Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC has grinded to a halt- I'm sure I have something :( [Solved]

slow Avast Malware Bytes Help

  • This topic is locked This topic is locked

#1
machelleW

machelleW

    Member

  • Member
  • PipPip
  • 11 posts

Hi

I have a licensed version of Avast Internet Security running on this machine and I regularly purge junk from my computer using malware bytes. I've noticed over the past while that my computer has become slower and slower until It is now to the point where it's almost impossible to work with. I really don't know what's up.

 

Here is my OTL log. Can someone please help?

 

OTL logfile created on: 12/10/2014 4:24:08 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Machelle\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17207)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.98 Gb Total Physical Memory | 12.56 Gb Available Physical Memory | 78.60% Memory free
31.97 Gb Paging File | 28.66 Gb Available in Paging File | 89.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 603.99 Gb Free Space | 64.85% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 312.34 Gb Free Space | 33.53% Space Free | Partition Type: NTFS
Drive S: | 931.51 Gb Total Space | 226.24 Gb Free Space | 24.29% Space Free | Partition Type: NTFS
Drive Z: | 931.51 Gb Total Space | 919.46 Gb Free Space | 98.71% Space Free | Partition Type: NTFS
 
Computer Name: MACHELLE-PC | User Name: Machelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/10 16:22:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Machelle\Desktop\OTL.exe
PRC - [2014/11/25 01:39:27 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/11/23 16:02:24 | 005,226,600 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/11/23 16:01:47 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/11/23 16:01:14 | 000,104,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2014/11/13 01:58:58 | 035,419,192 | ---- | M] (Dropbox, Inc.) -- C:\Users\Machelle\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/09/12 13:27:40 | 000,342,312 | ---- | M] (Smilebox, Inc.) -- C:\Users\Machelle\AppData\Roaming\Smilebox\SmileboxTray.exe
PRC - [2014/09/04 07:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/07/25 03:42:26 | 000,311,616 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/12 09:13:45 | 001,141,848 | ---- | M] (RealNetworks, Inc.) -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
PRC - [2014/04/12 09:13:42 | 000,296,520 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2014/04/12 07:20:54 | 007,322,488 | ---- | M] (Allmyapps SAS) -- C:\Users\Machelle\AppData\Roaming\Allmyapps\Allmyapps.exe
PRC - [2014/03/26 07:36:27 | 000,309,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2014/03/20 20:13:30 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
PRC - [2014/03/15 02:18:20 | 000,039,568 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/07/21 09:01:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/12/16 12:21:12 | 000,246,688 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2011/12/16 12:21:10 | 001,687,968 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe
PRC - [2011/11/09 06:49:46 | 000,096,016 | ---- | M] (Siber Systems) -- C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/10/05 20:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 20:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/04/22 14:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/10/13 15:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/05/10 21:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/10 16:15:45 | 000,043,008 | ---- | M] () -- c:\Users\Machelle\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfpofzu.dll
MOD - [2014/11/25 01:39:24 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
MOD - [2014/11/25 01:39:20 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
MOD - [2014/11/25 01:39:18 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
MOD - [2014/11/25 01:39:17 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
MOD - [2014/11/23 16:01:51 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/11/13 01:49:58 | 003,610,624 | ---- | M] () -- C:\Users\Machelle\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2014/03/25 11:11:56 | 000,087,040 | ---- | M] () -- C:\Users\Machelle\AppData\Roaming\Allmyapps\qjson.dll
MOD - [2014/03/25 11:11:55 | 000,137,728 | ---- | M] () -- C:\Users\Machelle\AppData\Roaming\Allmyapps\CrashRpt1402.dll
MOD - [2013/08/23 14:01:44 | 025,100,288 | ---- | M] () -- C:\Users\Machelle\AppData\Roaming\Dropbox\bin\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/23 16:01:47 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/11/23 16:01:18 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2014/11/23 16:01:14 | 000,104,416 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2014/06/18 19:24:12 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/12/15 10:40:08 | 001,977,224 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV:64bit: - [2011/12/15 10:40:08 | 001,338,264 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV:64bit: - [2011/12/15 10:40:06 | 000,319,384 | R--- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2010/04/06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/11/23 15:28:00 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/11/07 02:45:33 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/04 07:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/12 09:13:45 | 001,141,848 | ---- | M] (RealNetworks, Inc.) [Auto | Running] -- c:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe -- (RealPlayer Cloud Service)
SRV - [2014/03/20 20:13:30 | 000,023,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe -- (RealPlayerUpdateSvc)
SRV - [2014/03/15 02:18:20 | 000,039,568 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/25 23:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/21 09:01:12 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/12/16 12:21:12 | 000,246,688 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2010/10/05 20:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 20:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/10/13 15:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/01/28 17:25:24 | 000,020,537 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Reference Manager 12 Demo\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe -- (RMWPService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/12/04 10:46:00 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/11/23 16:02:25 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/11/23 16:01:55 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/11/23 16:01:55 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/11/23 16:01:55 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswStm.sys -- (aswStm)
DRV:64bit: - [2014/11/23 16:01:55 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/11/23 16:01:55 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/11/23 16:01:55 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/11/23 16:01:54 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/11/23 16:01:37 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2014/11/23 16:01:18 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Auto | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2014/11/23 16:01:15 | 000,449,936 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2014/06/16 01:01:38 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2014/06/16 01:01:38 | 000,110,336 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/09/12 14:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/04/18 12:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/26 01:06:02 | 000,039,808 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011/01/26 01:06:00 | 000,064,256 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011/01/10 17:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/12/24 02:32:54 | 000,412,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2014/12/10 16:14:26 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/10/09 07:49:10 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.c...0C6TE8gf0y4GwBg
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 19 10 47 73 85 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - SOFTWARE\Classes\CLSID\{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {ACF665D7-3376-4593-8BDB-9ACDD2E1C155}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{1C5FB3B0-8515-48f4-9CBC-0ADCF7BB8C21}: "URL" = http://www.bing.com/...=SPLBR1&pc=SPLH
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws...&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADRA_enCA452
IE - HKCU\..\SearchScopes\{8DC5F5C6-386E-4E27-9ADE-35738D74CFF0}: "URL" = http://websearch.ask...91-9191E6C72DFC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-03-30 08:34:39&v=10.2.0.3&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{ACF665D7-3376-4593-8BDB-9ACDD2E1C155}: "URL" = https://www.google.c...?q={searchTerms}
IE - HKCU\..\SearchScopes\{CC38CE36-7913-458C-9BBC-794DEF4DED21}: "URL" = http://search.yahoo....&p={searchTerms}
IE - HKCU\..\SearchScopes\{D66CEF97-97DA-4b3a-9677-40AA78005BD9}: "URL" = http://www.google.co...&q={searchTerms}
IE - HKCU\..\SearchScopes\{E438D591-4747-4ee6-BF38-84EB0C7EB080}: "URL" = http://search.yahoo....evm&type=IEBDSV
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..CT3220468.browser.search.defaultthis.engineName: true
FF - prefs.js..CT3287803.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "VisualBee V.4 Customized Web Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2021.112
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.0.3
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=17.0.8.22: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=17.0.8: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=17.0.8: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=17.0.8: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=17.0.8.22: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer Cloud)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2011/11/09 06:50:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/11/23 16:01:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2014/04/12 09:14:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7F737E3E-993D-43AB-9109-90C4E82752CC}: C:\Program Files (x86)\iSkysoft\iTube Studio\SVRFirefoxExt\ [2013/10/30 07:56:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0FAA5C82-A094-4541-8811-D3361F972A81}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2014/04/12 09:14:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7F737E3E-993D-43AB-9109-90C4E82752CC}: C:\Program Files (x86)\iSkysoft\iTube Studio\SVRFirefoxExt\ [2013/10/30 07:56:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/10/09 10:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Machelle\AppData\Roaming\Mozilla\Extensions
[2014/11/03 19:13:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Machelle\AppData\Roaming\Mozilla\Firefox\Profiles\1u77xfyz.default\extensions
[2013/03/19 18:10:55 | 000,002,575 | ---- | M] () -- C:\Users\Machelle\AppData\Roaming\Mozilla\Firefox\Profiles\1u77xfyz.default\searchplugins\askcom.xml
[2014/11/07 02:45:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/07 02:45:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/11/10 19:09:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2014/11/10 19:09:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/11/23 16:01:57 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: No name found = C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.0_0\
CHR - Extension: No name found = C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\akipcefbjlmpbcejgdaopmmidpnjlhnb\0.2.3_0\
CHR - Extension: Shockwave Flash = C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: No name found = C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbckhhmjfnmedpakkaaflpnmkamdppf\3.1.3_0\
CHR - Extension: Shockwave Flash = C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Shockwave Flash = C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjmngbfeoahignmbagincnmpgodpfjm\2013.11.22.62886_0\
CHR - Extension: No name found = C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\eicdknplohdampjgndodmhblklhhnkbn\2.1_0\
CHR - Extension: No name found = C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fifhdbcbihllaneapjoabnoaoejhieok\1.1.5_0\
CHR - Extension: No name found = C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.14.4_0\
CHR - Extension: No name found = C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.35_0\
CHR - Extension: No name found = C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijehohpnpekbejmlkiofnlggakgeheke\1.1_0\
CHR - Extension: No name found = C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmjcfmmkkmnmlfkfpcdkfpodinlkmdd\1.0.0_0\
CHR - Extension: No name found = C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - No CLSID value found.
O2 - BHO: (iSkysoft iTube Studio) - {0F789748-F853-4734-A187-A096F05306E5} - C:\Program Files (x86)\iSkysoft\iTube Studio\SVRIEPlugin.dll (iSkysoft Software Co., Ltd.)
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (EndNote Web) - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! EasyPass) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (EndNote Web) - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files (x86)\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (avast! EasyPass) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [kbdsprt]  File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKCU..\Run: [Allmyapps] C:\Users\Machelle\AppData\Roaming\Allmyapps\Allmyapps.exe (Allmyapps SAS)
O4 - HKCU..\Run: [Allmyapps Update] C:\Users\Machelle\AppData\Roaming\Allmyapps\AllmyappsUpdater.exe (Allmyapps SAS)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_79618E803EBF3950E5365F301DCEB221] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SmileboxTray] C:\Users\Machelle\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_15_0_0_223_ActiveX.exe -update activex File not found
O4 - Startup: C:\Users\Machelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Machelle\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: avast! EasyPass Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: avast! EasyPass Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9:64bit: - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: avast! EasyPass - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : avast! EasyPass Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mcgill.ca ([evaultsite.campus] * in Local intranet)
O15 - HKCU\..Trusted Domains: mcgill.ca ([evaultvs1.campus] * in Local intranet)
O15 - HKCU\..Trusted Domains: mcgill.ca ([evaultvs2.campus] * in Local intranet)
O15 - HKCU\..Trusted Domains: mcgill.ca ([pevault1.campus] * in Local intranet)
O15 - HKCU\..Trusted Domains: mcgill.ca ([pevault2.campus] * in Local intranet)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B87A25B-CEA9-480D-BB13-EB9D73312AED}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{52d67d02-c82c-11e1-9c4f-1c6f65d7b299}\Shell - "" = AutoRun
O33 - MountPoints2\{52d67d02-c82c-11e1-9c4f-1c6f65d7b299}\Shell\AutoRun\command - "" = "F:\WD Drive Unlock.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/10 16:22:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Machelle\Desktop\OTL.exe
[2014/11/24 07:59:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vbox
[2014/11/24 07:59:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vbox
[2014/11/23 16:03:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
[2014/11/23 16:01:59 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/11/23 16:01:53 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/11/23 16:01:15 | 000,449,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/10 16:25:57 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/10 16:25:57 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/10 16:22:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Machelle\Desktop\OTL.exe
[2014/12/10 16:14:21 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/10 16:13:59 | 000,000,388 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Machelle.job
[2014/12/10 16:13:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/10 16:13:26 | 4281,786,366 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/10 16:05:43 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/10 15:40:17 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Machelle.job
[2014/12/10 15:28:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/12/09 06:21:01 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Machelle.job
[2014/12/08 14:54:51 | 000,053,978 | ---- | M] () -- C:\Users\Machelle\Desktop\Machelle Wilchesky PhD Academic CV December 2014.pdf
[2014/12/06 11:16:47 | 000,041,549 | -HS- | M] () -- C:\Users\Machelle\Folder.jpg
[2014/12/06 11:16:47 | 000,041,549 | -HS- | M] () -- C:\Users\Machelle\AlbumArt_{DB047028-E670-4BB3-A0CC-4770244CF5BE}_Large.jpg
[2014/12/06 11:16:47 | 000,009,410 | -HS- | M] () -- C:\Users\Machelle\AlbumArtSmall.jpg
[2014/12/06 11:16:47 | 000,009,410 | -HS- | M] () -- C:\Users\Machelle\AlbumArt_{DB047028-E670-4BB3-A0CC-4770244CF5BE}_Small.jpg
[2014/12/04 10:46:00 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/03 10:29:57 | 000,299,400 | ---- | M] () -- C:\Users\Machelle\Desktop\Zach Nathan Referral CIU and CBC - diff Dec 2014.pdf
[2014/11/23 16:03:20 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Avast SafeZone.lnk
[2014/11/23 16:03:20 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Avast Internet Security.lnk
[2014/11/23 16:02:25 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/11/23 16:01:55 | 000,436,624 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/11/23 16:01:55 | 000,364,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/11/23 16:01:55 | 000,267,632 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/11/23 16:01:55 | 000,116,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswStm.sys
[2014/11/23 16:01:55 | 000,083,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/11/23 16:01:55 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/11/23 16:01:55 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/11/23 16:01:54 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/11/23 16:01:53 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/11/23 16:01:37 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2014/11/23 16:01:15 | 000,449,936 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2014/11/21 19:41:49 | 000,785,208 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/21 19:41:49 | 000,664,314 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/21 19:41:49 | 000,122,844 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/11/20 18:45:33 | 000,000,614 | ---- | M] () -- C:\Users\Machelle\AppData\Roaming\burnaware.ini
[2014/11/17 08:22:48 | 000,094,380 | ---- | M] () -- C:\Users\Machelle\Desktop\movienight21_0.jpg
[2014/11/16 20:31:01 | 040,106,592 | ---- | M] () -- C:\Users\Machelle\Barracuda (felinity).mp4
[2014/11/15 18:40:47 | 000,001,055 | ---- | M] () -- C:\Users\Machelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/11/15 18:40:25 | 000,001,029 | ---- | M] () -- C:\Users\Machelle\Desktop\Dropbox.lnk
[2014/11/11 18:31:41 | 025,350,114 | ---- | M] () -- C:\Users\Machelle\Barracuda Nov 8 2014.mp4
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/12/08 14:54:51 | 000,053,978 | ---- | C] () -- C:\Users\Machelle\Desktop\Machelle Wilchesky PhD Academic CV December 2014.pdf
[2014/12/03 10:29:55 | 000,299,400 | ---- | C] () -- C:\Users\Machelle\Desktop\Zach Nathan Referral CIU and CBC - diff Dec 2014.pdf
[2014/11/23 16:03:20 | 000,001,990 | ---- | C] () -- C:\Users\Public\Desktop\Avast SafeZone.lnk
[2014/11/23 16:03:20 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\Avast Internet Security.lnk
[2014/11/21 15:11:52 | 000,000,388 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Machelle.job
[2014/11/21 15:11:38 | 000,000,382 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Machelle.job
[2014/11/21 15:11:25 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Machelle.job
[2014/11/17 08:22:48 | 000,094,380 | ---- | C] () -- C:\Users\Machelle\Desktop\movienight21_0.jpg
[2014/11/16 20:29:55 | 040,106,592 | ---- | C] () -- C:\Users\Machelle\Barracuda (felinity).mp4
[2014/11/11 18:30:38 | 025,350,114 | ---- | C] () -- C:\Users\Machelle\Barracuda Nov 8 2014.mp4
[2014/07/24 12:39:02 | 000,105,887 | ---- | C] () -- C:\Users\Machelle\chicken.jpg
[2014/07/15 10:56:44 | 004,135,991 | ---- | C] () -- C:\Users\Machelle\VoiceLiveTouchCompleteManualENGv1-2.pdf
[2014/04/30 18:47:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2014/04/30 18:47:48 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2014/04/30 18:47:48 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2014/04/30 18:47:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2014/04/30 18:47:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2014/03/21 08:49:42 | 000,064,792 | ---- | C] () -- C:\Users\Machelle\Machelle Wilchesky PhD Academic CV February 2014.pdf
[2014/02/01 11:20:40 | 000,011,666 | ---- | C] () -- C:\Users\Machelle\Pro Me DBM CRA.jpg
[2014/01/11 09:53:35 | 000,491,736 | ---- | C] () -- C:\Users\Machelle\boyboy skating 2.jpg
[2013/11/12 21:50:13 | 009,661,689 | ---- | C] () -- C:\Users\Machelle\barracuda ending.mp4
[2013/11/06 06:49:24 | 000,041,549 | -HS- | C] () -- C:\Users\Machelle\Folder.jpg
[2013/11/06 06:49:24 | 000,041,549 | -HS- | C] () -- C:\Users\Machelle\AlbumArt_{DB047028-E670-4BB3-A0CC-4770244CF5BE}_Large.jpg
[2013/11/06 06:49:24 | 000,009,410 | -HS- | C] () -- C:\Users\Machelle\AlbumArtSmall.jpg
[2013/11/06 06:49:24 | 000,009,410 | -HS- | C] () -- C:\Users\Machelle\AlbumArt_{DB047028-E670-4BB3-A0CC-4770244CF5BE}_Small.jpg
[2013/10/30 07:56:49 | 000,938,157 | ---- | C] () -- C:\Windows\SysWow64\WPShellExt64.dll
[2013/10/28 07:11:20 | 006,562,125 | ---- | C] () -- C:\Users\Machelle\11 Ce Soir on Danse a Naziland.mp3
[2013/10/15 19:46:20 | 000,001,183 | ---- | C] () -- C:\Users\Machelle\Books - Shortcut.lnk
[2013/04/28 12:26:18 | 000,390,549 | ---- | C] () -- C:\Users\Machelle\Supercycle Blast Zone 12...s' Bike _ Canadian Tire.pdf
[2013/03/29 13:43:19 | 000,000,118 | ---- | C] () -- C:\Users\Machelle\kvirc4.ini
[2012/12/13 16:07:25 | 000,000,614 | ---- | C] () -- C:\Users\Machelle\AppData\Roaming\burnaware.ini
[2012/10/11 10:55:30 | 000,004,096 | -H-- | C] () -- C:\Users\Machelle\AppData\Local\keyfile3.drm
[2012/03/29 10:04:28 | 001,660,260 | ---- | C] () -- C:\Users\Machelle\Surgical Arithmetic Epi biostats text book.pdf
[2012/03/21 19:48:07 | 000,000,206 | ---- | C] () -- C:\Users\Machelle\annsurg.sas
[2012/02/12 12:25:05 | 000,038,239 | ---- | C] () -- C:\Users\Machelle\immortal time bias picture.png
[2012/02/12 11:35:46 | 000,056,762 | ---- | C] () -- C:\Users\Machelle\Immeasureable time bias picture.png
[2012/01/22 18:17:57 | 000,064,321 | ---- | C] () -- C:\Users\Machelle\tombrady1.jpg
[2011/11/09 06:45:33 | 000,116,621 | ---- | C] () -- C:\Users\Machelle\AVAST Internet Security purchase.pdf
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/12/10 16:17:11 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\Allmyapps
[2014/11/11 08:58:05 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\Audacity
[2014/07/26 19:47:56 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\AVAST Software
[2014/12/10 16:17:34 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\Dropbox
[2011/10/09 10:12:27 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\e-academy Inc
[2012/01/05 12:23:07 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\EndNote
[2012/06/03 22:33:05 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\EurekaLog
[2012/04/15 10:38:20 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\Expert PDF 7
[2013/02/04 20:08:10 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\Inspyder Pitch Switch
[2012/01/21 15:51:04 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\ISI ResearchSoft
[2013/03/29 19:27:58 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\KVIrc4
[2012/03/30 07:34:00 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\pdfforge
[2014/03/12 19:12:38 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\Publish or Perish
[2011/11/09 06:55:25 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\RoboForm
[2014/08/22 20:27:00 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\Samsung
[2011/10/16 06:17:50 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\SAS
[2011/10/16 05:42:46 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\SAS Institute Inc
[2014/10/08 21:08:16 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\SearchProtect
[2014/11/28 07:07:26 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\Smilebox
[2011/10/07 19:23:41 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\Splashtop
[2014/07/18 21:42:57 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\TC-Helicon
[2011/11/09 06:24:41 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\TeamViewer
[2013/12/18 22:42:43 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\Ulead Systems
[2014/03/25 11:05:19 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\uTorrent
[2013/04/11 12:22:18 | 000,000,000 | ---D | M] -- C:\Users\Machelle\AppData\Roaming\webex
 
========== Purity Check ==========
 
 

< End of report >


Edited by machelleW, 10 December 2014 - 03:42 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi could I use a different scanner on this

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
machelleW

machelleW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi Essexboy:

An IT tech friend helped me out by phone and things seem to be running better.

Malware bytes and spybot 2 did the trick.

 

Thanks for the reply. If things go south, I will return :)

 

M


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem, out of curiosity what was found
  • 0

#5
machelleW

machelleW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Is there a way to post pictures? I saved screen shots of the results...


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Select more reply options and at the bottom left will be the option to attach files

Capture.JPG
  • 0

#7
machelleW

machelleW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Hi

This was what was found...

 

thanks :)

Attached Thumbnails

  • Spybot scan results.jpg
  • Malware Bytes Premium detected 3 objects.jpg

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ah OK as suspected just adware, if you want to be sure it has all gone then

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#9
machelleW

machelleW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Here you go- thanks again ! :)
 
# AdwCleaner v4.105 - Report created 12/12/2014 at 09:20:08
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Machelle - MACHELLE-PC
# Running from : C:\Users\Machelle\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : YahooAUService
Service Deleted : c2cautoupdatesvc
Service Deleted : c2cpnrsvc
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Users\Lorne\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\Machelle\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Machelle\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Machelle\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\Machelle\AppData\Roaming\Allmyapps
Folder Deleted : C:\Users\Machelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Allmyapps
File Deleted : C:\Users\Machelle\AppData\Roaming\Mozilla\Firefox\Profiles\1u77xfyz.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Machelle\AppData\Roaming\Mozilla\Firefox\Profiles\1u77xfyz.default\user.js
File Deleted : C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Machelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : BackgroundContainer Startup Task
Task Deleted : VisualBeeRecovery
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.FBServiceAPPEventsSink
Key Deleted : HKLM\SOFTWARE\Classes\STC.FBServiceAPPEventsSink.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.OptionMenu
Key Deleted : HKLM\SOFTWARE\Classes\STC.OptionMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.Protocol
Key Deleted : HKLM\SOFTWARE\Classes\STC.Protocol.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.VisualBookmark
Key Deleted : HKLM\SOFTWARE\Classes\STC.VisualBookmark.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.WebObject
Key Deleted : HKLM\SOFTWARE\Classes\STC.WebObject.1
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.BHOHelper
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.BHOHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.FBServiceAPP
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.FBServiceAPP.1
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.Protocol
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.Protocol.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287803
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{82A5CE4D-AF0C-45B6-8AF8-75625BE6A08D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B2B7E0CD-E169-43B3-A233-E129610EE314}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0DEC13F0-5C8C-4147-8329-6CDFAD9755B7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E97F0FA-3B44-4634-A87E-8B0D5CFD6365}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{951F5841-FD1E-4F1D-8607-67B174DBD753}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1CCB0CC-DA45-4797-93D3-DEE7A13F8177}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DCE24E28-D8EF-49BE-BC01-A1DD3B58FCE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E4F7F1A5-490E-4884-A9E3-CBD6A25749E1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E8E0178-00EF-413D-9324-E7B3E31572E3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1A533A8-E106-422B-AE29-D0025269AF83}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B1759D04-0EF9-472A-B5C3-C774997B5321}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80ED3EBC-CC05-4336-ABCC-295798855718}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8DC5F5C6-386E-4E27-9ADE-35738D74CFF0}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\Myfree Codec
Key Deleted : HKLM\SOFTWARE\SearchProtect
Key Deleted : HKLM\SOFTWARE\VBMZ
Key Deleted : HKLM\SOFTWARE\visualbee
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\febb569a337f725f5f8607711f665d3b
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\app.mam.conduit.com
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Mozilla Firefox v33.0.3 (x86 en-US)
 
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM2NDgxMzMyNiwidXVpZCI6NDk1OTA1MDQxMjgxNjA2LCJzZXFfaWQiOjksInNzYiI6MTM1MzIwMTU1Mn0=");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.CBOpenMAMSettings.enc", "MA==");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.FirstTime", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ==");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.PG_ENABLE.enc", "ZEhKMVpRPT0=");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.RevertSettingsEnabled", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.UserID", "UN66590596861360425");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.autoDisableScopes", -1);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.browser.search.defaultthis.engineName", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.cbcountry_001.enc", "Q0E=");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.cbfirsttime.enc", "U2F0IE5vdiAxNyAyMDEyIDIwOjE5OjEzIEdNVC0wNTAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.countryCode", "CA");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.enableAlerts", "always");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.enableFix404ByUser", "FALSE");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.fixUrls", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.fullUserID", "UN66590596861360425.XX.20130904150310");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.homepageuserchanged", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.installId", "fft9856.tmp.exe");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.installType", "XPE");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.isNewTabEnabled", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.keyword", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.lastVersion", "10.16.70.505");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM2NDgxMzMyNjkwMA==");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_appState_CouponBuddy.enc", "b24=");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_appState_PriceGong.enc", "b24=");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5IiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiNmNjN2Q4MzUtMTQwNS00NTZhLThhNTYtNGM1ZjRjN2NiYmFhIiwiZG9tYWlucyI[...]
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS40LjQuNg==");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM2NDgxMzMyNjg5OQ==");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMTk1XzAiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.mam_gk_userId.enc", "NTI5YzhlOTctYmIwYy00ZDRjLTllMTYtN2U3Njg3OGI1YWQ3");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.missingMachineIdSent", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://uTorrentControlv2.OurToolbar.com/\",\"[...]
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.openThankYouPage", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287803&SearchSource=2&CUI=UN15191661211303122&UM=&q=");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.search.searchCount", "0");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.searchInNewTabEnabledByUser", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.searchSuggestEnabledByUser", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_Configuration_lastUpdate", "1378931205402");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1364813429986");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1364813429996");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1363734910743");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1376868472466");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1353314116368");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1363734790968");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364813430003");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate", "1371726225695");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.2.509_lastUpdate", "1376868471805");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.70.505_lastUpdate", "1378931208404");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1363734910723");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1378931205645");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1378931205278");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1363734910671");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1378931205924");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1378931205892");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.settingsINI", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.showToolbarPermission", "false");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.smartbar.isHidden", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.toolbarBornServerTime", "18-11-2012");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "11-9-2013");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.toolbarLoginClientTime", "Mon Apr 01 2013 06:48:29 GMT-0400 (Eastern Daylight Time)");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.upgradeFromClearSBVersion", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEzNTM1MDYzMDExMDIsLCxodHRwczovL3d3dy5nb29nbGUuY29tOjo6Y2xpY2toYW5kbGVyOjo6MTM1MzUwNjMwMzEwNSwsLGh0dHBz[...]
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1391535482065,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.1000082.isPlayDisplay", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.FF19Solved", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.FirstTime", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.FirstTimeFF3", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.PG_ENABLE", "dHJ1ZQ==");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.UserID", "UN15191661211303122");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.addressBarTakeOverEnabledInHidden", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.autoDisableScopes", -1);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.browser.search.defaultthis.engineName", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.countryCode", "CA");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.defaultSearch", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.enableAlerts", "always");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.enableFix404ByUser", "TRUE");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.enableSearchFromAddressBar", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.enlargeSearchBox", "{\"enabled\":true,\"maxWidth\":1000,\"minWidth\":250,\"width\":500}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.firstTimeDialogOpened", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.fixPageNotFoundError", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.fixPageNotFoundErrorByUser", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.fixPageNotFoundErrorInHidden", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.fixUrls", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.fullUserID", "UN15191661211303122.XX.20130904150310");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.homepageuserchanged", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.installDate", "18/3/2013 10:58:16");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.installId", "stub.exe");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.installType", "conduitnsisintegration");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.isCheckedStartAsHidden", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.isFirstTimeToolbarLoading", "false");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.keyword", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.lastVersion", "10.16.9.506");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.migrateAppsAndComponents", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://VisualBeeV4.OurToolbar.com/\",\"EB_TOO[...]
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.openThankYouPage", "false");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.openUninstallPage", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287803&SearchSource=2&CUI=UN15191661211303122&UM=UM_ID&q=");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.revertSettingsEnabled", "false");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.search.searchAppId", "130058504535209809");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.search.searchCount", "0");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.searchFromAddressBarEnabledByUser", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.searchInNewTabEnabledByUser", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.searchInNewTabEnabledInHidden", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.searchSuggestEnabledByUser", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3287803\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://VisualBeeV4.OurToolbar.com//xpi\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"VisualBee V.4\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_services_Configuration_lastUpdate", "1378931206169");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1364813430847");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_services_appsMetadata_lastUpdate", "1364813430851");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1363734675340");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_services_location_lastUpdate", "1376868473741");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364813430855");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_services_login_10.15.0.562_lastUpdate", "1371726225952");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_services_login_10.16.2.509_lastUpdate", "1376868473673");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_services_login_10.16.9.506_lastUpdate", "1378931206374");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1363734675379");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_services_searchAPI_lastUpdate", "1378931206187");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_services_serviceMap_lastUpdate", "1378931206132");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_services_setupAPI_lastUpdate", "1364813430901");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_services_toolbarContextMenu_lastUpdate", "1363734675234");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_services_toolbarSettings_lastUpdate", "1378931206308");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.serviceLayer_services_translation_lastUpdate", "1378931206270");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.settingsINI", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.shouldFirstTimeDialog", "false");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.showToolbarPermission", "false");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.smartbar.CTID", "CT3287803");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.smartbar.Uninstall", "0");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.smartbar.homepage", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.smartbar.isHidden", true);
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.smartbar.toolbarName", "VisualBee V.4 ");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.startPage", "true");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.toolbarBornServerTime", "20-3-2013");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.toolbarCurrentServerTime", "11-9-2013");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.toolbarLoginClientTime", "Mon Apr 01 2013 07:16:01 GMT-0400 (Eastern Daylight Time)");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803.url_history0001.enc", "aHR0cDovL3BpY3Bhc3RlLmNvbS9JTUctMjAxMjExMjQtMDAzNTlfXzFfLUt2eUJOMTZXLmpwZzo6OmNsaWNraGFuZGxlcjo6OjEzNjM3MzQ3ODEyNDcsLCxodHRwOi8vcGljcGFzdGUuY29tLzo6OmNsaWNr[...]
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("CT3287803_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1391535482343,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://blekko.com/ws/?source=6a1885c1&tbp=url&toolbarid=blekkotb_002&u=___userid___&q=");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3287803");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "VisualBee V.4 Customized Web Search");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "Ask.com");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3287803");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3220468");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287803&octid=CT3287803&SearchSource=61&CUI=UN15191661211303122&UM=UM_ID&UP=SP963A7BA0-FC9A-46A8-B2B2-D2FA3F0ACDD4,hxxp://s[...]
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287803&SearchSource=2&CU[...]
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", "LUTXSD8Z7VX6XSAUHIPPIHRQG1USPDVQ938HPGCUNAAJ8M4JHPLMN6ICOSROJO3XYELIUJAMTZWSE+1NNKKJFQ");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("smartbar.originalHomepage", "www.google.com");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://blekko.com/ws/?source=6a1885c1&tbp=url&toolbarid=blekkotb_002&u=___userid___&q=");
[1u77xfyz.default\prefs.js] - Line Deleted : user_pref("smartbar.originalSearchEngine", "uTorrentControl_v2 Customized Web Search");
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [35314 octets] - [10/12/2014 16:51:01]
AdwCleaner[R1].txt - [34309 octets] - [12/12/2014 09:18:24]
AdwCleaner[S0].txt - [35941 octets] - [12/12/2014 09:20:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [36002 octets] ##########

  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
A fair bit more was removed, how is the computer now ?
  • 0

Advertisements


#11
machelleW

machelleW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Seems fine? But it seemed much better after the Malware Bytes and the Spybot 2 removals as well so....  perhaps I'm not the best judge? 

 

Is there an App that you recommend to run in real-time to protect against these issues?


  • 0

#12
machelleW

machelleW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

(And more to the point, why isn't Avast picking them up? :/ )


  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes I will give you some recommendations, unchecky is definitely something to install :)

Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix

delfix.JPG


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article

I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

If you do need to keep Java then download JavaRa
Run the programme and select Remove Java Runtime. Uninstall all versions of Java present
Once done then run it again and select Update Java runtime > Download and install Latest version
javara.JPG


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#14
machelleW

machelleW

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Thank you SO VERY MUCH. I'm actually late for work right now, so I'll  have to do all this on the weekend.

 

I think you meant, however, for me to run those programs after I've used the PC for 24 hours to make sure all is ok- can you please confirm? :)

 

Thanks again, you've been most helpful!


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Avast is not detecting them as they are classified as PUP's (potentially unwanted programmes) However, you can set Avast to detect them

Open Avast > Settings > General
Place a tick in scan for PUP's

Capture.JPG

Why this is not a default setting I do not know

You can clean up now or in 24 hours .. Your choice :)
  • 0






Similar Topics


Also tagged with one or more of these keywords: slow, Avast, Malware Bytes, Help

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP