio.LNK -> C:\Program Files (x86)\Lexmark 2600 Series\app4r.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\Lexmark Service Center.LNK -> C:\Program Files (x86)\Lexmark 2600 Series\Diagnostics\lxdndgl.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\User's Guide.LNK -> C:\Program Files (x86)\Lexmark 2600 Series\lxdnuser.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\Tools\Uninstall Lexmark 2600 Series.LNK -> C:\Program Files\Lexmark 2600 Series\Install\x64\Uninst.exe ( )
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® Matrix Storage Manager\Intel® Matrix Storage Console.lnk -> C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Shell.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I-play Games\Chuzzle\Chuzzle.lnk -> C:\Program Files (x86)\I-play Games\Chuzzle\Launch.exe (Oberon Media Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I-play Games\Chuzzle\Uninstall.lnk -> C:\Program Files (x86)\I-play Games\Chuzzle\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC\HTC Sync Manager\HTC Sync Manager.lnk -> C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk -> C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\GDSMux.lnk -> C:\Program Files (x86)\Haali\MatroskaSplitter\gdsmux.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Uninstall.lnk -> C:\Program Files (x86)\Haali\MatroskaSplitter\uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G-Force\G-Force Documentation.lnk -> C:\Program Files (x86)\SoundSpectrum\G-Force\Documentation\index.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G-Force\G-Force Standalone.lnk -> C:\Program Files (x86)\SoundSpectrum\G-Force\G-Force Standalone.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G-Force\G-Force Toolbar.lnk -> C:\Program Files (x86)\SoundSpectrum\G-Force\G-Force Toolbar.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G-Force\G-Force V-Bar.lnk -> C:\Program Files (x86)\SoundSpectrum\G-Force\G-Force V-Bar.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake\Freemake Video Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Video Converter\FreemakeVideoConverter.exe (Freemake)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLAC to MP3 Converter\Free FLAC to MP3 Converter.lnk -> C:\Program Files (x86)\Free FLAC to MP3 Converter\FLACToMP3.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLAC to MP3 Converter\Uninstall Free FLAC to MP3 Converter.lnk -> C:\Program Files (x86)\Free FLAC to MP3 Converter\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack\Easy Audio Cutter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\AudioCutter.exe (Koyote Soft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack\Free CD Ripper.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\Free CD Ripper\FreeCDRipper.exe (Koyote Soft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack\Free Mp3 Wma Converter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe (Koyote Soft)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack\Uninstall Audiopack.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free All-In-One Media Player\Free All-In-One Media Player.lnk -> C:\Program Files (x86)\FreeAllInOneMediaPlayer\FreeMediaPlayer.exe (Free Software Group)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free All-In-One Media Player\Uninstall.lnk -> C:\Program Files (x86)\FreeAllInOneMediaPlayer\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel [email protected]\Corel [email protected] -> C:\Program Files (x86)\Corel\[email protected]\CDLabel.exe (Corel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broderbund\Mavis Beacon Teaches Typing Platinum 20\Mavis Beacon Teaches Typing Platinum 20.lnk -> C:\Program Files (x86)\Broderbund\Mavis Beacon Teaches Typing Platinum 20\MavisBeacon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broderbund\Mavis Beacon Teaches Typing Platinum 20\View Mavis Beacon Teaches Typing User Guide.lnk -> C:\Program Files (x86)\Broderbund\Mavis Beacon Teaches Typing Platinum 20\userguide.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broderbund\Mavis Beacon Teaches Typing Platinum 20\View Readme.lnk -> C:\Program Files (x86)\Broderbund\Mavis Beacon Teaches Typing Platinum 20\ReadMe.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Avira Antivirus Help.lnk -> C:\Program Files (x86)\Avira\Antivirus\57\avwin.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Avira on the Internet.lnk -> C:\Program Files (x86)\Avira\Antivirus\weblink.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Start Avira Antivirus.lnk -> C:\Program Files (x86)\Avira\Antivirus\avcenter.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{EB4E4065-963D-462D-9FA9-98D605F2F808}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\I-play Games\Chuzzle\Launch.exe (Oberon Media Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{D99F3D99-3DB5-4B76-A9B4-E8109ABDFDCA}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\MSN Games\Bricks of Atlantis\Launch.exe (Oberon Media)
Shortcut: C:\ProgramData\Microsoft\Windows\GameExplorer\{6065EF35-A74F-4B9A-AB9A-A27D2CBBC04B}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\MSN Games\Dynasty\Launch.exe (Oberon Media Inc.)
Shortcut: C:\Users\comp admin\Links\Desktop.lnk -> C:\Users\comp admin\Desktop ()
Shortcut: C:\Users\comp admin\Links\Downloads.lnk -> C:\Users\comp admin\Downloads ()
Shortcut: C:\Users\comp admin\Desktop\DIKO.lnk -> C:\Program Files (x86)\DIKO\DIKOGUI.exe (No File)
Shortcut: C:\Users\comp admin\Desktop\RescuePRO.lnk -> C:\Program Files (x86)\RescuePRO™\RescuePRO.exe (LC Technology International, Inc.)
Shortcut: C:\Users\comp admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\comp admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\comp admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\comp admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\comp admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\comp admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\comp admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\comp admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\comp admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\comp admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\Users\comp admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
Shortcut: C:\Users\comp admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\comp admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\comp admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TOSHIBA Bulletin Board.lnk -> C:\Program Files\TOSHIBA\BulletinBoard\TosBulletinBoard.exe (TOSHIBA Corporation)
Shortcut: C:\Users\comp admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TOSHIBA ReelTime.lnk -> C:\Program Files\TOSHIBA\ReelTime\TosReelTime.exe (TOSHIBA Corporation)
Shortcut: C:\Users\comp admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest.KarenMcKinnis\Links\Desktop.lnk -> C:\Users\Karen McKinnis\Desktop ()
Shortcut: C:\Users\Guest.KarenMcKinnis\Links\Downloads.lnk -> C:\Users\Karen McKinnis\Downloads ()
Shortcut: C:\Users\Guest.KarenMcKinnis\Desktop\RescuePRO.lnk -> C:\Program Files (x86)\RescuePRO™\RescuePRO.exe (LC Technology International, Inc.)
Shortcut: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
Shortcut: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TOSHIBA Bulletin Board.lnk -> C:\Program Files\TOSHIBA\BulletinBoard\TosBulletinBoard.exe (TOSHIBA Corporation)
Shortcut: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TOSHIBA ReelTime.lnk -> C:\Program Files\TOSHIBA\ReelTime\TosReelTime.exe (TOSHIBA Corporation)
Shortcut: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\Spyware, Virus Stuff\Avira Control Center.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (No File)
Shortcut: C:\Users\Karen McKinnis\Spyware, Virus Stuff\Avira Free Antivirus Profile Removable Drives.LNK -> C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (No File)
Shortcut: C:\Users\Karen McKinnis\Spyware, Virus Stuff\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Karen McKinnis\Spyware, Virus Stuff\HijackThis.lnk -> C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.)
Shortcut: C:\Users\Karen McKinnis\Spyware, Virus Stuff\Microsoft Fix it Center.lnk -> C:\Program Files\Microsoft Fix it Center\FixitCenter.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\Spyware, Virus Stuff\Spybot - Search & Destroy.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (No File)
Shortcut: C:\Users\Karen McKinnis\Spyware, Virus Stuff\SUPERAntiSpyware Free Edition.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
Shortcut: C:\Users\Karen McKinnis\Links\Desktop.lnk -> C:\Users\Karen McKinnis\Desktop ()
Shortcut: C:\Users\Karen McKinnis\Links\Downloads.lnk -> C:\Users\Karen McKinnis\Downloads ()
Shortcut: C:\Users\Karen McKinnis\Desktop\CD Drive - Shortcut.lnk -> D:\ (No File)
Shortcut: C:\Users\Karen McKinnis\Desktop\Chuzzle.lnk -> C:\Program Files (x86)\I-play Games\Chuzzle\Launch.exe (Oberon Media Inc.)
Shortcut: C:\Users\Karen McKinnis\Desktop\Local Disk (I) - Shortcut.lnk -> I:\ ()
Shortcut: C:\Users\Karen McKinnis\Desktop\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\Users\Karen McKinnis\Desktop\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\Desktop\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\Adobe Reader X.lnk -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (No File)
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\Easy Audio Cutter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\AudioCutter.exe (Koyote Soft)
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\Free All-In-One Media Player.lnk -> C:\Program Files (x86)\FreeAllInOneMediaPlayer\FreeMediaPlayer.exe (Free Software Group)
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\Free CD Ripper.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\Free CD Ripper\FreeCDRipper.exe (Koyote Soft)
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\Free Mp3 Wma Converter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe (Koyote Soft)
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\Google Chrome.lnk -> C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\HTC Sync Manager.lnk -> C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe ()
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\Mavis Beacon Teaches Typing Platinum 20.lnk -> C:\Program Files (x86)\Broderbund\Mavis Beacon Teaches Typing Platinum 20\MavisBeacon.exe ()
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\Pale Moon.lnk -> C:\Program Files (x86)\Pale Moon\palemoon.exe (Moonchild Productions)
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Inc.)
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\RescuePRO.lnk -> C:\Program Files (x86)\RescuePRO™\RescuePRO.exe (LC Technology International, Inc.)
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\Spotify.lnk -> C:\Users\Karen McKinnis\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\T-Mobile webConnect Manager.lnk -> C:\Program Files (x86)\T-Mobile\webConnect Manager\TMobileCM.exe (No File)
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\Video Converter.lnk -> C:\Program Files (x86)\SweetPacks\VideoConverter\VideoConverter.exe (No File)
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\Yahoo! Messenger.lnk -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free mp3 Wma Converter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe (Koyote Soft)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe (VS Revo Group Ltd.)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url ()
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager\Music Manager.lnk -> C:\Users\Karen McKinnis\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Morphyre Visualizer\Readme.lnk -> C:\Program Files (x86)\Morphyre\Readme.html ()
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Morphyre Visualizer\Uninstall.lnk -> C:\Program Files (x86)\Morphyre\uninstall.exe ()
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall\Uninstall Freemake Video Converter.lnk -> C:\Program Files (x86)\Freemake\Freemake Video Converter\Uninstall\unins000.exe ()
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Easy Audio Cutter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\Easy Audio Cutter\AudioCutter.exe (Koyote Soft)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free All-In-One Media Player.lnk -> C:\Program Files (x86)\FreeAllInOneMediaPlayer\FreeMediaPlayer.exe (Free Software Group)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free CD Ripper.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\Free CD Ripper\FreeCDRipper.exe (Koyote Soft)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Mp3 Wma Converter.lnk -> C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe (Koyote Soft)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk -> C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Lexmark Productivity Studio.LNK -> C:\Program Files (x86)\Lexmark 2600 Series\app4r.exe ()
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (2).lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox (3).lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Volume Mixer.lnk -> C:\Windows\System32\SndVol.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Task Manager.lnk -> C:\Windows\System32\taskmgr.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Karen McKinnis\AppData\Local\Microsoft\Windows\GameExplorer\{EB4E4065-963D-462D-9FA9-98D605F2F808}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\I-play Games\Chuzzle\Launch.exe (Oberon Media Inc.)
Shortcut: C:\Users\Karen McKinnis\AppData\Local\Microsoft\Windows\GameExplorer\{D99F3D99-3DB5-4B76-A9B4-E8109ABDFDCA}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\MSN Games\Bricks of Atlantis\Launch.exe (Oberon Media)
Shortcut: C:\Users\Karen McKinnis\AppData\Local\Microsoft\Windows\GameExplorer\{6065EF35-A74F-4B9A-AB9A-A27D2CBBC04B}\PlayTasks\0\Play.lnk -> C:\Program Files (x86)\MSN Games\Dynasty\Launch.exe (Oberon Media Inc.)
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\HTC Sync Manager.lnk -> C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe ()
Shortcut: C:\Users\Public\Desktop\Lexmark Productivity Studio - 2600 Series.LNK -> C:\Program Files (x86)\Lexmark 2600 Series\app4r.exe ()
Shortcut: C:\Users\Public\Desktop\Logitech Webcam Software  .lnk -> C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\HelpMain\launchershortcut.exe ()
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\QuickTime Player.lnk -> C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe (Apple Inc.)
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broderbund\Mavis Beacon Teaches Typing Platinum 20\Register Mavis Beacon Teaches Typing Platinum 20.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.broderbund.com/regonline/mavis20platinum
ShortcutWithArgument: C:\Users\Karen McKinnis\AppData\Roaming\Real\RealPlayer\History\RealTimes Daily Videos#channel-Popular#channel-Popular.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) ->  hxxp://videos.real.com/rp/web_videos?cd=home&CB=client&PT=FREE&OS=WinNT%206.1.7601&LP=en%2DUS&OC=R81R06&PV=18.1.2.175&PBR=10485800&LI=en&PN=RealPlayer&DC=T10ENUH10&DT=101215&u=257e99aa334b4d128cb8df6a2fa972f6#channel/Popular
ShortcutWithArgument: C:\Users\Karen McKinnis\AppData\Roaming\Real\RealPlayer\History\RealTimes Daily Videos.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) ->  hxxp://videos.real.com/rp/web_videos?cd=realguidehome&CB=client&PT=FREE&OS=WinNT%206.1.7601&LP=en%2DUS&OC=R81R06&PV=18.1.2.175&PBR=10485800&LI=en&PN=RealPlayer&DC=T10ENUH10&DT=101215&u=257e99aa334b4d128cb8df6a2fa972f6#channel/Popular
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Toshiba App Place.lnk -> C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe (Toshiba) -> /t:ProgramsMenuIcon
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA\Utilities\Flash Cards Help.lnk -> C:\Windows\hh.exe (Microsoft Corporation) -> "C:\Program Files\TOSHIBA\FlashCards\Help\TFC.chm"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware) ->  /register
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RescuePRO™\Uninstall RescuePRO™.lnk -> C:\Windows\iun507.exe (Indigo Rose Corporation) -> C:\Program Files (x86)\RescuePRO™\irunin.ini
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks\RealPlayer (RealTimes).lnk -> C:\program files (x86)\Real\realplayer\realplay.exe (RealNetworks, Inc.) -> /launch:start_menu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {111EE7DF-FC45-40C7-98A7-753AC46B12FB} /qf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Configure Picasa Photo Viewer.lnk -> C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe (Google Inc.) -> /reconfig
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\Lexmark Fast Pics.LNK -> C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.) -> -h204
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\Release Notes.LNK -> C:\Windows\System32\write.exe (Microsoft Corporation) -> C:\windows\system32\spool\DRIVERS\x64\3\lxdnrme.doc
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\Tools\Network Configuration.LNK -> C:\Windows\System32\spool\drivers\x64\3\lxdnpswx.exe () -> /M=Lexmark 2600 Series /T=317
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\Maintenance\Align Cartridges.LNK -> C:\Windows\System32\spool\drivers\x64\3\lxdnpswx.exe () -> /M=Lexmark 2600 Series /T=304
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\Maintenance\Clean Cartridges.LNK -> C:\Windows\System32\spool\drivers\x64\3\lxdnpswx.exe () -> /M=Lexmark 2600 Series /T=305
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\Maintenance\Install Cartridges.LNK -> C:\Windows\System32\spool\drivers\x64\3\lxdnpswx.exe () -> /M=Lexmark 2600 Series /T=318
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\Maintenance\Print A Test Page.LNK -> C:\Windows\System32\spool\drivers\x64\3\lxdnpswx.exe () -> /M=Lexmark 2600 Series /T=311
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 2600 Series\Customer Experience\Lexmark Connect.LNK -> C:\Windows\System32\spool\drivers\x64\3\lxdnpswx.exe () -> /M=Lexmark 2600 Series /T=653
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC\HTC Sync Manager\Uninstall HTC Sync Manager.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {231D0C79-98A6-4693-A366-36DE7D7346EC}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC\HTC Driver\Uninstall HTC Driver.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {4CEEE5D0-F905-4688-B9F9-ECC710507796}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Media Splitter Settings.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> splitter.ax,Configure
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Broderbund\Mavis Beacon Teaches Typing Platinum 20\Uninstall Mavis Beacon Teaches Typing Platinum 20.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {58F9D852-9443-4955-A1ED-12C9E0504DD0}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Launcher.lnk -> C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) -> /showMiniGui
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\comp admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\comp admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\comp admin\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Audio).lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:AD
ShortcutWithArgument: C:\Users\comp admin\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Data).lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:DD
ShortcutWithArgument: C:\Users\comp admin\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Image).lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:ITD
ShortcutWithArgument: C:\Users\comp admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Audio).lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:AD
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Data).lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:DD
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Image).lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:ITD
ShortcutWithArgument: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Audio).lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:AD
ShortcutWithArgument: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Data).lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:DD
ShortcutWithArgument: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Image).lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:ITD
ShortcutWithArgument: C:\Users\Guest.KarenMcKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Karen McKinnis\Desktop\cmd.exe.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) -> /c "echo off 
 clip"
ShortcutWithArgument: C:\Users\Karen McKinnis\Desktop\Free Antivirus Profile Scan for rootkits (2).LNK -> C:\Program Files (x86)\Avira\Antivirus\avscan.exe (Avira Operations GmbH & Co. KG) -> /CFG="C:\ProgramData\Avira\Antivirus\PROFILES\rootkit.avp"
ShortcutWithArgument: C:\Users\Karen McKinnis\Desktop\Shortcuts\RealPlayer.lnk -> C:\Program Files (x86)\Real\RealPlayer\realplay.exe (RealNetworks, Inc.) -> /launch:desktop
ShortcutWithArgument: C:\Users\Karen McKinnis\Desktop\Shortcuts\Toshiba Book Place.lnk -> C:\Program Files (x86)\TOSHIBA\Toshiba Book Place\KNFB.Reader.exe (K-NFB Reading Technology) -> -lt:DESKTOP
ShortcutWithArgument: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk -> C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe (VS Revo Group) -> -hunter
ShortcutWithArgument: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Audio).lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:AD
ShortcutWithArgument: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Data).lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:DD
ShortcutWithArgument: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\SendTo\TOSHIBA Disc Creator(Image).lnk -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe (TOSHIBA Corporation) -> /SendTo:ITD
ShortcutWithArgument: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) ->  /recycle
ShortcutWithArgument: C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5b34e98029c13269\Google Chrome.lnk -> C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Public\Desktop\Avira Launcher.lnk -> C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) -> /showMiniGui
ShortcutWithArgument: C:\Users\Public\Desktop\RealPlayer (RealTimes).lnk -> C:\program files (x86)\Real\realplayer\realplay.exe (RealNetworks, Inc.) -> /launch:desktop
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G-Force\SoundSpectrum Website.url -> hxxp://www.soundspectrum.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner
InternetURL: C:\Users\comp admin\Favorites\Bing.url -> hxxp://g.msn.com/1me10IE9ENUS/401
InternetURL: C:\Users\comp admin\Favorites\Discover Bing.url -> hxxp://g.msn.com/1me10IE9ENUS/402
InternetURL: C:\Users\comp admin\Favorites\MSN Websites\MSN Autos.url -> hxxp://g.msn.com/1me10IE9ENUS/405
InternetURL: C:\Users\comp admin\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://g.msn.com/1me10IE9ENUS/406
InternetURL: C:\Users\comp admin\Favorites\MSN Websites\MSN Lifestyle.url -> hxxp://g.msn.com/1me10IE9ENUS/407
InternetURL: C:\Users\comp admin\Favorites\MSN Websites\MSN Money.url -> hxxp://g.msn.com/1me10IE9ENUS/408
InternetURL: C:\Users\comp admin\Favorites\MSN Websites\MSN.url -> hxxp://g.msn.com/1me10IE9ENUS/403
InternetURL: C:\Users\comp admin\Favorites\MSN Websites\MSNBC News.url -> hxxp://g.msn.com/1me10IE9ENUS/404
InternetURL: C:\Users\comp admin\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://g.msn.com/1me10IE9ENUS/409
InternetURL: C:\Users\comp admin\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://g.msn.com/1me10IE9ENUS/410
InternetURL: C:\Users\comp admin\Favorites\Microsoft Websites\Microsoft Showcase.url -> hxxp://g.msn.com/1me10IE9ENUS/413
InternetURL: C:\Users\comp admin\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://g.msn.com/1me10IE9ENUS/411
InternetURL: C:\Users\comp admin\Favorites\Microsoft Websites\Microsoft.com.url -> hxxp://g.msn.com/1me10IE9ENUS/412
InternetURL: C:\Users\comp admin\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\comp admin\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\comp admin\Favorites\Links\Suggested Sites.url -> hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\comp admin\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Guest.KarenMcKinnis\Favorites\Bing.url -> hxxp://g.msn.com/1me10IE9ENUS/401
InternetURL: C:\Users\Guest.KarenMcKinnis\Favorites\Discover Bing.url -> hxxp://g.msn.com/1me10IE9ENUS/402
InternetURL: C:\Users\Guest.KarenMcKinnis\Favorites\MSN Websites\MSN Autos.url -> hxxp://g.msn.com/1me10IE9ENUS/405
InternetURL: C:\Users\Guest.KarenMcKinnis\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://g.msn.com/1me10IE9ENUS/406
InternetURL: C:\Users\Guest.KarenMcKinnis\Favorites\MSN Websites\MSN Lifestyle.url -> hxxp://g.msn.com/1me10IE9ENUS/407
InternetURL: C:\Users\Guest.KarenMcKinnis\Favorites\MSN Websites\MSN Money.url -> hxxp://g.msn.com/1me10IE9ENUS/408
InternetURL: C:\Users\Guest.KarenMcKinnis\Favorites\MSN Websites\MSN.url -> hxxp://g.msn.com/1me10IE9ENUS/403
InternetURL: C:\Users\Guest.KarenMcKinnis\Favorites\MSN Websites\MSNBC News.url -> hxxp://g.msn.com/1me10IE9ENUS/404
InternetURL: C:\Users\Guest.KarenMcKinnis\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://g.msn.com/1me10IE9ENUS/409
InternetURL: C:\Users\Guest.KarenMcKinnis\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://g.msn.com/1me10IE9ENUS/410
InternetURL: C:\Users\Guest.KarenMcKinnis\Favorites\Microsoft Websites\Microsoft Showcase.url -> hxxp://g.msn.com/1me10IE9ENUS/413
InternetURL: C:\Users\Guest.KarenMcKinnis\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://g.msn.com/1me10IE9ENUS/411
InternetURL: C:\Users\Guest.KarenMcKinnis\Favorites\Microsoft Websites\Microsoft.com.url -> hxxp://g.msn.com/1me10IE9ENUS/412
InternetURL: C:\Users\Guest.KarenMcKinnis\Favorites\Links for United States\GobiernoUSA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\Guest.KarenMcKinnis\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\Guest.KarenMcKinnis\Favorites\Links\Customize Links.url -> hxxp://go.microsoft.com/fwlink/?LinkId=53540
InternetURL: C:\Users\Guest.KarenMcKinnis\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Karen McKinnis\Favorites\KidZui, The Internet for Kids.url -> hxxp://www.kidzui.com/toshiba
InternetURL: C:\Users\Karen McKinnis\Favorites\WildTangent Games\WildTangent Games.url -> hxxp://toshiba.wildgames.com/?mc=iefav&dp=toshibaus
InternetURL: C:\Users\Karen McKinnis\Favorites\Toshiba\Deals and Offers.url -> hxxp://us.toshiba.com/adps/deals-and-offers
InternetURL: C:\Users\Karen McKinnis\Favorites\Toshiba\Explore Toshiba.url -> hxxp://us.toshiba.com/
InternetURL: C:\Users\Karen McKinnis\Favorites\Toshiba\Find Us on Twitter, Facebook, and YouTube.url -> hxxp://us.toshiba.com/social-media
InternetURL: C:\Users\Karen McKinnis\Favorites\Toshiba\Shop Toshiba.url -> hxxp://www.toshibadirect.com/
InternetURL: C:\Users\Karen McKinnis\Favorites\Toshiba\Toshiba App Place.url -> hxxp://apps.toshiba.com/
InternetURL: C:\Users\Karen McKinnis\Favorites\Toshiba\Toshiba Book Place.url -> hxxp://www.toshibabookplace.com/
InternetURL: C:\Users\Karen McKinnis\Favorites\Toshiba\Toshiba Corporate Social Responsibility.url -> hxxp://us.toshiba.com/green
InternetURL: C:\Users\Karen McKinnis\Favorites\Toshiba\Toshiba Laptop Forums.url -> hxxp://laptopforums.toshiba.com/
InternetURL: C:\Users\Karen McKinnis\Favorites\Toshiba\Toshiba Online Backup.url -> hxxp://us.toshiba.com/online-backup
InternetURL: C:\Users\Karen McKinnis\Favorites\Toshiba\Toshiba Product Registration.url -> hxxp://toshibaproductregistration.com/
InternetURL: C:\Users\Karen McKinnis\Favorites\Toshiba\Toshiba Support.url -> hxxp://pcsupport.toshiba.com/
InternetURL: C:\Users\Karen McKinnis\Favorites\Skype\Skype.url -> hxxp://www.skype.com/go/ToshibaTAIS
InternetURL: C:\Users\Karen McKinnis\Favorites\Norton Internet Security\Symantec Security Center.url -> hxxp://www.yoursecurityresource.com/exploretoshiba/home.html
InternetURL: C:\Users\Karen McKinnis\Favorites\Links\(99) Facebook.url -> hxxps://www.facebook.com/
InternetURL: C:\Users\Karen McKinnis\Favorites\Links\I think my computer is infected - Page 2 - Virus, Spyware, Malware Removal.url -> hxxp://www.geekstogo.com/forum/topic/357938-i-think-my-computer-is-infected/page-2
InternetURL: C:\Users\Karen McKinnis\Favorites\Links\Netflix.url -> hxxp://www.netflix.com/title/70153413
InternetURL: C:\Users\Karen McKinnis\Favorites\Links\Stay Secure Online.url -> hxxp://www.yoursecurityresource.com/exploretoshiba/home.html#LatestFeature
InternetURL: C:\Users\Karen McKinnis\Favorites\Links\Suggested Sites.url -> hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Karen McKinnis\Favorites\Links\Toshiba App Place.url -> hxxp://apps.toshiba.com/ie8webslice
InternetURL: C:\Users\Karen McKinnis\Favorites\Links\WildTangent Games.url -> hxxp://toshiba.wildgames.com/#ie8WebSlice
InternetURL: C:\Users\Karen McKinnis\Favorites\eMusic\eMusic.url -> hxxp://www.emusic.com/Toshiba
InternetURL: C:\Users\Karen McKinnis\Favorites\Amazon.com\Amazon MP3 – Millions of Music Downloads.url -> hxxp://www.amazon.com/b/?node=163856011&tag=tais2-bookmark-mp3-20
InternetURL: C:\Users\Karen McKinnis\Favorites\Amazon.com\Amazon Video On Demand Movies & TV.url -> hxxp://www.amazon.com/b/?node=16261631&tag=tais2-bookmark-vod-20
InternetURL: C:\Users\Karen McKinnis\Favorites\Amazon.com\Shop at Amazon.com.url -> hxxp://www.amazon.com/?tag=tais2-desktop-20
InternetURL: C:\Users\Karen McKinnis\Desktop\Shortcuts\93.3 KDKB KDKB ROCKS ARIZONA.URL -> hxxp://kdkb.com/
InternetURL: C:\Users\Karen McKinnis\Desktop\Shortcuts\Durango Web Cam Shots.URL -> hxxp://www.cheavens.com/purg/index.htm
InternetURL: C:\Users\Karen McKinnis\Desktop\Shortcuts\Kalyn's Kitchen World's Best Tzatziki Sauce Recipe - Greek Yogurt and Cucumber Sauce.URL -> hxxp://www.kalynskitchen.com/2007/07/worlds-best-tzatziki-sauce-recipe-greek.html
InternetURL: C:\Users\Karen McKinnis\Desktop\Shortcuts\The Big Red Radio.URL -> hxxp://98kupd.com/
InternetURL: C:\Users\Karen McKinnis\AppData\Local\Google\Toolbar\9BFB3AF3-2CCF-43EA-9173-21DC05477FD2.url -> 0
 
==================== End of Shortcut.txt =============================
 

  • 0

#23
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi McKinnik

Ok. Let's try a few more things. :)

Step1 - FRST fix


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   1.92KB   64 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix.JPG
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.


    Step2 - Trouble shoot Internet Explorer

    Start Internet Explorer without add ons


    To enable add ons.

    Tap or click the Tools button f2d3a394-a4c3-4747-989e-cf3f6b782b2f_43., then tap or click Manage add-ons.
    Under Show, tap or click All add-ons.
    Tap or click the add-on, tap or click Enable, then tap or click Close.

    Repeat the above steps for each addon. If the browser becomes unresponsive after enabling the add on please disable it again and move on to the next one.


    Step3 - Reinstall Chrome


    1. If you have bookmarks, let's save them by exporting them - Export Bookmarks
    2. Then I need you to go Google Sync and sign into your account
    3. Scroll down until you see the "Stop and Clear" button and click on the button. At the prompt click on "Ok"
    4. Now we need to uninstall chrome.
    5. Close all Chrome windows and tabs.
    6. Go to the Start menu > Control Panel.
    7. Click Uninstall a Program or Programmes and Features
    8. Double-click Google Chrome.
    9. Click Uninstall from the confirmation dialogue. Select the "Also delete your browsing data" tick box.
    10. Restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome
    11. Import your bookmarks back into Chrome
    12. Sign back in to your Chrome browser so that your bookmarks sync with your online account.


    Step4 - reinstall Firefox
  • To uninstall Firefox follow the steps in this guide.
  • If you wish to reinstall FireFox then download the latest version from Mozilla.org


    Things for your next post:
  • fixlog.txt
  • Any issues with Internet Explorer Add ons and how is the browser running?
  • Any issues with Chrome and Firefox after the reinstall?

  • 0

#24
mckinnik

mckinnik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

So ... as usual I have run into a snag. I was able to complete step #1 with no problems (hooray) and the fixlog.text will be in the bottom of this note. However I ran into a problem with the Chrome uninstall. I was able to export my bookmarks just fine and I want to thank you for teaching me that because it's something I never knew how to do. The problem came when I went to Google sync. I was surprised to see 555 bookmark items and 73 open tab items but the problem I'm having is that there doesn't seem to be the "stop and clear" button you told me to click. All I have is a reset sync button. I suspect all the bookmarks and open tabs come from my Android phone which I was syncing to my google account. I tried clearing all the data from all my google apps on my phone and uninstalled all of them, then did a restart on my computer and went back to Google sync ... nothing had changed and still no "stop and clear" button. :headscratch: I copied that information (sorry I can't remember how to do a screenshot on this laptop) and am pasting it below the the fixlog.text in case you want to take a look at it too. I won't do any of the browser uninstalls until I hear back from you on this issue. Thank you for the time you are having to spend on me and my computer and again I thank you for all the things I am learning to do.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Karen McKinnis (2015-12-29 21:59:07) Run:5
Running from C:\Users\Karen McKinnis\Desktop
Loaded Profiles: Karen McKinnis (Available Profiles: Karen McKinnis & comp admin & Guest)
Boot Mode: Normal
==============================================

fixlist content:
*****************
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> {295C8D1A-956E-45FF-BF82-4C7D5D969816} URL =
Task: C:\windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SweetPacks\Video Converter\Uninstall.lnk -> C:\Program Files (x86)\SweetPacks\VideoConverter\Uninstall.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SweetPacks\Video Converter\Video Converter.lnk -> C:\Program Files (x86)\SweetPacks\VideoConverter\VideoConverter.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\GDSMux.lnk -> C:\Program Files (x86)\Haali\MatroskaSplitter\gdsmux.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Uninstall.lnk -> C:\Program Files (x86)\Haali\MatroskaSplitter\uninstall.exe (No File)
Shortcut: C:\Users\comp admin\Desktop\DIKO.lnk -> C:\Program Files (x86)\DIKO\DIKOGUI.exe (No File)
Shortcut: C:\Users\Karen McKinnis\Spyware, Virus Stuff\Avira Control Center.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (No File)
Shortcut: C:\Users\Karen McKinnis\Spyware, Virus Stuff\Avira Free Antivirus Profile Removable Drives.LNK -> C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (No File)
Shortcut: C:\Users\Karen McKinnis\Spyware, Virus Stuff\Spybot - Search & Destroy.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (No File)
Shortcut: C:\Users\Karen McKinnis\Desktop\CD Drive - Shortcut.lnk -> D:\ (No File)
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\T-Mobile webConnect Manager.lnk -> C:\Program Files (x86)\T-Mobile\webConnect Manager\TMobileCM.exe (No File)
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\Video Converter.lnk -> C:\Program Files (x86)\SweetPacks\VideoConverter\VideoConverter.exe (No File)
EmptyTemp:

*****************

"HKU\S-1-5-21-851422437-3431464140-778240321-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{295C8D1A-956E-45FF-BF82-4C7D5D969816}" => key removed successfully
HKCR\CLSID\{295C8D1A-956E-45FF-BF82-4C7D5D969816} => key not found.
C:\windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => moved successfully
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SweetPacks\Video Converter\Uninstall.lnk -> C:\Program Files (x86)\SweetPacks\VideoConverter\Uninstall.exe (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SweetPacks\Video Converter\Video Converter.lnk -> C:\Program Files (x86)\SweetPacks\VideoConverter\VideoConverter.exe (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\GDSMux.lnk -> C:\Program Files (x86)\Haali\MatroskaSplitter\gdsmux.exe (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter\Uninstall.lnk -> C:\Program Files (x86)\Haali\MatroskaSplitter\uninstall.exe (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\comp admin\Desktop\DIKO.lnk -> C:\Program Files (x86)\DIKO\DIKOGUI.exe (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Karen McKinnis\Spyware, Virus Stuff\Avira Control Center.lnk -> C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Karen McKinnis\Spyware, Virus Stuff\Avira Free Antivirus Profile Removable Drives.LNK -> C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Karen McKinnis\Spyware, Virus Stuff\Spybot - Search & Destroy.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Karen McKinnis\Desktop\CD Drive - Shortcut.lnk -> D:\ (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\T-Mobile webConnect Manager.lnk -> C:\Program Files (x86)\T-Mobile\webConnect Manager\TMobileCM.exe (No File) => Error: No automatic fix found for this entry.
Shortcut: C:\Users\Karen McKinnis\Desktop\Shortcuts\Video Converter.lnk -> C:\Program Files (x86)\SweetPacks\VideoConverter\VideoConverter.exe (No File) => Error: No automatic fix found for this entry.
EmptyTemp: => 125.9 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 21:59:33 ====

 

 

 

Chrome Sync
Chrome Sync can save your bookmarks, history, passwords, and other settings securely to your Google Account and allow you to access them from Chrome on any device.
The counts below represent all stored items, including those not visible in Chrome.
Apps
6Items
Extensions
3Items
Settings
81Items
Autofill
72Items
Omnibox History
0Items
Themes
1Item
Bookmarks
555Items
Passwords
Encrypted
103Items
Open Tabs
73Items
Having trouble with sync or your passphrase?
Reset sync to clear your data from the server and reset your passphrase. This will not clear data from your devices. Sign back in to Chrome to start syncing.
Last time synced on Tuesday, December 29, 2015 at 9:02:29 PM UTC-7


  • 0

#25
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi Mckinnik
 

I was able to export my bookmarks just fine and I want to thank you for teaching me that because it's something I never knew how to do.


Delighted I could help. :)

Alas I think my instructions to stop the google sync were a bit unclear and I apologise for that. You are corect with the reset sync button!

If you want to stop your Google account from syncing to Chrome altogether, or need to reset sync, you can "stop and clear" your synced data.

To stop and clear your synced data or reset a sync passphrase, follow these steps:
  • Open your Google Dashboard. Make sure that you are signed in to your Google account.
  • Click Reset sync to stop syncing and clear all of your synced data.
  • Click OK.

    Once you have done this proceed with the uninstall and then reinstall Chrome and the other instructions from my previous post.

    Thanks

  • 0

Advertisements


#26
mckinnik

mckinnik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Bruce1270 ... Happy New Year ... my bad on misunderstanding. I'm kind of paranoid about making a mistake. Whenever you give me instructions I do several "dry runs" without finalizing just so I make sure I understand. I probably should have got this one but I've been distracted. That's the purpose of this note ... I know I need to complete the tasks within a time frame but I found out yesterday that I must send my elderly dog to the Rainbow Bridge with in the next few days. That has made it impossible to concentrate. I ask that you please bare with me for a bit. Thanks and again ... Have a happy and productive new year. By the way ... do you ever sleep? I've noticed that you post replies at very early morning times. Best regards ... Karen McKinnis aka mckinnik


  • 0

#27
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts
Hi McKinnik

Happy new year to you too,

You take what ever time you need. I totally understand and will be ready when you are. :)
  • 0

#28
mckinnik

mckinnik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Bruce1270 ... sorry it's taken me so long to get back to you. I had my little dog put down last Tuesday and it's taken me this long to get to the point where I felt like doing anything. Those furkids certainly leave a hole in your heart when you have to say goodbye to them.

 

The fixlog.txt you need are in the email I sent you on December 29th. I completed all the other steps that you requested today. I did the trouble shoot on Internet Explorer and re-installed Chrome and Firefox. I'm afraid that the results are not so good. Internet Explorer is still very frustrating to use as every page takes so long to load and I'm afraid that Chrome is not much better now, agonizingly slow. Firefox has improved some but it too is slow to load pages and completely stops responding and I have to either close it out and start over or wait several minutes for it to respond. I also keep getting notices that a script on the page has stopped running and I don't even know what that means. On the up side I am now able to watch video's on facebook and youtube with all three browsers, once I can get the page to load.I haven't even tried to play any of my facebook games. Also, since I deleted Chrome and re-installed I'm having problems accessing other programs on my computer such as task manager, Microsoft office and control panel.Shutting down the computer or restarting seems to take a very long time too.It's starting to get me a bit worried as to what the heck is on here and will we be be able to resolve the problem. Anyway, thanks for your patience and I'll be waiting for the next steps.


  • 0

#29
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,603 posts

Hi McKinnik

Welcome back. I am so sorry to hear your sad news. They are very much part of your family and you become attached to them.

Thanks for the update on what the issues still are. As it's been a few days I would like a new set of FRST logs to go over as well.


[*]Please run Farbars Recovery Scan Tool again.  Run FRST by right clicking on it and selecting Run as Administrator. Allow it to update if it wants to.
[*]Please tick the Addition.txt box under Optional Scan.
[*]Press Scan button.
[*]It will make logs FRST.txt & Addition.txt in the same directory the tool is run.
[*]Please copy and paste the FRST.txt and Addition.txt to your reply.

Thanks.


  • 0

#30
mckinnik

mckinnik

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Here are the FRST logs you requested

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
Ran by Karen McKinnis (administrator) on KILGARRAH (12-01-2016 06:59:15)
Running from C:\Users\Karen McKinnis\Desktop
Loaded Profiles: Karen McKinnis (Available Profiles: Karen McKinnis & comp admin & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
( ) C:\Windows\System32\lxdncoms.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Fix it Center\Matsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [521272 2010-03-22] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66320 2015-11-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [803200 2015-12-01] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\igfxcui: 
HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\Run: [Google Update] => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-29] (Google Inc.)
HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\windows\system32\G-Force.scr [283648 2009-03-18] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{1BC4ED45-0C56-4A2E-8C6A-6B107EBFF8B8}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{9BD772A9-DC8C-4DD4-9C84-400D91785FB4}: [DhcpNameServer] 192.168.42.129
 
Internet Explorer:
==================
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com/g/
SearchScopes: HKLM -> DefaultScope {295C8D1A-956E-45FF-BF82-4C7D5D969816} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {295C8D1A-956E-45FF-BF82-4C7D5D969816} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {FF4F0CAD-67E0-4E27-864A-EB3D9C1379D3} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {FF4F0CAD-67E0-4E27-864A-EB3D9C1379D3} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> DefaultScope {FE11B435-125E-42BF-B030-A6DF941B2B48} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS421
SearchScopes: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> {FE11B435-125E-42BF-B030-A6DF941B2B48} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS421
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-05-09] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [2012-03-08] (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-05-14] (Skype Technologies S.A.)
BHO-x32: AviraBrowserSafety.BrowserSafety -> {c3c77255-42c0-499f-b664-6e981a0b1647} -> C:\windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-05-09] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKU\S-1-5-21-851422437-3431464140-778240321-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: abs - {E00957BD-D0E1-4eb9-A025-7743FDC8B27B} - C:\windows\SysWOW64\mscoree.dll [2010-11-04] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Firefox\Profiles\59le680l.default-1450624724047
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-30] ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 -> C:\windows\system32\npDeployJava1.dll [2013-09-27] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-30] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1211151.dll [2014-04-14] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-05-09] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-05-09] (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll [2015-12-10] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll [2015-12-10] (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: @nds.com/PlayerPlugin -> C:\Users\Karen McKinnis\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2013-06-25] (DIRECTV)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Karen McKinnis\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Karen McKinnis\AppData\Local\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-851422437-3431464140-778240321-1000: NDS.com/PlayerPlugin -> C:\Users\Karen McKinnis\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2013-06-25] (DIRECTV)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-04-26] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-04-26] (Apple Inc.)
FF Extension: Play Pickle TextLinks - C:\Users\Karen McKinnis\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] [2011-08-08] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-01-07] [not signed]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-01-07] [not signed]
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://safesearch.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://safesearch.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-12]
CHR Extension: (Google Drive) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-12]
CHR Extension: (YouTube) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-12]
CHR Extension: (Google Search) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-12]
CHR Extension: (Google Docs Offline) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-12]
CHR Extension: (Skype) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-12]
CHR Extension: (Gmail) - C:\Users\Karen McKinnis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-12]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-22] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [948392 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [466408 2015-12-01] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1418560 2015-12-01] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [249624 2015-11-23] (Avira Operations GmbH & Co. KG)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2012-09-07] (Freemake) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2014-06-27] (Nero AG)
R2 lxdn_device; C:\windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 lxdn_device; C:\windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )
R3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] ()
R2 RealTimes Desktop Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1095976 2015-12-10] (RealNetworks, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162072 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [140448 2015-12-01] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-07-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [75472 2015-12-01] (Avira Operations GmbH & Co. KG)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-08-29] (Windows ® Win 7 DDK provider)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-09] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S3 ZTEusbgps; C:\Windows\System32\DRIVERS\ZTEusbgps.sys [123520 2010-12-08] (ZTE Incorporated) [File not signed]
S3 ZTEusbwwan; C:\Windows\System32\DRIVERS\ZTEusbwwan.sys [235008 2011-04-09] (ZTE Incorporated) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-12 01:12 - 2016-01-12 01:12 - 00002266 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-12 01:12 - 2016-01-12 01:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-12 01:09 - 2016-01-12 07:15 - 00000914 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-12 01:09 - 2016-01-12 06:42 - 00000910 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-12 01:09 - 2016-01-12 01:09 - 00003910 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-12 01:09 - 2016-01-12 01:09 - 00003658 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-11 21:51 - 2016-01-11 21:51 - 00001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-01-11 21:51 - 2016-01-11 21:51 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-01-11 21:36 - 2016-01-11 21:38 - 00248480 _____ C:\Users\Karen McKinnis\Downloads\Firefox Setup Stub 43.0.4.exe
2016-01-11 17:12 - 2016-01-11 17:12 - 00927824 _____ (Google Inc.) C:\Users\Karen McKinnis\Downloads\ChromeSetup.exe
2016-01-07 08:32 - 2016-01-11 21:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-31 08:36 - 2015-12-31 08:36 - 00000224 _____ C:\Users\Karen McKinnis\Desktop\links to reinstate browsers.txt
2015-12-29 20:02 - 2015-12-29 20:02 - 00222982 _____ C:\Users\Karen McKinnis\Documents\bookmarks_12_29_15.html
2015-12-28 20:36 - 2015-12-28 20:36 - 00000051 _____ C:\Users\Karen McKinnis\Desktop\MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos.url
2015-12-28 16:43 - 2015-12-28 16:43 - 00074484 _____ C:\Users\Karen McKinnis\Desktop\Shortcut.txt
2015-12-22 19:08 - 2015-12-22 19:08 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Local\CrashRpt
2015-12-20 09:51 - 2015-12-20 09:51 - 00001275 _____ C:\Users\Karen McKinnis\Desktop\Revo Uninstaller.lnk
2015-12-20 09:51 - 2015-12-20 09:51 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2015-12-20 09:51 - 2015-12-20 09:51 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-12-20 09:46 - 2015-12-20 09:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Karen McKinnis\Desktop\revosetup.exe
2015-12-18 17:42 - 2015-12-18 17:42 - 00001517 _____ C:\Users\Karen McKinnis\Desktop\MBAM2.txt
2015-12-18 17:41 - 2015-12-18 17:41 - 00001517 _____ C:\MBAM2.txt
2015-12-18 17:38 - 2015-12-18 17:38 - 00001084 _____ C:\Users\Karen McKinnis\Desktop\MBAM.txt
2015-12-18 17:36 - 2015-12-18 17:36 - 00001060 _____ C:\MBAM.txt
2015-12-17 12:58 - 2015-12-17 12:58 - 00001092 _____ C:\Users\Karen McKinnis\Desktop\Malware scan.txt
2015-12-16 19:36 - 2015-12-18 17:43 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-16 19:35 - 2015-12-16 19:35 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-16 19:35 - 2015-12-16 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-16 19:35 - 2015-12-16 19:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-16 19:35 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-12-16 19:35 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-12-16 19:35 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-12-16 19:22 - 2015-12-16 19:24 - 22908888 _____ (Malwarebytes ) C:\Users\Karen McKinnis\Desktop\mbam-setup-majorgeeks-2.2.0.1024 (1).exe
2015-12-16 18:56 - 2015-12-16 18:56 - 00007430 _____ C:\Users\Karen McKinnis\Desktop\AdwCleaner[C1].txt
2015-12-16 16:39 - 2015-12-22 17:02 - 00000000 ____D C:\Users\Karen McKinnis\Desktop\FRST-OlderVersion
2015-12-16 14:51 - 2015-12-16 15:02 - 22908888 _____ (Malwarebytes ) C:\Users\Karen McKinnis\Desktop\mbam-setup-majorgeeks-2.2.0.1024.exe
2015-12-14 19:30 - 2015-12-14 19:30 - 00007737 _____ C:\Users\Karen McKinnis\Desktop\AdwCleaner[S1].txt
2015-12-14 18:39 - 2015-12-16 18:46 - 00000000 ____D C:\AdwCleaner
2015-12-14 18:33 - 2015-12-14 18:36 - 01740288 _____ C:\Users\Karen McKinnis\Desktop\AdwCleaner.exe
2015-12-14 18:22 - 2015-12-14 18:22 - 00051038 _____ C:\Users\Karen McKinnis\Desktop\JRT.txt
2015-12-14 18:06 - 2015-12-14 18:06 - 01599336 _____ (Malwarebytes) C:\Users\Karen McKinnis\Desktop\JRT.exe
2015-12-14 09:05 - 2015-12-29 21:59 - 00005031 _____ C:\Users\Karen McKinnis\Desktop\Fixlog.txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-12 07:06 - 2015-06-29 05:35 - 00000944 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000UA.job
2016-01-12 07:02 - 2015-12-12 13:07 - 00021743 _____ C:\Users\Karen McKinnis\Desktop\FRST.txt
2016-01-12 06:59 - 2015-12-12 13:06 - 00000000 ____D C:\FRST
2016-01-12 06:48 - 2009-07-13 21:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-12 06:48 - 2009-07-13 21:45 - 00018736 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-12 06:47 - 2015-01-31 13:16 - 00003966 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{844D8B97-4D15-4F29-99E6-DEE9E1BC4065}
2016-01-12 06:42 - 2013-05-13 18:45 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Local\HTC MediaHub
2016-01-12 06:41 - 2011-12-16 10:45 - 00000435 _____ C:\windows\system32\Drivers\etc\hosts.ics
2016-01-12 06:39 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-01-12 01:17 - 2014-09-22 18:52 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-01-12 01:12 - 2011-03-01 12:05 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Local\Google
2016-01-12 01:11 - 2010-10-15 10:41 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-12 00:10 - 2010-10-15 10:41 - 00000000 ____D C:\Program Files\Google
2016-01-11 23:52 - 2011-03-01 15:41 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Roaming\Mozilla
2016-01-11 22:19 - 2011-03-12 16:33 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Local\CrashDumps
2016-01-11 21:51 - 2015-03-01 19:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-11 19:22 - 2011-03-01 15:23 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-01-11 19:22 - 2011-03-01 15:23 - 00000000 ____D C:\ProgramData\Skype
2016-01-11 19:11 - 2011-03-01 15:23 - 00000000 ____D C:\Users\Karen McKinnis\AppData\Roaming\Skype
2016-01-11 19:07 - 2009-07-13 22:13 - 00782510 _____ C:\windows\system32\PerfStringBackup.INI
2016-01-11 19:07 - 2009-07-13 20:20 - 00000000 ____D C:\windows\inf
2016-01-11 19:05 - 2015-06-29 05:35 - 00000892 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000Core.job
2016-01-07 16:40 - 2011-03-02 16:34 - 00000000 ____D C:\ProgramData\TEMP
2016-01-02 09:19 - 2014-09-22 18:52 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-01-02 09:19 - 2012-06-18 10:48 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 09:19 - 2012-06-18 10:48 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-31 08:32 - 2011-09-01 11:09 - 00000000 ____D C:\ProgramData\lx_Cats
2015-12-30 06:35 - 2011-03-01 20:30 - 00007654 _____ C:\Users\Karen McKinnis\AppData\Local\Resmon.ResmonCfg
2015-12-28 16:43 - 2015-12-12 13:08 - 00034150 _____ C:\Users\Karen McKinnis\Desktop\Addition.txt
2015-12-28 16:42 - 2009-07-13 20:20 - 00000000 ____D C:\Windows
2015-12-28 16:36 - 2009-07-13 22:08 - 00032556 _____ C:\windows\Tasks\SCHEDLGU.TXT
2015-12-22 17:02 - 2015-12-12 13:04 - 02370560 _____ (Farbar) C:\Users\Karen McKinnis\Desktop\FRST64.exe
2015-12-20 08:18 - 2014-04-07 16:31 - 00000000 ____D C:\Users\Karen McKinnis\Desktop\Old Firefox Data
2015-12-18 11:24 - 2015-07-18 08:58 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-18 10:21 - 2015-11-10 09:50 - 00001145 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-12-18 10:21 - 2015-08-17 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-12-16 21:57 - 2009-07-13 20:20 - 00000000 ____D C:\windows\Web
2015-12-16 21:44 - 2012-05-14 01:33 - 00000000 ____D C:\ProgramData\InstallMate
2015-12-16 18:47 - 2009-07-13 22:32 - 00000000 ____D C:\windows\Downloaded Program Files
2015-12-14 09:06 - 2011-03-22 17:20 - 00000000 ____D C:\Users\Karen McKinnis\AppData\LocalLow\Temp
2015-12-14 09:05 - 2009-07-13 20:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
 
==================== Files in the root of some directories =======
 
2012-10-25 07:32 - 2015-03-01 18:34 - 0032768 ___SH () C:\Users\Karen McKinnis\AppData\Roaming\Thumbs.db
2012-02-09 21:04 - 2012-02-09 21:04 - 0027702 _____ () C:\Users\Karen McKinnis\AppData\Roaming\UserTile.png
2015-12-10 10:39 - 2015-12-10 10:39 - 0207101 _____ () C:\Users\Karen McKinnis\AppData\Local\ars.cache
2015-12-10 10:39 - 2015-12-10 10:39 - 0428727 _____ () C:\Users\Karen McKinnis\AppData\Local\census.cache
2011-03-31 17:53 - 2014-04-19 22:38 - 0123904 _____ () C:\Users\Karen McKinnis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-05 04:00 - 2014-07-05 04:01 - 0000084 _____ () C:\Users\Karen McKinnis\AppData\Local\DVDPATH.TXT
2015-12-10 09:52 - 2015-12-10 09:52 - 0000036 _____ () C:\Users\Karen McKinnis\AppData\Local\housecall.guid.cache
2011-03-01 20:30 - 2015-12-30 06:35 - 0007654 _____ () C:\Users\Karen McKinnis\AppData\Local\Resmon.ResmonCfg
2011-03-01 15:25 - 2011-03-01 15:25 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2011-09-01 11:11 - 2011-09-01 11:11 - 0000252 _____ () C:\ProgramData\FastPics.log
2011-12-21 16:00 - 2015-02-19 11:48 - 0001102 _____ () C:\ProgramData\lxdnDiagnostics.log
2011-09-01 21:22 - 2011-09-01 21:23 - 0000126 _____ () C:\ProgramData\tbsched.log
2011-09-01 11:13 - 2011-09-01 11:13 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
 
Some files in TEMP:
====================
C:\Users\Karen McKinnis\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-01 11:46
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
Ran by Karen McKinnis (2016-01-12 07:20:32)
Running from C:\Users\Karen McKinnis\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2011-03-01 19:00:25)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-851422437-3431464140-778240321-500 - Administrator - Disabled)
comp admin (S-1-5-21-851422437-3431464140-778240321-1003 - Administrator - Enabled) => C:\Users\comp admin
Guest (S-1-5-21-851422437-3431464140-778240321-501 - Limited - Enabled) => C:\Users\Guest.KarenMcKinnis
HomeGroupUser$ (S-1-5-21-851422437-3431464140-778240321-1002 - Limited - Enabled)
Karen McKinnis (S-1-5-21-851422437-3431464140-778240321-1000 - Administrator - Enabled) => C:\Users\Karen McKinnis
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.270 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.1.151 - Adobe Systems, Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.27 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 5.2 - Atheros)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.15.129 - Avira Operations GmbH & Co. KG)
Avira Browser Safety (HKLM-x32\...\{9E10EA90-5E97-43B7-A246-FC7B4F5E9493}) (Version: 1.4.5.509 - Avira Operations GmbH & Co KG)
Avira Launcher (HKLM-x32\...\{d0e166af-1634-4c0b-ae96-2180e61f9d38}) (Version: 1.1.52.15531 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.52.15531 - Avira Operations GmbH & Co. KG) Hidden
Bricks of Atlantis (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11050883}) (Version:  - Oberon Media)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
Chuzzle (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}) (Version:  - Oberon Media)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 4.119.0.61 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DIRECTV Player (HKLM-x32\...\{69b8745b-65c2-4a2d-b5db-00e0cd841f1e}) (Version: 9.0 - DIRECTV)
Dynasty (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111473353}) (Version:  - Oberon Media)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Free All-In-One Media Player (HKLM-x32\...\Free Media Player_is1) (Version:  - Free Software Group)
Free FLAC to MP3 Converter 1.0 (HKLM-x32\...\{A54C01BD-1277-4722-B42B-EC9800A90B1E}_is1) (Version:  - PolySoft Solutions)
Free Mp3 Wma Converter V 2.2 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version: 2.2.0.0 - Koyote Soft)
Freemake Video Converter version 3.2.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation)
G-Force (HKLM-x32\...\G-Force) (Version: 3.9.1 - SoundSpectrum)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HijackThis 2.0.2 (HKLM-x32\...\HijackThis) (Version: 2.0.2 - TrendMicro)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HTC Sync Manager (HKLM-x32\...\{231D0C79-98A6-4693-A366-36DE7D7346EC}) (Version: 3.1.64.0 - HTC)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version:  - )
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
[email protected] 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version:  - Lexmark International, Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mavis Beacon Teaches Typing Platinum 20 (HKLM-x32\...\{58F9D852-9443-4955-A1ED-12C9E0504DD0}) (Version: 20.00.0000 - Broderbund)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Fix it Center (HKLM\...\{B7588D45-AFDC-4C93-9E2E-A100F3554B64}) (Version: 1.0.0100 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Morphyre (HKLM-x32\...\Morphyre) (Version:  - )
Mozilla Firefox 43.0.4 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-GB)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\MusicManager) (Version:  - Google, Inc.)
OpenSource Flash Video Splitter (remove only) (HKLM-x32\...\OpenSource Flash Video Splitter) (Version:  - )
Pale Moon 12.3 (x86 en-US) (HKLM-x32\...\Pale Moon 12.3 (x86 en-US)) (Version: 12.3 - Mozilla)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PowerISO (HKLM-x32\...\PowerISO) (Version: 4.7 - PowerISO Computing, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
RealDownloader (x32 Version: 18.1.2.176 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.2.179 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (RealTimes) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.2 - RealNetworks)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
RescuePRO™ 3.0 (HKLM-x32\...\RescuePRO-3.0) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version:  - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version:  - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version:  - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version:  - )
Spotify (HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1136 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.11 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{76078303-BAA2-4FBF-BA13-D1065195E696}) (Version: 3.3.9679 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}) (Version: 2.00.06 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.9 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{073B89C3-BA88-41B5-965F-B35A88EAE838}) (Version: 2.00.03 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.19.64 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Win7codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 2.3.7 - Shark007)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Center Add-in for Flash (HKLM-x32\...\{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}) (Version: 4.1.2.0 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (HKLM-x32\...\{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}) (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-851422437-3431464140-778240321-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Karen McKinnis\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-851422437-3431464140-778240321-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Karen McKinnis\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
14-12-2015 00:00:02 Scheduled Checkpoint
14-12-2015 18:17:11 JRT Pre-Junkware Removal
16-12-2015 07:03:01 Windows Update
16-12-2015 16:41:17 Restore Point Created by FRST
19-12-2015 09:55:18 Windows Update
28-12-2015 13:47:57 Restore Point Created by FRST
11-01-2016 19:12:22 Removed Skype Click to Call
11-01-2016 19:21:00 Removed Skype™ 7.10
11-01-2016 19:25:52 Removed Skype Click to Call
11-01-2016 23:48:38 Removed Google Talk Plugin
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2013-01-21 10:59 - 00445399 ____N C:\windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15286 more lines.
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {22810756-8480-4FAD-883D-FBEF5B2F72E7} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {45E5DE3B-1195-4DAF-AEB3-564EBB627774} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000Core => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5F76E66B-A38B-4DAC-9C78-9C62DEE86E04} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-11-04] ()
Task: {8460CDA7-D46A-4B06-A882-8DB16D3D87D2} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-851422437-3431464140-778240321-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {8B6EE703-9FE6-4755-9809-D8D751EE985A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-12] (Google Inc.)
Task: {8D7EA35B-5E4E-40A4-B24C-55C8B2F36AC2} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-851422437-3431464140-778240321-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-11-04] (RealNetworks, Inc.)
Task: {903087C8-D0BF-41AF-9457-A109C1604081} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\OSUpgrade => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunHandleOSUpgrade
Task: {AB9CC5FE-E1E6-43F2-96EC-185E4832D74C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {AFE9D5E5-5568-4FC0-8970-F55299F84480} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ConfigExec => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunCollectConfigurationInfo
Task: {B9FAF1D9-6D73-4D72-99EE-B341C16522C6} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\ReportUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RunUploadWinReports
Task: {BF13A229-932B-40A3-B3B9-33F915BED027} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe [2010-02-04] (Lexmark International Inc.)
Task: {C1C9B998-2022-4712-BCFB-085A924FD781} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000UA => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D749846B-79C4-45C8-BE37-F658B18A5CB8} - System32\Tasks\Avira Browser Safety Updater Task => C:\Program Files (x86)\Avira\Browser Safety\AviraBrowserSafetyUpdater.exe [2015-03-11] (Avira Operations GmbH & Co. KG)
Task: {DACC143D-8033-41D2-A0E0-3B3BCF735835} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
Task: {ECCFBFD3-16CB-42AA-A8AA-CCFBEA2362A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-12] (Google Inc.)
Task: {FD25592E-F6D8-485B-95A0-D34E42DCD8A1} - System32\Tasks\Microsoft\Support\Microsoft Fix it Center\MatSvc\DataUpload => Rundll32.exe "C:\Program Files\Microsoft Fix it Center\MatsApi.dll",RetryDataUpload
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000Core.job => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-851422437-3431464140-778240321-1000UA.job => C:\Users\Karen McKinnis\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2011-09-01 20:17 - 2009-08-13 12:06 - 00177152 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2013-05-13 18:44 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2015-11-04 15:20 - 2015-11-04 15:20 - 00033088 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2015-11-24 16:12 - 2015-11-24 16:12 - 00821240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
2015-11-04 13:28 - 2015-11-04 13:28 - 00719632 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2015-07-14 15:35 - 2015-07-14 15:35 - 00030720 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DbAccess.dll
2015-11-24 16:02 - 2015-11-24 16:02 - 00604288 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\sqlite3.dll
2015-07-14 15:36 - 2015-07-14 15:36 - 00059392 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NAdvLog.dll
2015-07-14 15:35 - 2015-07-14 15:35 - 00035864 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
2015-07-14 15:36 - 2015-07-14 15:36 - 00079888 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\ninstallerhelper.dll
2015-07-14 15:37 - 2015-07-14 15:37 - 00129016 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\zlib1.dll
2015-07-14 15:39 - 2015-07-14 15:39 - 00223240 _____ () C:\Program Files (x86)\HTC\HTC Sync Manager\DevConnMon.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00037720 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2015-11-04 15:19 - 2015-11-04 15:19 - 00039768 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2015-11-04 15:20 - 2015-11-04 15:20 - 00037728 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2016-01-12 01:12 - 2015-12-10 20:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2016-01-12 01:12 - 2015-12-10 20:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2016-01-12 01:12 - 2015-12-10 20:54 - 16573256 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll
2015-11-04 13:20 - 2015-11-04 13:20 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2015-07-18 08:55 - 2015-12-10 07:42 - 00653608 _____ () c:\program files (x86)\real\realplayer\RPDS\Lib\r1api.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:4BB26BE9
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\europacasino.com -> www.europacasino.com
IE trusted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\microsoft.com -> hxxp://office.microsoft.com
IE restricted site: HKU\S-1-5-21-851422437-3431464140-778240321-1000\...\europacasino.com -> www.europacasino.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-851422437-3431464140-778240321-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{E2DD0327-785C-4452-91C3-CC1EA4FB1A79}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe
FirewallRules: [UDP Query User{25079C93-B8B1-47FC-887C-571994FB3D86}C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe] => (Allow) C:\windows\system32\spool\drivers\x64\3\lxdnpswx.exe
FirewallRules: [TCP Query User{BEB77D63-492E-4604-8AF4-5BED7B66902A}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe] => (Allow) C:\program files (x86)\lexmark 2600 series\lxdnmon.exe
FirewallRules: [UDP Query User{2905DC40-B9E5-4414-9FB6-53762417094F}C:\program files (x86)\lexmark 2600 series\lxdnmon.exe] => (Allow) C:\program files (x86)\lexmark 2600 series\lxdnmon.exe
FirewallRules: [TCP Query User{7A16EF18-D21C-422D-A512-B01070F9C281}C:\program files (x86)\lexmark 2600 series\frun.exe] => (Allow) C:\program files (x86)\lexmark 2600 series\frun.exe
FirewallRules: [UDP Query User{F1D11C32-2D4A-4559-92E5-E9C379673E63}C:\program files (x86)\lexmark 2600 series\frun.exe] => (Allow) C:\program files (x86)\lexmark 2600 series\frun.exe
FirewallRules: [{DA263243-4747-452C-8C6D-DD82F7A065B3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{AB9DC3F4-0FEA-4D0E-8F06-D429B9BE299E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0042472E-87E7-4444-8584-61A189F42387}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/12/2016 12:46:15 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18015 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1248
 
Start Time: 01d14d0cecce46c5
 
Termination Time: 320
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (01/11/2016 10:18:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SndVol.exe, version: 6.1.7601.17514, time stamp: 0x4ce7aced
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x1220
Faulting application start time: 0xSndVol.exe0
Faulting application path: SndVol.exe1
Faulting module path: SndVol.exe2
Report Id: SndVol.exe3
 
Error: (01/11/2016 07:06:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.18015 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: b38
 
Start Time: 01d14cdd67be6cbc
 
Termination Time: 35
 
Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
 
Report Id:
 
Error: (01/11/2016 03:26:49 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0xC004F00E
.
 
Error: (01/11/2016 03:26:45 PM) (Source: MatSvc) (EventID: 3) (User: )
Description: The MATS service encountered a web service failure. hr=0x80072EFE
 
Error: (01/08/2016 02:34:44 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program downloader2.exe version 18.1.2.179 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e74
 
Start Time: 01d14a24985ed358
 
Termination Time: 1073
 
Application Path: C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
 
Report Id: 86d9358e-b64f-11e5-b990-00266ca6737b
 
Error: (01/07/2016 08:50:07 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SndVol.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1c4
 
Start Time: 01d1496305a7426b
 
Termination Time: 129
 
Application Path: C:\Windows\System32\SndVol.exe
 
Report Id: 4e2d9452-b556-11e5-b990-00266ca6737b
 
Error: (01/04/2016 03:44:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program HTCSyncManager.exe version 3.1.63.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 10b0
 
Start Time: 01d14741479f6977
 
Termination Time: 16
 
Application Path: C:\Program Files (x86)\HTC\HTC Sync Manager\HTCSyncManager.exe
 
Report Id: a6178088-b334-11e5-b990-00266ca6737b
 
Error: (01/03/2016 11:03:40 PM) (Source: MatSvc) (EventID: 15) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0xC004F00E
.
 
Error: (01/03/2016 11:03:40 PM) (Source: MatSvc) (EventID: 3) (User: )
Description: The MATS service encountered a web service failure. hr=0x80072EFE
 
 
System errors:
=============
Error: (01/12/2016 06:41:11 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.3192.168.137.0255.255.255.0
 
Error: (01/12/2016 06:41:11 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (01/12/2016 12:11:40 AM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.3192.168.137.0255.255.255.0
 
Error: (01/12/2016 12:11:40 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (01/11/2016 11:46:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Secondary Logon service failed to start due to the following error: 
%%1053
 
Error: (01/11/2016 11:46:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the seclogon service.
 
Error: (01/11/2016 11:07:58 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
 
Error: (01/11/2016 10:08:32 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.3192.168.137.0255.255.255.0
 
Error: (01/11/2016 10:08:32 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (01/11/2016 09:48:01 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.0.3192.168.137.0255.255.255.0
 
 
==================== Memory info =========================== 
 
Processor: Intel® Celeron® CPU 925 @ 2.30GHz
Percentage of memory in use: 68%
Total physical RAM: 2939.98 MB
Available physical RAM: 922.12 MB
Total Virtual: 5878.16 MB
Available Virtual: 3711.66 MB
 
==================== Drives ================================
 
Drive c: (TI106034W0C) (Fixed) (Total:221.24 GB) (Free:143.85 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive i: (TOSHIBA HDD) (Fixed) (Total:931.28 GB) (Free:750.02 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 5FBA0294)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=221.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.2 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B86F9514)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)
 
==================== End of Addition.txt ============================

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP