css infospace malware

Discussion in 'Malware Removal' started by daveleonard, Dec 10, 2013.

  1. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    104
    Location:
    Mambajao, Philippines
    Does anyone know how to remove this virus/malware from the pc? I do not know where it is but no matter what I search for this entity redirects my search. My antivirus cannot find it. Any ideas? Thanks
     
  2. DSTM (Dougie)

    DSTM (Dougie) Retired CHF Staff

    Joined:
    May 3, 2009
    Messages:
    5,807
    Location:
    SYDNEY AUSTRALIA
    Hi Dave. What browser are you using?
    This is a browser Hi-Jacker.
    Try this before we get the Malware Removal Specialists involved.

    • Go to the Start menu.
    • Open the Control Panel and select Programs and Features.
    • Right-click on the undesired program.
    • Choose Uninstall.
    See if it is listed.
    Malware scans don't normally pick it up because it installs itself as a search engine.
     
  3. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    104
    Location:
    Mambajao, Philippines
    Hi there DSTM. Thanks for the reply. Well, that's just it, I don't know what program it is in. I searched all in my programs and went to uninstall but it is not a stand alone program. I even downloaded and used a program called "Should I remove it" which was supposed to get rid of it but I see its just an app evaluation program and didn't do the job because I can't find the malware. The browsers I use are: Chrome, Firefox, Slim Browser, Microsoft Explorer and Epic. Also, whenever I do a search on "how to remove css infospace", you guessed it, I get redirected to css infospace. Drives me crazy. Thanks a lot.
     
  4. DSTM (Dougie)

    DSTM (Dougie) Retired CHF Staff

    Joined:
    May 3, 2009
    Messages:
    5,807
    Location:
    SYDNEY AUSTRALIA
    Hi Dave. I have emailed our Malware removal specialist for you.:)
     
  5. starbuck

    starbuck MALWARE REMOVAL SPECIALIST - SUPER MODERATOR Super Moderators

    Joined:
    Sep 26, 2009
    Messages:
    1,900
    Location:
    Midlands, UK
    Hi Dave.

    Step 1
    Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin to scan your computer.
    • After the scan has finished...
    • Click on the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    Step 2
    Note:
    There are both 32-bit and 64-bit versions of Farbar Recovery Scan Tool available. Please pick the version that matches your operating system's bit type.

    If you are unsure what you're system bit type is..... click Here for help.

    For x32 bit systems download Farbar Recovery Scan Tool and save it to your Desktop.

    For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.

    • Double-click the downloaded icon to run the tool.

      [​IMG]
    • When the tool opens click Yes to disclaimer.

      [​IMG]
    • Press Scan button.

      [​IMG]
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.


    In your next reply, please submit:
    JRT.txt
    AdwCleaner[S0].txt
    and both reports from FRST

    Thanks.
     
  6. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    104
    Location:
    Mambajao, Philippines
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.8 (11.05.2013:1)
    OS: Windows 7 Ultimate x86
    Ran by daveleonard on Thu 12/12/2013 at 6:44:30.84
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113}
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore.1
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\app24x7help_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\app24x7help_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\appshat-distribution_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\appshat-distribution_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylon_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babylon_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\backupstack_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduituninstaller_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduituninstaller_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\spd_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\spd_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\speedupmypc_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\speedupmypc_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{15d2d75c-9cb2-4efd-bad7-b9b4cb4bc693}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c670dcae-e392-aa32-6f42-143c7fc4bdfd}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1561552
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstaller_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstaller_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_epic-browser_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_epic-browser_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_free-usb-disk-security_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_free-usb-disk-security_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_spotflux_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_spotflux_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_windows-7 (1)_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_windows-7 (1)_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_windows-7_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_windows-7_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_EN_1-5-1_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_EN_1-5-1_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
    Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



    ~~~ Files

    Successfully deleted: [File] C:\Windows\System32\Tasks\epupdater
    Successfully deleted: [File] "C:\end"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\apn"
    Successfully deleted: [Folder] "C:\ProgramData\babylon"
    Successfully deleted: [Folder] "C:\ProgramData\bitguard"
    Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
    Successfully deleted: [Folder] "C:\ProgramData\dsearchlink"
    Successfully deleted: [Folder] "C:\ProgramData\fighters"
    Successfully deleted: [Folder] "C:\ProgramData\softsafe"
    Successfully deleted: [Folder] "C:\Program Files\bonanzadeals"
    Successfully deleted: [Folder] "C:\Program Files\consumer input"
    Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner"
    Successfully deleted: [Folder] "C:\Program Files\lemurleap"
    Successfully deleted: [Folder] "C:\Program Files\video download converter"
    Successfully deleted: [Folder] "C:\Program Files\winzip registry optimizer"
    Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\free registry cleaner"
    Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
    Successfully deleted: [Folder] "C:\ai_recyclebin"



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\daveleonard\AppData\Roaming\mozilla\firefox\profiles\fnbc3vqd.default\user.js
    Successfully deleted: [File] C:\Users\daveleonard\AppData\Roaming\mozilla\firefox\profiles\fnbc3vqd.default\searchplugins\websearch.xml
    Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@babylon.com"
    Successfully deleted the following from C:\Users\daveleonard\AppData\Roaming\mozilla\firefox\profiles\fnbc3vqd.default\prefs.js

    user_pref("browser.search.defaultenginename", "WebSearch");
    user_pref("browser.search.defaultenginename,S", "WebSearch");
    user_pref("browser.search.defaulturl", "hxxp://websearch.searchbomb.info/?pid=719&r=2013/11/29&hid=17033464203197463350&lg=EN&cc=PH&unqvl=42&l=1&q=");
    user_pref("browser.search.order.1", "WebSearch");
    user_pref("browser.search.order.1,S", "WebSearch");
    user_pref("browser.search.selectedEngine", "WebSearch");
    user_pref("browser.search.selectedEngine,S", "WebSearch");
    user_pref("extensions.BabylonToolbar.prtkDS", 0);
    user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
    user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
    user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
    user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
    user_pref("sweetim.toolbar.previous.keyword.URL", "");
    user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
    user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
    user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
    user_pref("sweetim.toolbar.searchguard.enable", "");
    Emptied folder: C:\Users\daveleonard\AppData\Roaming\mozilla\firefox\profiles\fnbc3vqd.default\minidumps [1 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 12/12/2013 at 6:47:31.67
     
  7. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    104
    Location:
    Mambajao, Philippines
    # AdwCleaner v3.015 - Report created 12/12/2013 at 06:54:13
    # Updated 10/12/2013 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
    # Username : daveleonard - USER-PC
    # Running from : C:\Users\daveleonard\Downloads\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    [#] Folder Deleted : C:\ProgramData\Browser Manager
    Folder Deleted : C:\ProgramData\QuickSet
    Folder Deleted : C:\ProgramData\YoutubeAdblocker
    Folder Deleted : C:\ProgramData\Browse2sauVe
    Folder Deleted : C:\ProgramData\BroWse2ssave
    Folder Deleted : C:\ProgramData\seuref aand, kieEp
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BroWse2ssave
    Folder Deleted : C:\Program Files\AVG SafeGuard toolbar
    Folder Deleted : C:\Program Files\Sk-Enhancer
    Folder Deleted : C:\Program Files\YoutubeAdblocker
    Folder Deleted : C:\Program Files\seuref aand, kieEp
    Folder Deleted : C:\Windows\system32\hotspot shield
    Folder Deleted : C:\Users\user\AppData\Local\Bundled software uninstaller
    Folder Deleted : C:\Users\user\AppData\Local\Hotspot_Shield
    Folder Deleted : C:\Users\user\AppData\Local\PackageAware
    Folder Deleted : C:\Users\user\AppData\Local\torch
    Folder Deleted : C:\Users\user\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\user\AppData\LocalLow\Delta
    Folder Deleted : C:\Users\user\AppData\LocalLow\Hotspot_Shield
    Folder Deleted : C:\Users\user\AppData\LocalLow\Search-NewTab
    Folder Deleted : C:\Users\user\AppData\LocalLow\searchresultstb
    Folder Deleted : C:\Users\user\AppData\LocalLow\Browse2sauVe
    Folder Deleted : C:\Users\user\AppData\LocalLow\BroWse2ssave
    Folder Deleted : C:\Users\user\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
    Folder Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\11fvek9h.default\Extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca}
    Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
    Folder Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\11fvek9h.default\Extensions\firefox@lemurleap.info
    Folder Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\11fvek9h.default\Extensions\f_yyy@jfxbaaiou.com
    Folder Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\11fvek9h.default\Extensions\tstokjwprb@o-l.co.uk
    Folder Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\11fvek9h.default\Extensions\yesscript@userstyles.org
    Folder Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\11fvek9h.default\Extensions\y_1fnjyk@zj-gxxorc.edu
    Folder Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4vp1jsjf.default\Extensions\staged
    Folder Deleted : C:\Users\daveleonard\AppData\Roaming\Mozilla\Firefox\Profiles\fnbc3vqd.default\Extensions\ouyikczt@yieayio.co.uk
    Folder Deleted : C:\Users\daveleonard\AppData\Roaming\Mozilla\Firefox\Profiles\fnbc3vqd.default\Extensions\oyaiivd@e-bv.net
    Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccncljhbalbbkkfgopogabimepmfkmff
    Folder Deleted : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd
    Folder Deleted : C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd
    File Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\11fvek9h.default\bprotector_extensions.sqlite
    File Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\11fvek9h.default\bprotector_prefs.js
    File Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\11fvek9h.default\invalidprefs.js
    File Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4vp1jsjf.default\user.js

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{442718d9-475e-452a-b3e1-fb1ee16b8e9f}]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6186A9D6-4297-4D00-BDE5-27CBB4F11DED}
    [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6186A9D6-4297-4D00-BDE5-27CBB4F11DED}
    Key Deleted : HKCU\Software\Classes\pokki
    Key Deleted : HKLM\SOFTWARE\Classes\d
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BatBrowse_Setup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BatBrowse_Setup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BatBrowseSetup_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BatBrowseSetup_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateBatBrowse_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateWebSparkle_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateWebSparkle_RASMANCS
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin
    Key Deleted : HKLM\SOFTWARE\5a4dddeb16aea45
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{15A0413E-9F45-4D45-9A75-2C20B15B5B51}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{42D79B50-CC4A-4A8E-860F-BE674AF053A2}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15A0413E-9F45-4D45-9A75-2C20B15B5B51}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211}
    Key Deleted : HKCU\Software\UpdateStar
    Key Deleted : HKLM\Software\SProtector
    Key Deleted : HKLM\Software\Uniblue
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A35CA8FF-CB7D-8361-1CB9-83219CD11C78}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v8.0.7601.17514


    -\\ Mozilla Firefox v25.0.1 (en-US)

    [ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\11fvek9h.default\prefs.js ]

    Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
    Line Deleted : user_pref("aol_toolbar.default.search.check", false);
    Line Deleted : user_pref("browser.search.defaultthis.engineName", "Hotspot Shield Customized Web Search");
    Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&CUI=UN42029947292322012&UM=1&SearchSource=3&q={searchTerms}");

    [ File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\4vp1jsjf.default\prefs.js ]


    [ File : C:\Users\daveleonard\AppData\Roaming\Mozilla\Firefox\Profiles\fnbc3vqd.default\prefs.js ]

    Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
    Line Deleted : user_pref("aol_toolbar.default.search.check", false);

    -\\ Google Chrome v31.0.1650.63

    [ File : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    [ File : C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : search_url
    Deleted : suggest_url
    Deleted : homepage
    Deleted : urls_to_restore_on_startup

    *************************

    AdwCleaner[R0].txt - [11225 octets] - [12/12/2013 06:53:03]
    AdwCleaner[S0].txt - [9037 octets] - [12/12/2013 06:54:13]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9097 octets
     
  8. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    104
    Location:
    Mambajao, Philippines
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-12-2013
    Ran by daveleonard at 2013-12-12 07:07:26
    Running from C:\Users\daveleonard\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

    ==================== Installed Programs ======================

    Adobe AIR (Version: 3.9.0.1030)
    Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
    Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
    Adobe Reader XI (11.0.05) (Version: 11.0.05)
    Apple Application Support (Version: 1.5.1)
    Apple Software Update (Version: 2.1.3.127)
    avast! Free Antivirus (Version: 9.0.2008)
    Dashlane (HKCU Version: 2.3.1.52112)
    Duplicate Cleaner Free 3.2.1 (Version: 3.2.1)
    Eusing Free Registry Cleaner
    File Shredder 2.5
    FlashPeak SlimBrowser (Version: 7.00.063)
    Google Chrome (Version: 31.0.1650.63)
    Google Update Helper (Version: 1.3.22.3)
    Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2869)
    iWisoft Flash SWF to Video Converter 3.5 (Version: 3.5.0)
    iWisoft Free Video Downloader 2.1 (Version: 2.1)
    Java 7 Update 45 (Version: 7.0.450)
    Java Auto Updater (Version: 2.1.9.8)
    JavaFX 2.1.1 (Version: 2.1.1)
    Learning Essentials for Microsoft Office (Version: 2.0)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Security Client (Version: 4.2.0223.1)
    Microsoft Security Essentials (Version: 4.2.223.1)
    Microsoft Student 2007 for Learning Essentials
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
    Mozilla Maintenance Service (Version: 25.0.1)
    MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
    MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
    Privacy Mantra 3.00
    RealDownloader (Version: 1.3.3)
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
    RealPlayer (Version: 16.0.3)
    RealUpgrade 1.1 (Version: 1.1.0)
    Should I Remove It (HKCU Version: 1.0.4)
    Should I Remove It (Version: 1.0.4)
    Smart Bro (Version: 11.300.05.05.238)
    System Requirements Lab for Intel (Version: 4.5.13.0)
    VLC media player 2.1.1 (Version: 2.1.1)
    WinRAR 5.00 beta 6 (32-bit) (Version: 5.00.6)

    ==================== Restore Points =========================

    10-12-2013 00:16:43 Windows Update
    10-12-2013 09:59:32 Uniblue SpeedUpMyPC installation
    11-12-2013 02:30:47 Installed Should I Remove It
    11-12-2013 02:34:41 Removed Uninstall Helper

    ==================== Hosts content: ==========================

    2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {066E1AA5-88EC-4E88-B7DC-0302BC466AB3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4037858357-1239057611-1412149812-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {0FCC8DDE-1D9A-4E87-9307-DEE5453589DA} - System32\Tasks\{382E0B43-A968-4780-B1E4-D4CA0BBF9056} => Firefox.exe
    Task: {13D1AC8B-A0E3-4320-82C0-81D7E8B55DDC} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4037858357-1239057611-1412149812-1090 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {160A5E5A-4662-4329-BAD2-33A835BBD944} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4037858357-1239057611-1412149812-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {18708595-CE03-43C6-8DC9-015A38BAD76B} - System32\Tasks\EpicUpdateTaskUserS-1-5-21-4037858357-1239057611-1412149812-1000UA => C:\Users\user\AppData\Local\Epic\Update\EpicUpdate.exe [2013-11-06] (Epic)
    Task: {194B7799-5361-47E8-9588-65DA2BC9309E} - System32\Tasks\{2D38F4EA-F14A-4759-A924-A9AFD09384EB} => C:\Program Files\Smart Bro\Smart Bro.exe [2013-10-15] ()
    Task: {1E38B7B9-AF38-4B7A-9FFB-5824B0CC54C5} - System32\Tasks\{C65E5835-5E6D-43B4-8B67-A36F80CBA093} => C:\Program Files\MP3 Rocket\MP3Rocket.exe
    Task: {215E9B54-E7F7-42B3-9256-79D8D6498794} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4037858357-1239057611-1412149812-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {341D7A46-26B3-42C3-B9B0-858E4A898360} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4037858357-1239057611-1412149812-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {44E2D19C-6250-4645-B847-6B1280A8F79B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)
    Task: {50F01694-DEA8-4D74-8EBC-ED155AE8C285} - System32\Tasks\{74960038-3BA0-46D5-8EED-9661758F8687} => Firefox.exe
    Task: {59B92B3A-16B5-465B-ADCF-02923EDFAA9A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4037858357-1239057611-1412149812-1090 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {72AF3B94-F562-4FC8-B9EC-1F88B11413A2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-03] (AVAST Software)
    Task: {7469700C-AFA1-48F6-AE86-1B235E7448CB} - System32\Tasks\EpicUpdateTaskUserS-1-5-21-4037858357-1239057611-1412149812-1000Core => C:\Users\user\AppData\Local\Epic\Update\EpicUpdate.exe [2013-11-06] (Epic)
    Task: {7DAF857F-A2CD-42DA-BD6E-66E4AC1680EE} - System32\Tasks\{E92E3DFD-C48C-4687-A2C0-D4B7050305A0} => C:\Program Files\Smart Bro\Smart Bro.exe [2013-10-15] ()
    Task: {8CC1DE3A-C7A2-4224-AA9C-55FE8674531B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4037858357-1239057611-1412149812-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {8F55DC22-5ECB-43CE-8007-794AA0434845} - System32\Tasks\{CEC28F45-1F24-437E-9ED1-A446126E11FE} => Firefox.exe
    Task: {9672D53C-1255-46FE-9572-1293C55EF52E} - System32\Tasks\{4F894E55-9D3F-4C38-A8D9-290BEDB6F32D} => Firefox.exe
    Task: {96B14F5F-CF63-4E67-8542-25105A090B94} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4037858357-1239057611-1412149812-1090 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {9F392FDF-88E5-4509-AA18-D2ECE33461EC} - System32\Tasks\ReclaimerUpdateXML_daveleonard => C:\Users\daveleonard\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-27] (RealNetworks, Inc.)
    Task: {A3C629A5-3AE4-4F2B-ADAE-65317D0A8DB7} - System32\Tasks\Maxthon Update => H:\Bin\mxup.exe
    Task: {A8E37BB0-2F41-425A-9985-A04C1FF6BBEE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
    Task: {A91A4ED4-738E-49DD-B5EF-0D885A40F33E} - System32\Tasks\{AAFF1E23-54E2-4689-8B98-4DE0B5CD9CB7} => Firefox.exe
    Task: {A9CD2EE5-7E84-4C6A-A81E-597861A89282} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4037858357-1239057611-1412149812-1090 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {AE2BCFF7-635A-4C24-987B-A810E449AA2D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
    Task: {C860D97F-FA08-4F14-B2FA-82F391F4BF91} - System32\Tasks\{72AE7736-5B0E-4B3C-8DAC-83C03BBB42AE} => Chrome.exe
    Task: {CB66C55E-0AF4-4ABE-A2BE-0451EDBA6853} - System32\Tasks\{1A627ECC-9CE4-4027-8AB0-374ABCB5961A} => C:\Program Files\Free USB Disk Security\USBSecurity.exe
    Task: {CE388E4D-1C8E-4691-AC7A-D61714E68608} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)
    Task: {D61009DE-C8AA-47CD-9F1F-446A2639F88E} - System32\Tasks\{11015A2C-1A02-48E8-A923-F7A6B710C02E} => C:\Program Files\Smart Bro\Smart Bro.exe [2013-10-15] ()
    Task: {D7A77A93-DC75-45F7-8B12-8678077F40CB} - System32\Tasks\{2FC1FF99-8DD8-4054-A077-9D4CB2877353} => Chrome.exe
    Task: {F662BBB5-8DDD-491C-A5E9-F46E5433B079} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4037858357-1239057611-1412149812-1090 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\EpicUpdateTaskUserS-1-5-21-4037858357-1239057611-1412149812-1000Core.job => C:\Users\user\AppData\Local\Epic\Update\EpicUpdate.exe
    Task: C:\Windows\Tasks\EpicUpdateTaskUserS-1-5-21-4037858357-1239057611-1412149812-1000UA.job => C:\Users\user\AppData\Local\Epic\Update\EpicUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-12-03 13:48 - 2013-12-03 13:48 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2013-12-06 23:18 - 2013-12-06 23:18 - 00218296 _____ () C:\Users\daveleonard\AppData\Roaming\Dashlane\2.3.1.52112\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.3.1.52112.dll
    2013-12-06 23:18 - 2013-12-06 23:18 - 00361144 _____ () C:\Users\daveleonard\AppData\Roaming\Dashlane\2.3.1.52112\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.3.1.52112.dll
    2013-12-06 23:18 - 2013-12-06 23:18 - 00416440 _____ () C:\Users\daveleonard\AppData\Roaming\Dashlane\2.3.1.52112\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.3.1.52112.dll
    2013-12-06 23:18 - 2013-12-06 23:18 - 28040888 _____ () C:\Users\daveleonard\AppData\Roaming\Dashlane\2.3.1.52112\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.3.1.52112.dll
    2013-12-06 23:18 - 2013-12-06 23:18 - 00264376 _____ () C:\Users\daveleonard\AppData\Roaming\Dashlane\2.3.1.52112\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.3.1.52112.dll
    2013-12-06 23:18 - 2013-12-06 23:18 - 04798648 _____ () C:\Users\daveleonard\AppData\Roaming\Dashlane\2.3.1.52112\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.3.1.52112.dll
    2013-12-06 23:18 - 2013-12-06 23:18 - 04221624 _____ () C:\Users\daveleonard\AppData\Roaming\Dashlane\2.3.1.52112\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.3.1.52112.dll
    2013-10-15 07:50 - 2007-08-23 16:39 - 00014848 ____R () C:\Program Files\Smart Bro\isaputrace.dll
    2013-10-15 07:50 - 2008-11-08 14:10 - 00098304 _____ () C:\Program Files\Smart Bro\DeviceMgrPlugin.dll
    2013-10-15 07:50 - 2008-11-08 14:07 - 00118784 _____ () C:\Program Files\Smart Bro\NetInfoPlugin.dll
    2013-10-15 07:50 - 2008-11-08 14:04 - 00090112 _____ () C:\Program Files\Smart Bro\DialUpPlugin.dll
    2013-10-15 07:50 - 2008-11-08 14:11 - 00057344 _____ () C:\Program Files\Smart Bro\ConfigFilePlugin.dll
    2013-10-15 07:50 - 2008-11-08 13:52 - 00860160 _____ () C:\Program Files\Smart Bro\NDISAPI.dll
    2013-10-15 07:50 - 2008-11-08 15:15 - 00151552 ____R () C:\Program Files\Smart Bro\DetectDev.dll
    2013-10-15 07:50 - 2008-11-08 15:15 - 00552960 ____R () C:\Program Files\Smart Bro\atcomm.dll
    2013-10-15 07:50 - 2008-11-08 15:15 - 00061440 ____R () C:\Program Files\Smart Bro\XCodec.dll
    2013-10-15 07:50 - 2008-11-08 15:15 - 00061440 ____R () C:\Program Files\Smart Bro\DeviceOperate.dll
    2013-10-15 07:50 - 2008-11-08 14:16 - 00135168 _____ () C:\Program Files\Smart Bro\LocaleMgrPlugin.dll
    2013-10-15 07:50 - 2008-11-08 14:14 - 00032768 _____ () C:\Program Files\Smart Bro\NotifyServicePlugin.dll
    2013-10-15 07:50 - 2008-11-08 14:02 - 00159744 _____ () C:\Program Files\Smart Bro\DeviceMgrUIPlugin.dll
    2013-10-15 07:50 - 2007-07-31 15:50 - 00090112 ____R () C:\Program Files\Smart Bro\FileManager.dll
    2013-10-15 07:50 - 2008-11-08 14:15 - 00159744 _____ () C:\Program Files\Smart Bro\SMSPlugin.dll
    2013-12-06 13:59 - 2013-12-04 10:47 - 00702416 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
    2013-12-06 13:59 - 2013-12-04 10:47 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
    2013-12-06 14:00 - 2013-12-04 10:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
    2013-12-06 14:00 - 2013-12-04 10:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
    2013-12-06 13:59 - 2013-12-04 10:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
    2013-08-14 15:25 - 2013-08-14 15:25 - 00084992 _____ () C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Hook\rndlpepperbrowserrecordhelper.dll
    2013-12-06 14:00 - 2013-12-04 10:48 - 13586896 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

    ==================== Safe Mode (whitelisted) ===================


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/12/2013 06:58:41 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/12/2013 06:57:09 AM) (Source: Winlogon) (User: )
    Description: Windows license activation failed. Error 0x80070005.


    System errors:
    =============

    Microsoft Office Sessions:
    =========================
    Error: (11/18/2013 07:19:43 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 170029 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (11/07/2013 03:25:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.


    ==================== Memory info ===========================

    Percentage of memory in use: 46%
    Total physical RAM: 1977.98 MB
    Available physical RAM: 1049.89 MB
    Total Pagefile: 3955.95 MB
    Available Pagefile: 2742.02 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1892 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:99.97 GB) (Free:75.82 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: () (Fixed) (Total:132.81 GB) (Free:126.72 GB) NTFS
    Drive f: (Smart Bro) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
    Drive h: () (Removable) (Total:15.03 GB) (Free:6.98 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: CE6DCE6D)
    Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=133 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (Size: 15 GB) (Disk ID: 00000000)
    Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)

    ==================== End Of Log ============================
     
  9. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    104
    Location:
    Mambajao, Philippines
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2013
    Ran by daveleonard (administrator) on USER-PC on 12-12-2013 07:11:05
    Running from C:\Users\daveleonard\Downloads
    Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    ==================== Processes (Whitelisted) ===================

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    () C:\Users\daveleonard\AppData\Roaming\Dashlane\Dashlane.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    () C:\Program Files\Smart Bro\Smart Bro.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
    HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
    HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\d04060ab-283e-4576-b8a4-b81965e3da0a.exe [180184 2013-11-24] (AVAST Software)
    HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-12-01] (RealNetworks, Inc.)
    HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-03] (AVAST Software)
    HKCU\...\Run: [Dashlane] - C:\Users\daveleonard\AppData\Roaming\Dashlane\Dashlane.exe [277688 2013-12-06] ()
    MountPoints2: {7cea702b-34d5-11e3-a92d-002622822d46} - F:\AutoRun.exe
    HKU\user\...\Run: [Dashlane] - C:\Users\user\AppData\Roaming\Dashlane\Dashlane.exe [ 2013-10-21] ()
    HKU\user\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [ 2009-07-14] (Microsoft Corporation)
    HKU\user\...\Run: [Epic Update] - C:\Users\user\AppData\Local\Epic\Update\EpicUpdate.exe [ 2013-11-06] (Epic)
    Startup: C:\Users\daveleonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
    URLSearchHook: HKLM - (No Name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
    SearchScopes: HKLM - DefaultScope value is missing.
    BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - No File
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - PasswordBox - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No File
    Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Tcpip\..\Interfaces\{5C1A658A-2389-4DE7-9E8C-7B6441A0C120}: [NameServer]121.1.3.172 121.1.3.89

    FireFox:
    ========
    FF ProfilePath: C:\Users\daveleonard\AppData\Roaming\Mozilla\Firefox\Profiles\fnbc3vqd.default
    FF Homepage: about:home
    FF Keyword.URL: user_pref("keyword.URL", "");
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
    FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com
    CHR RestoreOnStartup: "hxxp://www.google.com"
    CHR DefaultSearchKeyword: askws
    CHR DefaultSearchProvider: Ask.com
    CHR DefaultSearchURL: http://search.tb.ask.com/search/GGm...X^xdm022^YYA^ph&si=CLThkMrplbsCFUUF4god9nkA0A
    CHR DefaultNewTabURL:
    CHR Extension: (Google Docs) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
    CHR Extension: (Google Drive) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
    CHR Extension: (YouTube) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Google Search) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (RadioRage) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjngjhikmffiafannjcjkdediacimkmk\5.53.2.56344_0
    CHR Extension: (JavaScript Editey) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkihmgfcedmdoaogcjdljeeacngbhinc\1.37_0
    CHR Extension: (RealDownloader) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0
    CHR Extension: (YoutubeAdblocker) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmanghmdghodnmpmkgidckblpijeabi\1.0
    CHR Extension: (JavaScript Compression Tool) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioedocnocclgpmbkhbaopeapakehljhd\1.0_0
    CHR Extension: (surfi Andd keeep) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkfmhmahbdogdlhaolbopadcljhanok\2.19
    CHR Extension: (Google Wallet) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
    CHR Extension: (SearchNewTab) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\okjmjobeeacgommpeplfnpmhdgbhekal\1.0
    CHR Extension: (Gmail) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ========================== Services (Whitelisted) =================

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-03] (AVAST Software)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-28] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-28] (Microsoft Corporation)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

    ==================== Drivers (Whitelisted) ====================

    R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-03] (AVAST Software)
    R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21576 2013-08-30] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-03] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-03] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-12-03] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-03] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-03] (AVAST Software)
    R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-03] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-12-03] ()
    S3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2008-12-30] (Huawei Technologies Co., Ltd.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-21] (Microsoft Corporation)
    S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [34016 2012-10-29] (The OpenVPN Project)
    S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [33728 2013-05-29] (Spotflux, Inc.)
    S3 taphss6; system32\DRIVERS\taphss6.sys [x]
    S3 VGPU; System32\drivers\rdvgkmd.sys [x]

    ==================== NetSvcs (Whitelisted) ===================
     
  10. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    104
    Location:
    Mambajao, Philippines
    Thanks folks, hope I did everything right. I tried my browser and no longer see css infospace on my searches. Thank you so much.
     
  11. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    104
    Location:
    Mambajao, Philippines
    Starbuck, I used all three cleaners. I did a search on all of my browsers. None showed the css infospace. But, one of my browsers would not do a search at all,
    Epic browser. So I removed Epic and installed a fresh program. Bingo, css infospace appeared again. Epic began working but always redirected to css infospace. Epic was the only program I downloaded since the clean. So far css infospace has not appeared on my other browsers. I think if I uninstall Epic that will do it. I reran all the cleaners again except JRT, it will no longer pull up and work.
     
  12. DSTM (Dougie)

    DSTM (Dougie) Retired CHF Staff

    Joined:
    May 3, 2009
    Messages:
    5,807
    Location:
    SYDNEY AUSTRALIA
    Hi Dave. Please don't uninstall/install any program, unless Starbuck asks you to while he is cleaning your computer.
    Starbuck is not finished yet. Starbuck works and will be back soon with further instructions.
    Thanks.:)
     
  13. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    104
    Location:
    Mambajao, Philippines
    OOPS, my bad. Won't happen again. I appreciate your help and look forward to hearing from Starbuck.
     
  14. starbuck

    starbuck MALWARE REMOVAL SPECIALIST - SUPER MODERATOR Super Moderators

    Joined:
    Sep 26, 2009
    Messages:
    1,900
    Location:
    Midlands, UK
    Hi Dave,

    DSTM is right about installing /uninstalling programs until we have finished. (unless we ask you to )
    This is because if you run required scans and then install/uninstall programs.... the reports generated don't give a true picture of your system.
    This can then lead to confusion.

    That's a nice big chunk of Adware removed. :)

    Well it's not a browser that i would ever use.
    If you want to have a higher assurance of privacy, you shouldn’t use Epic Browser as it's supported by essentially a form of advertising.
    I recommend you uninstall it.

    Step 1
    It is not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials or Avast.
    The choice is yours.


    Step 2
    Unfortunately the main FRST report was cut off.... i can't see the whole report.
    Instead of posting the report again, please run another scan using FRST.
    This will give us an up to date look at your system after the removals.

    The Addition.txt is only produced by default on a first run..... so to get the extra report make sure that you put a tick against Addition.txt before clicking the scan button.
    Then post both of the new reports when completed.

    Thanks
     
  15. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    104
    Location:
    Mambajao, Philippines
    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-12-2013 03
    Ran by daveleonard at 2013-12-13 08:10:49
    Running from C:\Users\daveleonard\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

    ==================== Installed Programs ======================

    Adobe AIR (Version: 3.9.0.1030)
    Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
    Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
    Adobe Reader XI (11.0.05) (Version: 11.0.05)
    Apple Application Support (Version: 1.5.1)
    Apple Software Update (Version: 2.1.3.127)
    avast! Free Antivirus (Version: 9.0.2008)
    Dashlane (HKCU Version: 2.3.1.52112)
    Duplicate Cleaner Free 3.2.1 (Version: 3.2.1)
    Eusing Free Registry Cleaner
    File Shredder 2.5
    FlashPeak SlimBrowser (Version: 7.00.063)
    Google Chrome (Version: 31.0.1650.63)
    Google Update Helper (Version: 1.3.22.3)
    Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2869)
    iWisoft Flash SWF to Video Converter 3.5 (Version: 3.5.0)
    iWisoft Free Video Downloader 2.1 (Version: 2.1)
    Java 7 Update 45 (Version: 7.0.450)
    Java Auto Updater (Version: 2.1.9.8)
    JavaFX 2.1.1 (Version: 2.1.1)
    Learning Essentials for Microsoft Office (Version: 2.0)
    Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
    Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
    Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
    Microsoft Security Essentials (Version: 4.2.223.1)
    Microsoft Student 2007 for Learning Essentials
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
    Mozilla Maintenance Service (Version: 25.0.1)
    MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
    MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
    Privacy Mantra 3.00
    RealDownloader (Version: 1.3.3)
    RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
    RealPlayer (Version: 16.0.3)
    RealUpgrade 1.1 (Version: 1.1.0)
    Should I Remove It (HKCU Version: 1.0.4)
    Should I Remove It (Version: 1.0.4)
    Smart Bro (Version: 11.300.05.05.238)
    System Requirements Lab for Intel (Version: 4.5.13.0)
    VLC media player 2.1.1 (Version: 2.1.1)
    WinRAR 5.00 beta 6 (32-bit) (Version: 5.00.6)

    ==================== Restore Points =========================

    10-12-2013 00:16:43 Windows Update
    10-12-2013 09:59:32 Uniblue SpeedUpMyPC installation
    11-12-2013 02:30:47 Installed Should I Remove It
    11-12-2013 02:34:41 Removed Uninstall Helper
    12-12-2013 00:10:12 Windows Backup

    ==================== Hosts content: ==========================

    2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {066E1AA5-88EC-4E88-B7DC-0302BC466AB3} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4037858357-1239057611-1412149812-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {0FCC8DDE-1D9A-4E87-9307-DEE5453589DA} - System32\Tasks\{382E0B43-A968-4780-B1E4-D4CA0BBF9056} => Firefox.exe
    Task: {13D1AC8B-A0E3-4320-82C0-81D7E8B55DDC} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4037858357-1239057611-1412149812-1090 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {160A5E5A-4662-4329-BAD2-33A835BBD944} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4037858357-1239057611-1412149812-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {18708595-CE03-43C6-8DC9-015A38BAD76B} - System32\Tasks\EpicUpdateTaskUserS-1-5-21-4037858357-1239057611-1412149812-1000UA => C:\Users\user\AppData\Local\Epic\Update\EpicUpdate.exe [2013-11-06] (Epic)
    Task: {194B7799-5361-47E8-9588-65DA2BC9309E} - System32\Tasks\{2D38F4EA-F14A-4759-A924-A9AFD09384EB} => C:\Program Files\Smart Bro\Smart Bro.exe [2013-10-15] ()
    Task: {1E38B7B9-AF38-4B7A-9FFB-5824B0CC54C5} - System32\Tasks\{C65E5835-5E6D-43B4-8B67-A36F80CBA093} => C:\Program Files\MP3 Rocket\MP3Rocket.exe
    Task: {215E9B54-E7F7-42B3-9256-79D8D6498794} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4037858357-1239057611-1412149812-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {341D7A46-26B3-42C3-B9B0-858E4A898360} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4037858357-1239057611-1412149812-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {44E2D19C-6250-4645-B847-6B1280A8F79B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)
    Task: {50F01694-DEA8-4D74-8EBC-ED155AE8C285} - System32\Tasks\{74960038-3BA0-46D5-8EED-9661758F8687} => Firefox.exe
    Task: {59B92B3A-16B5-465B-ADCF-02923EDFAA9A} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4037858357-1239057611-1412149812-1090 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {72AF3B94-F562-4FC8-B9EC-1F88B11413A2} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-03] (AVAST Software)
    Task: {7469700C-AFA1-48F6-AE86-1B235E7448CB} - System32\Tasks\EpicUpdateTaskUserS-1-5-21-4037858357-1239057611-1412149812-1000Core => C:\Users\user\AppData\Local\Epic\Update\EpicUpdate.exe [2013-11-06] (Epic)
    Task: {7DAF857F-A2CD-42DA-BD6E-66E4AC1680EE} - System32\Tasks\{E92E3DFD-C48C-4687-A2C0-D4B7050305A0} => C:\Program Files\Smart Bro\Smart Bro.exe [2013-10-15] ()
    Task: {8CC1DE3A-C7A2-4224-AA9C-55FE8674531B} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-4037858357-1239057611-1412149812-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {8F55DC22-5ECB-43CE-8007-794AA0434845} - System32\Tasks\{CEC28F45-1F24-437E-9ED1-A446126E11FE} => Firefox.exe
    Task: {9672D53C-1255-46FE-9572-1293C55EF52E} - System32\Tasks\{4F894E55-9D3F-4C38-A8D9-290BEDB6F32D} => Firefox.exe
    Task: {96B14F5F-CF63-4E67-8542-25105A090B94} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-4037858357-1239057611-1412149812-1090 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {9F392FDF-88E5-4509-AA18-D2ECE33461EC} - System32\Tasks\ReclaimerUpdateXML_daveleonard => C:\Users\daveleonard\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.70\agent\rnupgagent.exe [2013-11-27] (RealNetworks, Inc.)
    Task: {A3C629A5-3AE4-4F2B-ADAE-65317D0A8DB7} - System32\Tasks\Maxthon Update => H:\Bin\mxup.exe
    Task: {A8E37BB0-2F41-425A-9985-A04C1FF6BBEE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
    Task: {A91A4ED4-738E-49DD-B5EF-0D885A40F33E} - System32\Tasks\{AAFF1E23-54E2-4689-8B98-4DE0B5CD9CB7} => Firefox.exe
    Task: {A9CD2EE5-7E84-4C6A-A81E-597861A89282} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4037858357-1239057611-1412149812-1090 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: {AE2BCFF7-635A-4C24-987B-A810E449AA2D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-02] (Apple Inc.)
    Task: {C860D97F-FA08-4F14-B2FA-82F391F4BF91} - System32\Tasks\{72AE7736-5B0E-4B3C-8DAC-83C03BBB42AE} => Chrome.exe
    Task: {CB66C55E-0AF4-4ABE-A2BE-0451EDBA6853} - System32\Tasks\{1A627ECC-9CE4-4027-8AB0-374ABCB5961A} => C:\Program Files\Free USB Disk Security\USBSecurity.exe
    Task: {CE388E4D-1C8E-4691-AC7A-D61714E68608} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-10] (Google Inc.)
    Task: {D61009DE-C8AA-47CD-9F1F-446A2639F88E} - System32\Tasks\{11015A2C-1A02-48E8-A923-F7A6B710C02E} => C:\Program Files\Smart Bro\Smart Bro.exe [2013-10-15] ()
    Task: {D7A77A93-DC75-45F7-8B12-8678077F40CB} - System32\Tasks\{2FC1FF99-8DD8-4054-A077-9D4CB2877353} => Chrome.exe
    Task: {F662BBB5-8DDD-491C-A5E9-F46E5433B079} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4037858357-1239057611-1412149812-1090 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2013-08-14] (RealNetworks, Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\EpicUpdateTaskUserS-1-5-21-4037858357-1239057611-1412149812-1000Core.job => C:\Users\user\AppData\Local\Epic\Update\EpicUpdate.exe
    Task: C:\Windows\Tasks\EpicUpdateTaskUserS-1-5-21-4037858357-1239057611-1412149812-1000UA.job => C:\Users\user\AppData\Local\Epic\Update\EpicUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2013-12-03 13:48 - 2013-12-03 13:48 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2013-12-06 23:18 - 2013-12-06 23:18 - 00218296 _____ () C:\Users\daveleonard\AppData\Roaming\Dashlane\2.3.1.52112\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.2.3.1.52112.dll
    2013-12-06 23:18 - 2013-12-06 23:18 - 00361144 _____ () C:\Users\daveleonard\AppData\Roaming\Dashlane\2.3.1.52112\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.2.3.1.52112.dll
    2013-12-06 23:18 - 2013-12-06 23:18 - 00416440 _____ () C:\Users\daveleonard\AppData\Roaming\Dashlane\2.3.1.52112\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.2.3.1.52112.dll
    2013-12-06 23:18 - 2013-12-06 23:18 - 28040888 _____ () C:\Users\daveleonard\AppData\Roaming\Dashlane\2.3.1.52112\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.2.3.1.52112.dll
    2013-12-06 23:18 - 2013-12-06 23:18 - 00264376 _____ () C:\Users\daveleonard\AppData\Roaming\Dashlane\2.3.1.52112\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.2.3.1.52112.dll
    2013-12-06 23:18 - 2013-12-06 23:18 - 04798648 _____ () C:\Users\daveleonard\AppData\Roaming\Dashlane\2.3.1.52112\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.2.3.1.52112.dll
    2013-12-06 23:18 - 2013-12-06 23:18 - 04221624 _____ () C:\Users\daveleonard\AppData\Roaming\Dashlane\2.3.1.52112\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.2.3.1.52112.dll
    2013-10-15 07:50 - 2007-08-23 16:39 - 00014848 ____R () C:\Program Files\Smart Bro\isaputrace.dll
    2013-10-15 07:50 - 2008-11-08 14:10 - 00098304 _____ () C:\Program Files\Smart Bro\DeviceMgrPlugin.dll
    2013-10-15 07:50 - 2008-11-08 14:07 - 00118784 _____ () C:\Program Files\Smart Bro\NetInfoPlugin.dll
    2013-10-15 07:50 - 2008-11-08 14:04 - 00090112 _____ () C:\Program Files\Smart Bro\DialUpPlugin.dll
    2013-10-15 07:50 - 2008-11-08 14:11 - 00057344 _____ () C:\Program Files\Smart Bro\ConfigFilePlugin.dll
    2013-10-15 07:50 - 2008-11-08 13:52 - 00860160 _____ () C:\Program Files\Smart Bro\NDISAPI.dll
    2013-10-15 07:50 - 2008-11-08 15:15 - 00151552 ____R () C:\Program Files\Smart Bro\DetectDev.dll
    2013-10-15 07:50 - 2008-11-08 15:15 - 00552960 ____R () C:\Program Files\Smart Bro\atcomm.dll
    2013-10-15 07:50 - 2008-11-08 15:15 - 00061440 ____R () C:\Program Files\Smart Bro\XCodec.dll
    2013-10-15 07:50 - 2008-11-08 15:15 - 00061440 ____R () C:\Program Files\Smart Bro\DeviceOperate.dll
    2013-10-15 07:50 - 2008-11-08 14:16 - 00135168 _____ () C:\Program Files\Smart Bro\LocaleMgrPlugin.dll
    2013-10-15 07:50 - 2008-11-08 14:14 - 00032768 _____ () C:\Program Files\Smart Bro\NotifyServicePlugin.dll
    2013-10-15 07:50 - 2008-11-08 14:02 - 00159744 _____ () C:\Program Files\Smart Bro\DeviceMgrUIPlugin.dll
    2013-10-15 07:50 - 2007-07-31 15:50 - 00090112 ____R () C:\Program Files\Smart Bro\FileManager.dll
    2013-10-15 07:50 - 2008-11-08 14:15 - 00159744 _____ () C:\Program Files\Smart Bro\SMSPlugin.dll
    2013-12-06 13:59 - 2013-12-04 10:47 - 00702416 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
    2013-12-06 13:59 - 2013-12-04 10:47 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
    2013-12-06 14:00 - 2013-12-04 10:48 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
    2013-12-06 14:00 - 2013-12-04 10:48 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
    2013-12-06 13:59 - 2013-12-04 10:47 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
    2013-08-14 15:25 - 2013-08-14 15:25 - 00084992 _____ () C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Hook\rndlpepperbrowserrecordhelper.dll
    2013-12-06 14:00 - 2013-12-04 10:48 - 13586896 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
    2013-10-17 07:27 - 2012-11-09 05:02 - 01752576 _____ () C:\Program Files\File Shredder\fsshell.dll
    2013-11-06 18:33 - 2013-11-13 11:39 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
    2013-12-06 23:18 - 2013-12-06 23:18 - 00224952 _____ () C:\Users\daveleonard\AppData\Roaming\Dashlane\2.3.1.52112\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Dashlanef_250.2.3.1.52112.dll
    2013-12-06 23:18 - 2013-12-06 23:18 - 12249272 _____ () C:\Users\daveleonard\AppData\Roaming\Dashlane\2.3.1.52112\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.2.3.1.52112.dll
    2013-12-06 23:18 - 2013-12-06 23:18 - 01920696 _____ () C:\Users\daveleonard\AppData\Roaming\Dashlane\2.3.1.52112\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.2.3.1.52112.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\TEMP:AD022376

    ==================== Safe Mode (whitelisted) ===================


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/13/2013 07:20:51 AM) (Source: RasClient) (User: )
    Description: CoId={560B2456-37E6-40AB-BDDC-6656EE828B26}: The user user-PC\daveleonard dialed a connection named SmartBro which has failed. The error code returned on failure is 619.

    Error: (12/12/2013 04:13:26 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/12/2013 04:12:07 PM) (Source: Winlogon) (User: )
    Description: Windows license activation failed. Error 0x80070005.

    Error: (12/12/2013 04:08:59 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/12/2013 01:31:32 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
    Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
    Please use sxstrace.exe for detailed diagnosis.

    Error: (12/12/2013 09:44:06 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/12/2013 09:42:40 AM) (Source: Winlogon) (User: )
    Description: Windows license activation failed. Error 0x80070005.

    Error: (12/12/2013 06:58:41 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (12/12/2013 06:57:09 AM) (Source: Winlogon) (User: )
    Description: Windows license activation failed. Error 0x80070005.


    System errors:
    =============
    Error: (12/13/2013 07:20:21 AM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (12/13/2013 07:20:19 AM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (12/12/2013 05:43:20 PM) (Source: Disk) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (12/12/2013 04:07:46 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (12/12/2013 04:07:46 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (12/12/2013 04:07:46 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (12/12/2013 04:07:46 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (12/12/2013 04:07:46 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (12/12/2013 04:07:46 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068

    Error: (12/12/2013 04:07:46 PM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068


    Microsoft Office Sessions:
    =========================
    Error: (11/18/2013 07:19:43 AM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 170029 seconds with 0 seconds of active time. This session ended with a crash.

    Error: (11/07/2013 03:25:00 PM) (Source: Microsoft Office 12 Sessions)(User: )
    Description: ID: 13, Application Name: Microsoft Office OneNote, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.


    ==================== Memory info ===========================

    Percentage of memory in use: 53%
    Total physical RAM: 1977.98 MB
    Available physical RAM: 910.46 MB
    Total Pagefile: 3955.95 MB
    Available Pagefile: 2349.23 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1907.21 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:99.97 GB) (Free:74.94 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: () (Fixed) (Total:132.81 GB) (Free:126.72 GB) NTFS
    Drive f: (Smart Bro) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
    Drive h: () (Removable) (Total:7.28 GB) (Free:4.41 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: CE6DCE6D)
    Partition 1: (Active) - (Size=100 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=133 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
    Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

    ==================== End Of Log ============================
     
  16. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    104
    Location:
    Mambajao, Philippines
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-12-2013 03
    Ran by daveleonard (administrator) on USER-PC on 13-12-2013 08:09:42
    Running from C:\Users\daveleonard\Downloads
    Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    ==================== Processes (Whitelisted) ===================

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    (Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    () C:\Users\daveleonard\AppData\Roaming\Dashlane\Dashlane.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    () C:\Program Files\Smart Bro\Smart Bro.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\audiodg.exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
    HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
    HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\d04060ab-283e-4576-b8a4-b81965e3da0a.exe [180184 2013-11-24] (AVAST Software)
    HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295512 2013-12-01] (RealNetworks, Inc.)
    HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-03] (AVAST Software)
    HKCU\...\Run: [Dashlane] - C:\Users\daveleonard\AppData\Roaming\Dashlane\Dashlane.exe [277688 2013-12-06] ()
    HKCU\...\Run: [Epic Privacy Browser Update] - "C:\Users\daveleonard\AppData\Local\Epic Privacy Browser\Update\EpicUpdate.exe" /c
    MountPoints2: {7cea702b-34d5-11e3-a92d-002622822d46} - F:\AutoRun.exe
    HKU\user\...\Run: [Dashlane] - C:\Users\user\AppData\Roaming\Dashlane\Dashlane.exe [ 2013-10-21] ()
    HKU\user\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [ 2009-07-14] (Microsoft Corporation)
    HKU\user\...\Run: [Epic Update] - C:\Users\user\AppData\Local\Epic\Update\EpicUpdate.exe [ 2013-11-06] (Epic)
    Startup: C:\Users\daveleonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
    Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
    URLSearchHook: HKLM - (No Name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
    SearchScopes: HKLM - DefaultScope value is missing.
    BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - No File
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - PasswordBox - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No File
    Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
    Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Tcpip\..\Interfaces\{5C1A658A-2389-4DE7-9E8C-7B6441A0C120}: [NameServer]121.1.3.172 121.1.3.89

    FireFox:
    ========
    FF ProfilePath: C:\Users\daveleonard\AppData\Roaming\Mozilla\Firefox\Profiles\fnbc3vqd.default
    FF DefaultSearchEngine: Yahoo
    FF SelectedSearchEngine: Yahoo
    FF Homepage: about:home
    FF Keyword.URL: user_pref("keyword.URL", "");
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=3 - C:\Users\daveleonard\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File
    FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=9 - C:\Users\daveleonard\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File
    FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
    FF Extension: Kaspersky URL Advisor - C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
    FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com
    CHR RestoreOnStartup: "hxxp://www.google.com/"
    CHR DefaultSearchKeyword: askws
    CHR DefaultSearchProvider: Ask.com
    CHR DefaultSearchURL: http://search.tb.ask.com/search/GGm...X^xdm022^YYA^ph&si=CLThkMrplbsCFUUF4god9nkA0A
    CHR DefaultNewTabURL:
    CHR Extension: (Google Docs) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
    CHR Extension: (Google Drive) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
    CHR Extension: (YouTube) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
    CHR Extension: (Google Search) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
    CHR Extension: (RadioRage) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjngjhikmffiafannjcjkdediacimkmk\5.53.2.56344_0
    CHR Extension: (JavaScript Editey) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkihmgfcedmdoaogcjdljeeacngbhinc\1.37_0
    CHR Extension: (RealDownloader) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.3_0
    CHR Extension: (YoutubeAdblocker) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmanghmdghodnmpmkgidckblpijeabi\1.0
    CHR Extension: (JavaScript Compression Tool) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioedocnocclgpmbkhbaopeapakehljhd\1.0_0
    CHR Extension: (surfi Andd keeep) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkfmhmahbdogdlhaolbopadcljhanok\2.19
    CHR Extension: (Dashlane) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmpplnklgealmmnncbdpehifojcfomaf\1_0
    CHR Extension: (Google Wallet) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
    CHR Extension: (SearchNewTab) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\okjmjobeeacgommpeplfnpmhdgbhekal\1.0
    CHR Extension: (Gmail) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
    CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ========================== Services (Whitelisted) =================

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-03] (AVAST Software)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-28] (Microsoft Corporation)
    R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-28] (Microsoft Corporation)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

    ==================== Drivers (Whitelisted) ====================

    R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-03] (AVAST Software)
    R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21576 2013-08-30] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-03] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-03] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-12-03] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-03] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-03] (AVAST Software)
    R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-03] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-12-03] ()
    R3 hwusbfake; C:\Windows\System32\DRIVERS\ewusbfake.sys [103040 2008-12-30] (Huawei Technologies Co., Ltd.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-21] (Microsoft Corporation)
    S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [34016 2012-10-29] (The OpenVPN Project)
    S3 tapSF0901; C:\Windows\System32\DRIVERS\tapSF0901.sys [33728 2013-05-29] (Spotflux, Inc.)
    S3 taphss6; system32\DRIVERS\taphss6.sys [x]
    S3 VGPU; System32\drivers\rdvgkmd.sys [x]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-12-13 08:09 - 2013-12-13 08:10 - 00014606 _____ C:\Users\daveleonard\Downloads\FRST.txt
    2013-12-13 08:09 - 2013-12-13 08:09 - 00000000 ____D C:\Users\daveleonard\Downloads\FRST-OlderVersion
    2013-12-12 07:59 - 2013-12-12 07:59 - 00000000 ____D C:\ProgramData\Epic Privacy Browser
    2013-12-12 07:28 - 2013-12-12 07:28 - 00001098 _____ C:\Users\daveleonard\Desktop\FRST - Shortcut.lnk
    2013-12-12 07:27 - 2013-12-12 07:27 - 00001156 _____ C:\Users\daveleonard\Desktop\AdwCleaner - Shortcut.lnk
    2013-12-12 07:27 - 2013-12-12 07:27 - 00001087 _____ C:\Users\daveleonard\Desktop\JRT - Shortcut.lnk
    2013-12-12 07:05 - 2013-12-13 08:09 - 00000000 ____D C:\FRST
    2013-12-12 07:04 - 2013-12-13 08:09 - 01060839 _____ (Farbar) C:\Users\daveleonard\Downloads\FRST.exe
    2013-12-12 06:52 - 2013-12-12 16:10 - 00000000 ____D C:\AdwCleaner
    2013-12-12 06:44 - 2013-12-12 06:44 - 00000000 ____D C:\Windows\ERUNT
    2013-12-11 16:53 - 2013-12-11 16:53 - 00000000 _____ C:\Users\daveleonard\Documents_1131111_085312.dmp
    2013-12-11 16:51 - 2013-12-11 16:51 - 00001118 _____ C:\Users\daveleonard\Desktop\iWisoft Flash SWF to Video Converter.lnk
    2013-12-11 16:51 - 2013-12-11 16:51 - 00000000 ____D C:\Users\daveleonard\Documents\flash-swf-converter
    2013-12-11 16:51 - 2013-12-11 16:51 - 00000000 ____D C:\Program Files\iWisoft Flash SWF to Video Converter
    2013-12-11 16:51 - 2009-09-14 10:36 - 00758018 _____ C:\Windows\system32\xvidcore.dll
    2013-12-11 16:51 - 2008-12-04 21:46 - 00180224 _____ C:\Windows\system32\xvidvfw.dll
    2013-12-11 16:51 - 2008-10-08 10:16 - 00139264 _____ (http://www.xvid.org) C:\Windows\system32\xvid.ax
    2013-12-11 14:11 - 2013-12-11 14:11 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\Malwarebytes
    2013-12-11 14:11 - 2013-12-11 14:11 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-12-11 10:31 - 2013-12-11 10:31 - 00001191 _____ C:\Users\daveleonard\Desktop\Should I Remove It.lnk
    2013-12-11 10:31 - 2013-12-11 10:31 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
    2013-12-11 10:31 - 2013-12-11 10:31 - 00000000 ____D C:\Program Files\Reason
    2013-12-11 08:54 - 2013-12-11 08:54 - 00047200 _____ C:\Users\daveleonard\Documents_1131111_005444.dmp
    2013-12-11 08:54 - 2013-12-11 08:54 - 00000536 _____ C:\Users\daveleonard\Documents_1131111_005444_main.txt
    2013-12-10 17:38 - 2013-12-10 17:38 - 00000000 ____D C:\ProgramData\DivX
    2013-12-09 08:05 - 2013-12-09 08:06 - 00000000 ____D C:\Users\daveleonard\.android
    2013-12-09 08:02 - 2013-12-09 08:02 - 00000000 ____D C:\Users\daveleonard\Documents\Mobogenie
    2013-12-09 08:01 - 2013-12-11 10:40 - 00000000 ____D C:\Program Files\File Type Assistant
    2013-12-08 15:36 - 2013-12-08 15:36 - 00000000 ____D C:\Users\daveleonard\.swt
    2013-12-08 15:30 - 2013-12-09 09:40 - 00000000 ____D C:\Users\daveleonard\Incomplete
    2013-12-08 15:26 - 2013-12-11 14:42 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\MP3Rocket
    2013-12-06 13:36 - 2013-12-11 09:56 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\uTorrent
    2013-12-06 11:15 - 2013-12-06 11:15 - 00006805 _____ C:\Users\daveleonard\Desktop\Sys Info - Shortcut.lnk
    2013-12-05 08:22 - 2013-12-05 08:22 - 00000000 ____D C:\Users\daveleonard\AppData\Local\Macromedia
    2013-12-03 15:17 - 2013-12-03 15:17 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\AVAST Software
    2013-12-02 21:34 - 2013-12-02 21:34 - 00036378 _____ C:\Users\daveleonard\Documents_1131102_133402.dmp
    2013-12-01 18:24 - 2013-12-01 18:24 - 00001377 _____ C:\Users\Leonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2013-12-01 18:24 - 2013-12-01 18:24 - 00000884 __RSH C:\Users\Leonard\ntuser.pol
    2013-12-01 18:24 - 2013-12-01 18:24 - 00000020 ___SH C:\Users\Leonard\ntuser.ini
    2013-12-01 18:24 - 2013-12-01 18:24 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\Real
    2013-12-01 18:24 - 2013-12-01 18:24 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\Adobe
    2013-12-01 18:24 - 2013-12-01 18:24 - 00000000 ____D C:\Users\Leonard\AppData\Local\VirtualStore
    2013-12-01 18:24 - 2013-12-01 18:24 - 00000000 ____D C:\Users\Leonard
    2013-12-01 18:24 - 2013-07-09 08:11 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\TuneUp Software
    2013-12-01 18:24 - 2012-12-16 07:49 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\Macromedia
    2013-12-01 18:24 - 2009-07-14 12:42 - 00000000 ___RD C:\Users\Leonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2013-12-01 18:24 - 2009-07-14 12:37 - 00000000 ___RD C:\Users\Leonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2013-12-01 14:24 - 2013-12-01 14:24 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\RealNetworks
    2013-12-01 14:23 - 2013-12-01 14:23 - 00001016 _____ C:\Users\Public\Desktop\RealPlayer.lnk
    2013-12-01 14:23 - 2013-12-01 14:23 - 00000137 _____ C:\Users\Public\Desktop\RealPlay.url
    2013-12-01 14:22 - 2013-12-01 14:22 - 00000000 ____D C:\ProgramData\RealNetworks
    2013-12-01 14:22 - 2013-12-01 14:22 - 00000000 ____D C:\Program Files\RealNetworks
    2013-12-01 14:21 - 2013-12-01 14:21 - 00000000 ____D C:\Program Files\Common Files\xing shared
    2013-12-01 07:56 - 2013-12-06 11:14 - 00000000 ____D C:\MGADiagToolOutput
    2013-12-01 07:55 - 2013-12-01 07:55 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
    2013-11-30 19:11 - 2013-12-12 16:11 - 00000840 _____ C:\Windows\setupact.log
    2013-11-30 19:11 - 2013-11-30 19:11 - 00000000 _____ C:\Windows\setuperr.log
    2013-11-30 18:52 - 2013-11-30 18:52 - 00001070 _____ C:\Users\daveleonard\Desktop\Duplicate Cleaner Free.lnk
    2013-11-30 18:52 - 2013-11-30 18:52 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Free
    2013-11-30 18:52 - 2013-11-30 18:52 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\DigitalVolcano
    2013-11-30 18:52 - 2013-11-30 18:52 - 00000000 ____D C:\Program Files\Duplicate Cleaner
    2013-11-30 18:20 - 2013-11-30 18:38 - 00000000 ____D C:\Program Files\Easy Duplicate Finder 4
    2013-11-30 18:19 - 2013-11-30 18:28 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\EasyDuplicateFinder
    2013-11-30 18:19 - 2013-11-30 18:28 - 00000000 ____D C:\ProgramData\Easy Duplicate Finder
    2013-11-30 18:19 - 2013-11-30 18:19 - 00000000 ____D C:\Users\daveleonard\Documents\EasyDuplicateFinder
    2013-11-30 17:01 - 2013-11-30 17:01 - 00000000 ____D C:\Users\daveleonard\Documents\OneNote Notebooks
    2013-11-29 18:25 - 2013-11-29 18:25 - 00000000 ____D C:\Users\daveleonard\AppData\Local\Apple
    2013-11-29 10:25 - 2013-12-11 09:31 - 00002574 _____ C:\Users\daveleonard\daemonprocess.txt
    2013-11-29 10:25 - 2013-12-09 11:24 - 00000000 ____D C:\Users\daveleonard\AppData\Local\cache
    2013-11-29 10:25 - 2013-11-29 10:40 - 00000000 ____D C:\Users\daveleonard\AppData\Local\Mobogenie
    2013-11-29 10:25 - 2013-11-29 10:25 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
    2013-11-29 10:25 - 2013-11-29 10:25 - 00000000 ____D C:\Users\wangzhisong
    2013-11-29 09:42 - 2013-12-11 10:36 - 00000000 ____D C:\Program Files\SearchNewTab
    2013-11-29 09:34 - 2013-12-11 14:31 - 00000000 ____D C:\ProgramData\YoutubeBookmark
    2013-11-29 09:31 - 2013-12-11 10:42 - 00000000 ____D C:\ProgramData\1fc5dad6420ad132
    2013-11-29 08:47 - 2013-12-10 12:34 - 00000000 ____D C:\Users\daveleonard\Documents\iWisoft Free Video Downloader
    2013-11-28 07:52 - 2013-12-02 16:11 - 00000000 ____D C:\Users\daveleonard\AppData\Local\Adobe
    2013-11-27 20:02 - 2013-11-30 16:48 - 00000846 _____ C:\Users\daveleonard\Desktop\TFC - Shortcut.lnk
    2013-11-27 19:54 - 2013-11-27 19:55 - 00448512 _____ (OldTimer Tools) C:\TFC.exe
    2013-11-27 12:54 - 2013-11-27 12:54 - 00001250 _____ C:\Users\daveleonard\Desktop\System Information.lnk
    2013-11-27 12:14 - 2004-08-04 00:56 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\temp.00F
    2013-11-27 12:14 - 2004-03-08 18:00 - 00212240 _____ (Microsoft Corporation) C:\Windows\system32\RichTx32.ocx
    2013-11-27 12:14 - 2000-12-06 01:00 - 00209608 _____ (Microsoft Corporation) C:\Windows\system32\TabCtl32.ocx
    2013-11-27 12:13 - 2001-08-18 18:00 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\temp.00E
    2013-11-27 12:13 - 2001-03-13 14:53 - 00326656 _____ (Microsoft Corporation) C:\Windows\system32\temp.00D
    2013-11-27 12:13 - 2001-03-13 14:47 - 00598288 _____ (Microsoft Corporation) C:\Windows\system32\temp.008
    2013-11-27 12:13 - 2001-03-13 14:47 - 00164112 _____ (Microsoft Corporation) C:\Windows\system32\temp.009
    2013-11-27 12:13 - 2001-03-13 14:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\temp.00B
    2013-11-27 12:13 - 2001-03-13 14:45 - 00147728 _____ (Microsoft Corporation) C:\Windows\system32\temp.00A
    2013-11-27 12:13 - 2000-08-20 21:00 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\temp.00C
    2013-11-27 10:13 - 2013-12-11 08:57 - 00001891 _____ C:\Users\daveleonard\Desktop\Dashlane.lnk
    2013-11-27 10:13 - 2013-11-27 10:13 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
    2013-11-27 10:10 - 2013-12-12 07:23 - 00000000 ____D C:\Users\daveleonard\AppData\Local\Mozilla
    2013-11-27 10:10 - 2013-11-27 10:10 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\Mozilla
    2013-11-27 10:09 - 2013-11-27 10:09 - 00001079 _____ C:\Users\daveleonard\Desktop\Regcleaner - Shortcut.lnk
    2013-11-27 10:09 - 2013-11-27 10:09 - 00000982 _____ C:\Users\daveleonard\Desktop\File Shredder.lnk
    2013-11-27 10:08 - 2013-12-11 16:53 - 00001017 _____ C:\Users\daveleonard\Desktop\iWisoft Free Video Downloader.lnk
    2013-11-27 10:08 - 2013-11-27 10:08 - 00000053 _____ C:\Users\daveleonard\Desktop\SlimBrowser Homepage.url
    2013-11-27 10:07 - 2013-11-27 10:07 - 00001500 _____ C:\Users\daveleonard\Desktop\privacymantra - Shortcut.lnk
    2013-11-27 09:56 - 2013-12-11 08:57 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\Dashlane
    2013-11-27 09:48 - 2013-11-27 09:48 - 00000181 _____ C:\Users\daveleonard\Desktop\Log In Facebook.url
    2013-11-27 09:39 - 2013-11-27 09:39 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\vlc
    2013-11-27 09:34 - 2013-11-27 09:52 - 00000000 ____D C:\Dashlane
    2013-11-27 09:28 - 2013-11-27 09:28 - 00001304 _____ C:\Users\daveleonard\Desktop\Notepad.lnk
    2013-11-27 09:20 - 2013-11-27 09:20 - 00002117 _____ C:\Users\daveleonard\Desktop\Microsoft Security Essentials.lnk
    2013-11-26 21:49 - 2013-11-27 12:28 - 00000000 ____D C:\Program Files\Automatic Windows Internet Washer
    2013-11-26 21:49 - 2004-08-04 00:56 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\temp.007
    2013-11-26 21:49 - 2001-08-18 18:00 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\temp.006
    2013-11-26 21:49 - 2001-03-13 14:53 - 00326656 _____ (Microsoft Corporation) C:\Windows\system32\temp.005
    2013-11-26 21:49 - 2001-03-13 14:47 - 00598288 _____ (Microsoft Corporation) C:\Windows\system32\temp.000
    2013-11-26 21:49 - 2001-03-13 14:47 - 00164112 _____ (Microsoft Corporation) C:\Windows\system32\temp.001
    2013-11-26 21:49 - 2001-03-13 14:47 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\temp.003
    2013-11-26 21:49 - 2001-03-13 14:45 - 00147728 _____ (Microsoft Corporation) C:\Windows\system32\temp.002
    2013-11-26 21:49 - 2000-08-20 21:00 - 01388544 _____ (Microsoft Corporation) C:\Windows\system32\temp.004
    2013-11-26 21:49 - 1998-04-24 00:00 - 00368912 _____ (Microsoft Corporation) C:\Windows\system32\vbar332.dll
    2013-11-26 21:48 - 2013-11-26 21:48 - 00108824 _____ C:\Users\daveleonard\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-11-26 20:51 - 2013-11-27 08:45 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2013-11-26 20:51 - 2013-11-27 08:45 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2013-11-26 20:51 - 2013-11-27 08:45 - 00000000 ____D C:\Users\Guest
    2013-11-26 20:51 - 2013-11-26 20:51 - 00001373 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2013-11-26 20:51 - 2013-11-26 20:51 - 00000020 ___SH C:\Users\Guest\ntuser.ini
    2013-11-26 20:51 - 2013-11-26 20:51 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Real
    2013-11-26 20:51 - 2013-11-26 20:51 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
    2013-11-26 20:51 - 2013-11-26 20:51 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
    2013-11-26 20:51 - 2013-07-09 08:11 - 00000000 ____D C:\Users\Guest\AppData\Roaming\TuneUp Software
    2013-11-26 20:51 - 2012-12-16 07:49 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Macromedia
    2013-11-26 20:00 - 2013-11-26 20:00 - 00013193 _____ C:\Users\daveleonard\Desktop\Sys Files.lnk
    2013-11-26 19:46 - 2013-12-06 14:54 - 00000000 ____D C:\Users\daveleonard\AppData\Local\Google
    2013-11-26 19:43 - 2013-12-08 18:01 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\Real
    2013-11-26 19:43 - 2013-11-26 19:43 - 00001377 _____ C:\Users\daveleonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2013-11-26 19:43 - 2013-11-26 19:43 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\Adobe
    2013-11-26 19:42 - 2013-12-11 16:53 - 00000000 ____D C:\Users\daveleonard
    2013-11-26 19:42 - 2013-12-11 16:51 - 00000000 ____D C:\Users\daveleonard\AppData\Local\VirtualStore
    2013-11-26 19:42 - 2013-11-27 08:45 - 00000000 ___RD C:\Users\daveleonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2013-11-26 19:42 - 2013-11-27 08:45 - 00000000 ___RD C:\Users\daveleonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2013-11-26 19:42 - 2013-11-27 07:57 - 00000884 __RSH C:\Users\daveleonard\ntuser.pol
    2013-11-26 19:42 - 2013-11-26 19:42 - 00000020 ___SH C:\Users\daveleonard\ntuser.ini
    2013-11-26 19:42 - 2013-07-09 08:11 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\TuneUp Software
    2013-11-26 19:42 - 2012-12-16 07:49 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\Macromedia
    2013-11-26 19:35 - 2013-11-27 08:45 - 00000000 ____D C:\Users\user\Documents\How to Delete an Index.dat File eHow_files
    2013-11-20 18:20 - 2013-11-27 08:45 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Text Pad
    2013-11-20 11:38 - 2013-11-20 11:38 - 00000906 ____R C:\Users\user\Documents\bitlocker recovery key new.txt

    ==================== One Month Modified Files and Folders =======

    2013-12-13 08:10 - 2013-12-13 08:09 - 00014606 _____ C:\Users\daveleonard\Downloads\FRST.txt
    2013-12-13 08:09 - 2013-12-13 08:09 - 00000000 ____D C:\Users\daveleonard\Downloads\FRST-OlderVersion
    2013-12-13 08:09 - 2013-12-12 07:05 - 00000000 ____D C:\FRST
    2013-12-13 08:09 - 2013-12-12 07:04 - 01060839 _____ (Farbar) C:\Users\daveleonard\Downloads\FRST.exe
    2013-12-13 07:37 - 2012-12-22 10:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-12-13 07:34 - 2013-09-10 14:57 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-12-13 07:32 - 2013-11-06 16:27 - 00000884 _____ C:\Windows\Tasks\EpicUpdateTaskUserS-1-5-21-4037858357-1239057611-1412149812-1000UA.job
    2013-12-13 07:24 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\tracing
    2013-12-13 07:21 - 2012-12-16 03:25 - 01961307 _____ C:\Windows\WindowsUpdate.log
    2013-12-12 17:43 - 2013-11-06 16:27 - 00000832 _____ C:\Windows\Tasks\EpicUpdateTaskUserS-1-5-21-4037858357-1239057611-1412149812-1000Core.job
    2013-12-12 16:12 - 2013-09-10 14:57 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-12-12 16:11 - 2013-11-30 19:11 - 00000840 _____ C:\Windows\setupact.log
    2013-12-12 16:11 - 2009-07-14 12:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-12-12 16:10 - 2013-12-12 06:52 - 00000000 ____D C:\AdwCleaner
    2013-12-12 07:59 - 2013-12-12 07:59 - 00000000 ____D C:\ProgramData\Epic Privacy Browser
    2013-12-12 07:28 - 2013-12-12 07:28 - 00001098 _____ C:\Users\daveleonard\Desktop\FRST - Shortcut.lnk
    2013-12-12 07:27 - 2013-12-12 07:27 - 00001156 _____ C:\Users\daveleonard\Desktop\AdwCleaner - Shortcut.lnk
    2013-12-12 07:27 - 2013-12-12 07:27 - 00001087 _____ C:\Users\daveleonard\Desktop\JRT - Shortcut.lnk
    2013-12-12 07:23 - 2013-11-27 10:10 - 00000000 ____D C:\Users\daveleonard\AppData\Local\Mozilla
    2013-12-12 06:56 - 2013-02-04 10:49 - 00000000 ____D C:\Program Files\iWisoft Free Video Downloader
    2013-12-12 06:44 - 2013-12-12 06:44 - 00000000 ____D C:\Windows\ERUNT
    2013-12-11 16:53 - 2013-12-11 16:53 - 00000000 _____ C:\Users\daveleonard\Documents_1131111_085312.dmp
    2013-12-11 16:53 - 2013-11-27 10:08 - 00001017 _____ C:\Users\daveleonard\Desktop\iWisoft Free Video Downloader.lnk
    2013-12-11 16:53 - 2013-11-26 19:42 - 00000000 ____D C:\Users\daveleonard
    2013-12-11 16:51 - 2013-12-11 16:51 - 00001118 _____ C:\Users\daveleonard\Desktop\iWisoft Flash SWF to Video Converter.lnk
    2013-12-11 16:51 - 2013-12-11 16:51 - 00000000 ____D C:\Users\daveleonard\Documents\flash-swf-converter
    2013-12-11 16:51 - 2013-12-11 16:51 - 00000000 ____D C:\Program Files\iWisoft Flash SWF to Video Converter
    2013-12-11 16:51 - 2013-11-26 19:42 - 00000000 ____D C:\Users\daveleonard\AppData\Local\VirtualStore
    2013-12-11 16:38 - 2012-12-22 10:42 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2013-12-11 16:38 - 2012-12-22 10:42 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2013-12-11 15:47 - 2013-10-29 17:33 - 00060298 _____ C:\Windows\PFRO.log
    2013-12-11 14:42 - 2013-12-08 15:26 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\MP3Rocket
    2013-12-11 14:31 - 2013-11-29 09:34 - 00000000 ____D C:\ProgramData\YoutubeBookmark
    2013-12-11 14:31 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\Vss
    2013-12-11 14:11 - 2013-12-11 14:11 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\Malwarebytes
    2013-12-11 14:11 - 2013-12-11 14:11 - 00000000 ____D C:\ProgramData\Malwarebytes
    2013-12-11 10:44 - 2013-10-30 20:18 - 00000000 ____D C:\Program Files\Mobogenie
    2013-12-11 10:42 - 2013-11-29 09:31 - 00000000 ____D C:\ProgramData\1fc5dad6420ad132
    2013-12-11 10:40 - 2013-12-09 08:01 - 00000000 ____D C:\Program Files\File Type Assistant
    2013-12-11 10:36 - 2013-11-29 09:42 - 00000000 ____D C:\Program Files\SearchNewTab
    2013-12-11 10:31 - 2013-12-11 10:31 - 00001191 _____ C:\Users\daveleonard\Desktop\Should I Remove It.lnk
    2013-12-11 10:31 - 2013-12-11 10:31 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
    2013-12-11 10:31 - 2013-12-11 10:31 - 00000000 ____D C:\Program Files\Reason
    2013-12-11 09:56 - 2013-12-06 13:36 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\uTorrent
    2013-12-11 09:31 - 2013-11-29 10:25 - 00002574 _____ C:\Users\daveleonard\daemonprocess.txt
    2013-12-11 08:57 - 2013-11-27 10:13 - 00001891 _____ C:\Users\daveleonard\Desktop\Dashlane.lnk
    2013-12-11 08:57 - 2013-11-27 09:56 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\Dashlane
    2013-12-11 08:55 - 2009-07-14 12:34 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-12-11 08:55 - 2009-07-14 12:34 - 00020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-12-11 08:54 - 2013-12-11 08:54 - 00047200 _____ C:\Users\daveleonard\Documents_1131111_005444.dmp
    2013-12-11 08:54 - 2013-12-11 08:54 - 00000536 _____ C:\Users\daveleonard\Documents_1131111_005444_main.txt
    2013-12-10 17:38 - 2013-12-10 17:38 - 00000000 ____D C:\ProgramData\DivX
    2013-12-10 12:34 - 2013-11-29 08:47 - 00000000 ____D C:\Users\daveleonard\Documents\iWisoft Free Video Downloader
    2013-12-09 11:24 - 2013-11-29 10:25 - 00000000 ____D C:\Users\daveleonard\AppData\Local\cache
    2013-12-09 09:40 - 2013-12-08 15:30 - 00000000 ____D C:\Users\daveleonard\Incomplete
    2013-12-09 08:06 - 2013-12-09 08:05 - 00000000 ____D C:\Users\daveleonard\.android
    2013-12-09 08:02 - 2013-12-09 08:02 - 00000000 ____D C:\Users\daveleonard\Documents\Mobogenie
    2013-12-08 18:01 - 2013-11-26 19:43 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\Real
    2013-12-08 15:36 - 2013-12-08 15:36 - 00000000 ____D C:\Users\daveleonard\.swt
    2013-12-06 14:54 - 2013-11-26 19:46 - 00000000 ____D C:\Users\daveleonard\AppData\Local\Google
    2013-12-06 14:00 - 2013-09-10 15:03 - 00002089 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2013-12-06 11:15 - 2013-12-06 11:15 - 00006805 _____ C:\Users\daveleonard\Desktop\Sys Info - Shortcut.lnk
    2013-12-06 11:14 - 2013-12-01 07:56 - 00000000 ____D C:\MGADiagToolOutput
    2013-12-05 20:34 - 2009-07-14 10:37 - 00000000 ___RD C:\Users\Public
    2013-12-05 08:22 - 2013-12-05 08:22 - 00000000 ____D C:\Users\daveleonard\AppData\Local\Macromedia
    2013-12-04 07:52 - 2009-07-14 12:53 - 00032566 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2013-12-03 15:17 - 2013-12-03 15:17 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\AVAST Software
    2013-12-03 13:52 - 2013-09-27 18:06 - 00002007 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2013-12-03 13:48 - 2013-07-07 18:35 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2013-12-03 13:48 - 2013-07-07 18:35 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2013-12-03 13:48 - 2013-07-07 18:35 - 00269216 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2013-12-03 13:48 - 2013-07-07 18:35 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
    2013-12-03 13:48 - 2013-07-07 18:35 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2013-12-03 13:48 - 2013-07-07 18:35 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2013-12-03 13:48 - 2013-07-07 18:35 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
    2013-12-03 13:48 - 2013-07-07 18:35 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
    2013-12-03 13:48 - 2013-07-07 18:35 - 00035656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
    2013-12-03 13:48 - 2013-07-07 18:34 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2013-12-03 13:36 - 2013-07-05 20:57 - 00000000 ____D C:\ProgramData\AVAST Software
    2013-12-03 13:35 - 2009-07-14 10:04 - 00002577 _____ C:\Windows\system32\config.nt
    2013-12-02 21:34 - 2013-12-02 21:34 - 00036378 _____ C:\Users\daveleonard\Documents_1131102_133402.dmp
    2013-12-02 16:11 - 2013-11-28 07:52 - 00000000 ____D C:\Users\daveleonard\AppData\Local\Adobe
    2013-12-02 15:11 - 2009-07-14 10:37 - 00000000 __RHD C:\Users\Public\Libraries
    2013-12-01 18:24 - 2013-12-01 18:24 - 00001377 _____ C:\Users\Leonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2013-12-01 18:24 - 2013-12-01 18:24 - 00000884 __RSH C:\Users\Leonard\ntuser.pol
    2013-12-01 18:24 - 2013-12-01 18:24 - 00000020 ___SH C:\Users\Leonard\ntuser.ini
    2013-12-01 18:24 - 2013-12-01 18:24 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\Real
    2013-12-01 18:24 - 2013-12-01 18:24 - 00000000 ____D C:\Users\Leonard\AppData\Roaming\Adobe
    2013-12-01 18:24 - 2013-12-01 18:24 - 00000000 ____D C:\Users\Leonard\AppData\Local\VirtualStore
    2013-12-01 18:24 - 2013-12-01 18:24 - 00000000 ____D C:\Users\Leonard
    2013-12-01 14:24 - 2013-12-01 14:24 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\RealNetworks
    2013-12-01 14:23 - 2013-12-01 14:23 - 00001016 _____ C:\Users\Public\Desktop\RealPlayer.lnk
    2013-12-01 14:23 - 2013-12-01 14:23 - 00000137 _____ C:\Users\Public\Desktop\RealPlay.url
    2013-12-01 14:22 - 2013-12-01 14:22 - 00000000 ____D C:\ProgramData\RealNetworks
    2013-12-01 14:22 - 2013-12-01 14:22 - 00000000 ____D C:\Program Files\RealNetworks
    2013-12-01 14:21 - 2013-12-01 14:21 - 00000000 ____D C:\Program Files\Common Files\xing shared
    2013-12-01 14:21 - 2012-12-18 20:45 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\msvcp71.dll
    2013-12-01 14:21 - 2012-12-18 20:45 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
    2013-12-01 14:21 - 2012-12-18 20:45 - 00272896 _____ (Progressive Networks) C:\Windows\system32\pncrt.dll
    2013-12-01 14:21 - 2012-12-18 20:45 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\system32\rmoc3260.dll
    2013-12-01 14:21 - 2012-12-18 20:45 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5016.dll
    2013-12-01 14:21 - 2012-12-18 20:45 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\system32\pndx5032.dll
    2013-12-01 07:55 - 2013-12-01 07:55 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
    2013-11-30 19:11 - 2013-11-30 19:11 - 00000000 _____ C:\Windows\setuperr.log
    2013-11-30 18:52 - 2013-11-30 18:52 - 00001070 _____ C:\Users\daveleonard\Desktop\Duplicate Cleaner Free.lnk
    2013-11-30 18:52 - 2013-11-30 18:52 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Duplicate Cleaner Free
    2013-11-30 18:52 - 2013-11-30 18:52 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\DigitalVolcano
    2013-11-30 18:52 - 2013-11-30 18:52 - 00000000 ____D C:\Program Files\Duplicate Cleaner
    2013-11-30 18:38 - 2013-11-30 18:20 - 00000000 ____D C:\Program Files\Easy Duplicate Finder 4
    2013-11-30 18:28 - 2013-11-30 18:19 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\EasyDuplicateFinder
    2013-11-30 18:28 - 2013-11-30 18:19 - 00000000 ____D C:\ProgramData\Easy Duplicate Finder
    2013-11-30 18:26 - 2013-09-18 11:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
    2013-11-30 18:19 - 2013-11-30 18:19 - 00000000 ____D C:\Users\daveleonard\Documents\EasyDuplicateFinder
    2013-11-30 17:01 - 2013-11-30 17:01 - 00000000 ____D C:\Users\daveleonard\Documents\OneNote Notebooks
    2013-11-30 16:48 - 2013-11-27 20:02 - 00000846 _____ C:\Users\daveleonard\Desktop\TFC - Shortcut.lnk
    2013-11-29 18:25 - 2013-11-29 18:25 - 00000000 ____D C:\Users\daveleonard\AppData\Local\Apple
    2013-11-29 18:16 - 2013-11-06 18:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
    2013-11-29 10:40 - 2013-11-29 10:25 - 00000000 ____D C:\Users\daveleonard\AppData\Local\Mobogenie
    2013-11-29 10:25 - 2013-11-29 10:25 - 00000000 ____D C:\Users\wangzhisong\AppData\Local\Mobogenie
    2013-11-29 10:25 - 2013-11-29 10:25 - 00000000 ____D C:\Users\wangzhisong
    2013-11-29 09:42 - 2013-03-18 02:44 - 00000000 ____D C:\ProgramData\InstallMate
    2013-11-28 07:49 - 2013-11-06 18:34 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2013-11-27 19:55 - 2013-11-27 19:54 - 00448512 _____ (OldTimer Tools) C:\TFC.exe
    2013-11-27 12:54 - 2013-11-27 12:54 - 00001250 _____ C:\Users\daveleonard\Desktop\System Information.lnk
    2013-11-27 12:28 - 2013-11-26 21:49 - 00000000 ____D C:\Program Files\Automatic Windows Internet Washer
    2013-11-27 10:13 - 2013-11-27 10:13 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane
    2013-11-27 10:10 - 2013-11-27 10:10 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\Mozilla
    2013-11-27 10:09 - 2013-11-27 10:09 - 00001079 _____ C:\Users\daveleonard\Desktop\Regcleaner - Shortcut.lnk
    2013-11-27 10:09 - 2013-11-27 10:09 - 00000982 _____ C:\Users\daveleonard\Desktop\File Shredder.lnk
    2013-11-27 10:08 - 2013-11-27 10:08 - 00000053 _____ C:\Users\daveleonard\Desktop\SlimBrowser Homepage.url
    2013-11-27 10:07 - 2013-11-27 10:07 - 00001500 _____ C:\Users\daveleonard\Desktop\privacymantra - Shortcut.lnk
    2013-11-27 10:06 - 2012-12-16 05:38 - 00000000 ____D C:\ProgramData\Real
    2013-11-27 09:52 - 2013-11-27 09:34 - 00000000 ____D C:\Dashlane
    2013-11-27 09:48 - 2013-11-27 09:48 - 00000181 _____ C:\Users\daveleonard\Desktop\Log In Facebook.url
    2013-11-27 09:39 - 2013-11-27 09:39 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\vlc
    2013-11-27 09:28 - 2013-11-27 09:28 - 00001304 _____ C:\Users\daveleonard\Desktop\Notepad.lnk
    2013-11-27 09:20 - 2013-11-27 09:20 - 00002117 _____ C:\Users\daveleonard\Desktop\Microsoft Security Essentials.lnk
    2013-11-27 09:05 - 2013-01-08 05:37 - 00000000 ____D C:\Users\user\Documents\Smart Benefits FRB ids
    2013-11-27 09:05 - 2013-01-08 01:56 - 00000000 ____D C:\Users\user\Documents\Lawmakers
    2013-11-27 09:05 - 2012-12-18 04:56 - 00000000 ____D C:\Users\user\Documents\iWisoft Free Video Downloader
    2013-11-27 09:05 - 2012-12-18 04:54 - 00000000 ____D C:\Users\user\Documents\Books
    2013-11-27 09:05 - 2012-12-18 04:53 - 00000000 ____D C:\Users\user\Documents\OneNote Notebooks
    2013-11-27 08:45 - 2013-11-26 20:51 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2013-11-27 08:45 - 2013-11-26 20:51 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2013-11-27 08:45 - 2013-11-26 20:51 - 00000000 ____D C:\Users\Guest
    2013-11-27 08:45 - 2013-11-26 19:42 - 00000000 ___RD C:\Users\daveleonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2013-11-27 08:45 - 2013-11-26 19:42 - 00000000 ___RD C:\Users\daveleonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2013-11-27 08:45 - 2013-11-26 19:35 - 00000000 ____D C:\Users\user\Documents\How to Delete an Index.dat File eHow_files
    2013-11-27 08:45 - 2013-11-20 18:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Text Pad
    2013-11-27 08:45 - 2012-12-20 13:33 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
    2013-11-27 08:45 - 2009-07-14 10:37 - 00000000 ___HD C:\Windows\system32\GroupPolicy
    2013-11-27 08:45 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\registration
    2013-11-27 08:45 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\AppCompat
    2013-11-27 08:23 - 2009-07-14 10:37 - 00000000 ____D C:\Windows\system32\wfp
    2013-11-27 07:57 - 2013-11-26 19:42 - 00000884 __RSH C:\Users\daveleonard\ntuser.pol
    2013-11-27 07:54 - 2013-03-12 00:22 - 00000884 __RSH C:\Users\user\ntuser.pol
    2013-11-26 21:48 - 2013-11-26 21:48 - 00108824 _____ C:\Users\daveleonard\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-11-26 20:51 - 2013-11-26 20:51 - 00001373 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2013-11-26 20:51 - 2013-11-26 20:51 - 00000020 ___SH C:\Users\Guest\ntuser.ini
    2013-11-26 20:51 - 2013-11-26 20:51 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Real
    2013-11-26 20:51 - 2013-11-26 20:51 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
    2013-11-26 20:51 - 2013-11-26 20:51 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
    2013-11-26 20:00 - 2013-11-26 20:00 - 00013193 _____ C:\Users\daveleonard\Desktop\Sys Files.lnk
    2013-11-26 19:43 - 2013-11-26 19:43 - 00001377 _____ C:\Users\daveleonard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2013-11-26 19:43 - 2013-11-26 19:43 - 00000000 ____D C:\Users\daveleonard\AppData\Roaming\Adobe
    2013-11-26 19:42 - 2013-11-26 19:42 - 00000020 ___SH C:\Users\daveleonard\ntuser.ini
    2013-11-25 08:05 - 2012-12-16 04:58 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
    2013-11-24 08:17 - 2013-10-15 16:25 - 00000988 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2013-11-20 11:38 - 2013-11-20 11:38 - 00000906 ____R C:\Users\user\Documents\bitlocker recovery key new.txt
    2013-11-19 18:21 - 2012-12-18 20:52 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2013-11-19 17:51 - 2013-10-17 07:27 - 00000000 ____D C:\Program Files\File Shredder

    Files to move or delete:
    ====================
    C:\Users\Public\AlexaNSISPlugin.5808.dll


    Some content of TEMP:
    ====================
    C:\Users\daveleonard\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2013-12-12 13:30

    ==================== End Of Log ============================
     
  17. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    104
    Location:
    Mambajao, Philippines
    Sorry for the mess up. I deleted MS Essentials as you advised. The two diagnostics are posted above. Thanks
     
  18. starbuck

    starbuck MALWARE REMOVAL SPECIALIST - SUPER MODERATOR Super Moderators

    Joined:
    Sep 26, 2009
    Messages:
    1,900
    Location:
    Midlands, UK
    Hi Dave,

    Was this after you ran a fresh scan with FRST?
    i still see MSSE in the reports

    Step 1
    Please download the attached fixlist.txt file and save it to Downloads.
    NOTE.
    It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system


    Re-run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.


    Step 2
    The report is showing that you have TFC on your system.
    If it's still there.....
    • Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator).
    • It will close all programs when run, so make sure you have saved all your work before you begin.
    • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
    • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

    If you have removed the program, you can download it from:
    TFC by OldTimer


    In your next reply, please submit:
    Fixlog.txt
    and let me know how the system is running now.


    Thanks.
     

    Attached Files:

  19. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    104
    Location:
    Mambajao, Philippines
    Hello Starbuck, Yes, I uninstalled ms ess the very day I got ur ok which was after I ran the report. It should no longer be there.
    I checked the system out by running an avast root scan. The scan found an infection called Bleah-D. It is in C:\hiberfil.sys. But avast reported that "Cannot open, share access flags incompatible". I ran malwarebites and it found a few pups but did not pick up on Bleah-D. So that's the status of my system now. I don't know how to remove Bleah-D. Thanks.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-12-2013 03
    Ran by daveleonard at 2013-12-14 10:40:51 Run:1
    Running from C:\Users\daveleonard\Downloads
    Boot Mode: Normal

    ==============================================

    Content of fixlist:
    *****************
    HKCU\...\Run: [Epic Privacy Browser Update] - "C:\Users\daveleonard\AppData\Local\Epic Privacy Browser\Update\EpicUpdate.exe" /c
    MountPoints2: {7cea702b-34d5-11e3-a92d-002622822d46} - F:\AutoRun.exe
    HKU\user\...\Run: [Epic Update] - C:\Users\user\AppData\Local\Epic\Update\EpicUpdate.exe [ 2013-11-06] (Epic)
    URLSearchHook: HKLM - (No Name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - No File
    SearchScopes: HKLM - DefaultScope value is missing.
    BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - No File
    Toolbar: HKLM - PasswordBox - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - No File
    FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=3 - C:\Users\daveleonard\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File
    FF Plugin HKCU: @updates.epicbrowser.com/Epic Privacy Browser Update;version=9 - C:\Users\daveleonard\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll No File
    CHR DefaultSearchKeyword: askws
    CHR DefaultSearchProvider: Ask.com
    CHR DefaultSearchURL: http://search.tb.ask.com/search/GGm...X^xdm022^YYA^ph&si=CLThkMrplbsCFUUF4god9nkA0A
    CHR Extension: (surfi Andd keeep) - C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkfmhmahbdogdlhaolbopadcljhanok\2.19
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    2013-12-12 07:59 - 2013-12-12 07:59 - 00000000 ____D C:\ProgramData\Epic Privacy Browser
    2013-12-12 17:43 - 2013-11-06 16:27 - 00000832 _____ C:\Windows\Tasks\EpicUpdateTaskUserS-1-5-21-4037858357-1239057611-1412149812-1000Core.job
    C:\Users\Public\AlexaNSISPlugin.5808.dll
    C:\Users\daveleonard\AppData\Local\Temp\Quarantine.exe
    C:\Windows\system32\temp.*
    C:\Users\user\AppData\Local\Epic
    C:\Users\daveleonard\AppData\Local\Epic Privacy Browse

    *****************

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Epic Privacy Browser Update => Value deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7cea702b-34d5-11e3-a92d-002622822d46} => Key deleted successfully.
    HKCR\CLSID\{7cea702b-34d5-11e3-a92d-002622822d46} => Key not found.
    HKU\user\Software\Microsoft\Windows\CurrentVersion\Run\\Epic Update => Value deleted successfully.
    HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{c95a4e8e-816d-4655-8c79-d736da1adb6d} => Value deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5DB69B97-934B-451D-94DB-32EF802A01CD} => Key deleted successfully.
    HKCR\CLSID\{5DB69B97-934B-451D-94DB-32EF802A01CD} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} => Value deleted successfully.
    HKCR\CLSID\{25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} => Key deleted successfully.
    HKCU\Software\MozillaPlugins\@updates.epicbrowser.com/Epic Privacy Browser Update;version=3 => Key deleted successfully.
    C:\Users\daveleonard\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll not found.
    HKCU\Software\MozillaPlugins\@updates.epicbrowser.com/Epic Privacy Browser Update;version=9 => Key deleted successfully.
    C:\Users\daveleonard\AppData\Local\Epic Privacy Browser\Update\1.3.27.13\npEpicUpdate3.dll not found.
    CHR DefaultSearchKeyword: askws ==> The Chrome "Settings" can be used to fix the entry.
    CHR DefaultSearchProvider: Ask.com ==> The Chrome "Settings" can be used to fix the entry.
    CHR DefaultSearchURL: http://search.tb.ask.com/search/GGm...X^xdm022^YYA^ph&si=CLThkMrplbsCFUUF4god9nkA0A ==> The Chrome "Settings" can be used to fix the entry.
    C:\Users\daveleonard\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkfmhmahbdogdlhaolbopadcljhanok => Moved successfully.
    HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
    C:\ProgramData\Epic Privacy Browser => Moved successfully.
    C:\Windows\Tasks\EpicUpdateTaskUserS-1-5-21-4037858357-1239057611-1412149812-1000Core.job => Moved successfully.
    C:\Users\Public\AlexaNSISPlugin.5808.dll => Moved successfully.
    C:\Users\daveleonard\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Windows\system32\temp.* => Moved successfully.
    C:\Users\user\AppData\Local\Epic => Moved successfully.
    "C:\Users\daveleonard\AppData\Local\Epic Privacy Browse" => File/Directory not found.

    ==== End of Fixlog ====
     
  20. daveleonard

    daveleonard Registered Members

    Joined:
    Dec 2, 2013
    Messages:
    104
    Location:
    Mambajao, Philippines
    Hello Starbuck, You asked me how the machine is running now. As I said, Avast found the Bleah-D infection when I ran root scan. I ran root scan again and the infection is gone so whatever cleaner I ran apparently did get it. I also ran my duplicate file cleaner and it found over 54,000 duplicate files. I cannot send you the report because it is too big to download. I will not delete anything since I don't know what I'm doing. I know that other files sometimes use those dups and I do not want to mess anything up. At the same time though I don't want dup files on my pc. Would it be better for me to just use my os7 disks and use a new copy of win7? Would that take care of the dups? Thanks.
     

Share This Page