Results 1 to 3 of 3

Thread: need assistance with malware and adware lol

  1. #1
    Junior Member
    Join Date
    Jul 2014
    Posts
    5

    Default need assistance with malware and adware lol

    Attachment 11714Attachment 11716

    This is FRST.txt only way I can figure out how to get it in here. sry I got agitated.

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
    Ran by Phil (administrator) on PHIL-HUNTER on 27-07-2014 01:30:02
    Running from C:\Users\Phil\Desktop
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
    (Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    (Akamai Technologies, Inc.) C:\Users\Phil\AppData\Local\Akamai\netsession_win.exe
    (Akamai Technologies, Inc.) C:\Users\Phil\AppData\Local\Akamai\netsession_win.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
    (CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe
    (Anvisoft Corporation) C:\Program Files (x86)\Anvisoft\Cloud System Booster\extentions\Toolbox\Anvi RAM Booster\Anvi_RAM_Booster.exe
    (Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
    (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\klwtblfs.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart�
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-17] (Kaspersky Lab ZAO)
    HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [701736 2012-02-02] (CyberLink Corporation.)
    HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-04-02] (cyberlink)
    HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2012-03-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [] => [X]
    HKU\.DEFAULT\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe�
    HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
    HKU\S-1-5-21-311460615-1237340197-3635507080-1000\...\Run: [Power2GoExpress] => [X]
    HKU\S-1-5-21-311460615-1237340197-3635507080-1000\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [55120 2014-04-09] ()
    HKU\S-1-5-21-311460615-1237340197-3635507080-1000\...\Run: [CloudSystemBooster] => C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe [527544 2014-05-29] (Anvisoft)
    HKU\S-1-5-21-311460615-1237340197-3635507080-1000\...\Run: [mmonitor] => C:\Program Files (x86)\Anvisoft\Cloud System Booster\extentions\toolbox\Anvi RAM Booster\Anvi_RAM_Bo (the data entry has 17 more characters).
    HKU\S-1-5-21-311460615-1237340197-3635507080-1000\...\MountPoints2: D - D:\setup.exe -a
    HKU\S-1-5-21-311460615-1237340197-3635507080-1000\...\MountPoints2: {37408140-39e9-11e3-b020-00044b1992e1} - F:\LGAutoRun.exe
    HKU\S-1-5-21-311460615-1237340197-3635507080-1000\...\MountPoints2: {42a4b180-21cd-11e3-8202-00044b1992e1} - F:\setup.exe -a
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HRBlockDirect.lnk
    ShortcutTarget: HRBlockDirect.lnk -> C:\Program Files (x86)\HRBlockDirect\HRBlockDirect.exe (HR Block )

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6076F0CD0DCECE01
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_sourc...&ts=1383634190
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190&type=default&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_sourc...&ts=1383634190
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190&type=default&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190&type=default&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_sourc...&ts=1383634190
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190&type=default&q={searchTerms}
    URLSearchHook: HKLM-x32 - MixiDJ V43 Toolbar - {62f386ad-a806-4d2c-87d2-f8cf31faf77e} - No File
    URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_sourc...&ts=1383634190
    SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
    SearchScopes: HKLM-x32 - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S02020^us&si=CJPFuOGX8LACFQhgTAodOTqFwQ&ptb=785D9EDA-F3AC-4EB7-8ED7-9CCF38CE9B0E&psa=&ind=2012062801&st=sb&n=77eda451&searchfor={searchTerms}
    SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={47693960-E050-11E2-9A02-00044B1992E1}
    SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP0EABCB22-6F73-48BF-BC6F-DA436CAAD75E&q={searchTerms}&SSPV=
    SearchScopes: HKCU - 65A02591468F493D9D37BF6677ACE964 URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3307181&CUI=UN25759970510773707&UM=2
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP0EABCB22-6F73-48BF-BC6F-DA436CAAD75E&q={searchTerms}&SSPV=
    SearchScopes: HKCU - {3D82820D-B262-4C35-9AC7-4E0EFF941FAF} URL = http://www.mysearchresults.com/search?c=4100&t=04&q={searchTerms}
    SearchScopes: HKCU - {47FA6A6E-1C09-4ECA-A70C-81F51DFC8355} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0101&cd=2XzuyEtN2Y1L1QzutDtDtDyEyE0BtCzyzytB0EtB0A0BtAtDtN0D0Tzu0CyBtAtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=65225379&ir=
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKCU - {CFDB445B-2FCB-4E41-9D54-8EAAC2273CE9} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=7E1CEE6F-5D54-4C72-9082-E75978566431&apn_sauid=98577795-9D61-4581-9A2E-86C704277DF3
    BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO: No Name -> {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} -> No File
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    BHO-x32: No Name -> {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} -> No File
    BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: MixiDJ V43 Toolbar -> {62f386ad-a806-4d2c-87d2-f8cf31faf77e} -> No File
    BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> No File
    BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
    BHO-x32: No Name -> {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} -> No File
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
    Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKLM-x32 - MixiDJ V43 Toolbar - {62f386ad-a806-4d2c-87d2-f8cf31faf77e} - No File
    Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

    FireFox:
    ========
    FF ProfilePath: C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\km1wbfpq.default
    FF DefaultSearchEngine: Conduit Search
    FF SelectedSearchEngine: Conduit Search
    FF Homepage: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP0EABCB22-6F73-48BF-BC6F-DA436CAAD75E&SSPV=
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin-x32: @ei.GamingWonderland.com/Plugin - C:\Program Files (x86)\GamingWonderlandEI\Installr\1.bin\NPgtEISB.dll No File
    FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: anvisoft.com/AdblockPlugin - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll (Anvisoft)
    FF user.js: detected! => C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\km1wbfpq.default\user.js
    FF SearchPlugin: C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\km1wbfpq.default\searchplugins\conduit-search.xml
    FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org [2014-02-14]
    FF Extension: Unit Layers - C:\Program Files (x86)\Mozilla Firefox\extensions\fgsegj@ohwcaijlmohgftbpsu.org [2014-02-14]
    FF Extension: AnviAdblock - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\AnviAdblock@anvisoft.com.xpi [2014-07-26]
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
    FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
    FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-03-18]
    FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
    FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-03-18]
    FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
    FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-03-18]
    FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
    FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-03-18]
    FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
    FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-03-18]
    FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
    FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

    Chrome:
    =======
    CHR HomePage: hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP
    CHR RestoreOnStartup: "hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP","http:\/\/search.conduit.com\/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP0EABCB22-6F73-48BF-BC6F-DA436CAAD75E&SSPV="
    CHR NewTab: "chrome-extension://pflphaooapbgpeakohlggbpidpppgdff/content/newtab/newtab.html"
    CHR DefaultSearchKeyword: bing.com
    CHR DefaultSearchProvider: Bing
    CHR DefaultSearchURL: http://www.bing.com/search?FORM=BDT3DF&PC=BDT3&q={searchTerms}
    CHR Extension: (Docs) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23]
    CHR Extension: (Google Drive) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23]
    CHR Extension: (YouTube) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-23]
    CHR Extension: (Extended Protection) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2013-11-05]
    CHR Extension: (Google Search) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-23]
    CHR Extension: (xVidly1) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dachbokeklmhlikpklnkmmealjdfanoh [2013-10-23]
    CHR Extension: (Kaspersky URL Advisor) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-10-23]
    CHR Extension: (Safe Money) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-10-23]
    CHR Extension: (Vgrabber v1.5) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm [2013-10-23]
    CHR Extension: (Lightning Newtab) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-11-05]
    CHR Extension: (MixiDJ V43) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplmoojljbihgoknngmcimjbaddnnhkd [2013-10-23]
    CHR Extension: (Virtual Keyboard) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-10-23]
    CHR Extension: (WhiteSmoke New) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2013-10-23]
    CHR Extension: (Ziftr Alerts - formerly FreePriceAlerts.com) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoiabglmnijabkfknliolcbjfcmbmdl [2013-10-23]
    CHR Extension: (Google Wallet) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
    CHR Extension: (GreatArcadeHits Add-on) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh [2013-11-05]
    CHR Extension: (MySearchDial New Tab) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2014-02-02]
    CHR Extension: (Gmail) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-23]
    CHR Extension: (Anti-Banner) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-10-23]
    CHR HKCU\...\Chrome\Extension: [dachbokeklmhlikpklnkmmealjdfanoh] - C:\Users\Phil\AppData\Local\CRE\dachbokeklmhlikpklnkmmealjdfanoh.crx [2013-08-07]
    CHR HKCU\...\Chrome\Extension: [hchkdglnjoagfcnikmcebkjlfbcbkhnm] - C:\Users\Phil\AppData\Local\CRE\hchkdglnjoagfcnikmcebkjlfbcbkhnm.crx [2013-08-20]
    CHR HKCU\...\Chrome\Extension: [iplmoojljbihgoknngmcimjbaddnnhkd] - C:\Users\Phil\AppData\Local\CRE\iplmoojljbihgoknngmcimjbaddnnhkd.crx [2013-10-02]
    CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Phil\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-04-25]
    CHR HKLM-x32\...\Chrome\Extension: [dachbokeklmhlikpklnkmmealjdfanoh] - C:\Users\Phil\AppData\Local\CRE\dachbokeklmhlikpklnkmmealjdfanoh.crx [2013-08-07]
    CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [hchkdglnjoagfcnikmcebkjlfbcbkhnm] - C:\Users\Phil\AppData\Local\CRE\hchkdglnjoagfcnikmcebkjlfbcbkhnm.crx [2013-08-20]
    CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [iplmoojljbihgoknngmcimjbaddnnhkd] - C:\Users\Phil\AppData\Local\CRE\iplmoojljbihgoknngmcimjbaddnnhkd.crx [2013-10-02]
    CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
    CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Phil\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-04-25]
    CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [2014-04-29]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
    CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/d...najaicnklhfplh [2014-07-14]
    CHR HKLM-x32\...\Chrome\Extension: [ngoiabglmnijabkfknliolcbjfcmbmdl] - C:\ProgramData\FreePriceAlerts\Chrome\FreePriceAlerts.crx [2013-09-16]
    CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]
    CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.dosearches.com/?utm_sourc...&ts=1383634190
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [42680 2014-05-29] (Anvisoft)
    R2 ASD2Svc; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe [1206504 2014-05-28] (Anvisoft)
    R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-17] (Kaspersky Lab ZAO)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
    S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2012-04-02] (CyberLink)
    S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-07-20] (Creative Labs) [File not signed]
    R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-09-06] () [File not signed]
    S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [X]
    S2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [X]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R1 asd2fsm; C:\Windows\System32\DRIVERS\asd2fsm.sys [48656 2014-05-28] (Anvisoft)
    R1 Asdids; C:\Windows\System32\DRIVERS\asdids.sys [47632 2014-05-28] (Anvisoft)
    S0 aswRvrt; No ImagePath
    R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2012-02-02] (Cyberlink Co.,Ltd.)
    R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [377840 2012-02-02] (CyberLink Corporation.)
    R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
    U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
    R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
    R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
    R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
    R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
    R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
    R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-23] (Kaspersky Lab ZAO)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
    U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
    S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2x.sys [553472 2008-09-29] (Atheros Communications, Inc.)
    R3 aswVmm; \??\C:\Users\Phil\AppData\Local\Temp\aswVmm.sys [X]
    S3 cpuz136; \??\C:\Users\Phil\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
    U3 aswMBR; \??\C:\Users\Phil\AppData\Local\Temp\aswMBR.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-07-27 01:26 - 2014-07-27 01:30 - 00032548 _____ () C:\Users\Phil\Desktop\FRST.txt
    2014-07-27 01:23 - 2014-07-27 01:23 - 02093568 _____ (Farbar) C:\Users\Phil\Desktop\FRST64.exe
    2014-07-27 01:10 - 2014-07-27 01:10 - 00002370 _____ () C:\Users\Phil\Desktop\aswMBR.txt
    2014-07-27 01:10 - 2014-07-27 01:10 - 00000512 _____ () C:\Users\Phil\Desktop\MBR.dat
    2014-07-26 08:35 - 2014-07-26 08:35 - 00000224 _____ () C:\Windows\setupact.log
    2014-07-26 08:35 - 2014-07-26 08:35 - 00000000 _____ () C:\Windows\setuperr.log
    2014-07-26 08:34 - 2014-07-26 08:34 - 00001366 _____ () C:\Windows\PFRO.log
    2014-07-26 05:28 - 2014-07-26 05:28 - 00002052 _____ () C:\Windows\epplauncher.mif
    2014-07-26 05:17 - 2014-07-27 01:21 - 00000000 ____D () C:\Users\Phil\Desktop\VIRUS RECOVERY FOLDER
    2014-07-26 05:16 - 2014-07-27 01:30 - 00000000 ____D () C:\FRST
    2014-07-26 05:15 - 2014-07-26 05:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PHIL-HUNTER-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    2014-07-26 05:13 - 2014-07-26 05:13 - 00000000 ____D () C:\RegBackup
    2014-07-26 05:12 - 2014-07-26 05:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-07-26 05:11 - 2014-07-26 05:11 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-07-26 05:05 - 2014-07-26 05:05 - 00003732 _____ () C:\Windows\System32\Tasks\ASD_Schedule
    2014-07-26 04:22 - 2014-07-26 08:35 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2014-07-26 04:22 - 2014-07-26 07:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
    2014-07-26 04:22 - 2014-07-26 05:05 - 00003272 _____ () C:\Windows\System32\Tasks\ASD_Main
    2014-07-26 04:22 - 2014-07-26 04:22 - 00001191 _____ () C:\Users\Phil\Desktop\Anvi Smart Defender.lnk
    2014-07-26 04:01 - 2014-07-26 04:01 - 13829304 _____ (Microsoft Corporation) C:\Users\Phil\Downloads\mseinstall.exe
    2014-07-26 03:58 - 2014-07-26 07:32 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
    2014-07-26 03:58 - 2014-07-26 03:58 - 00000000 ____D () C:\ProgramData\Anvisoft
    2014-07-26 03:58 - 2014-05-28 21:03 - 00048656 _____ (Anvisoft) C:\Windows\system32\Drivers\asd2fsm.sys
    2014-07-26 03:57 - 2014-07-26 03:57 - 36035456 _____ (Anvisoft) C:\Users\Phil\Downloads\asdsetup.exe
    2014-07-26 01:05 - 2014-07-26 01:05 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Oracle
    2014-07-26 00:16 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-07-26 00:16 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-07-26 00:16 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2014-07-26 00:16 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
    2014-07-26 00:16 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-07-26 00:16 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-07-26 00:15 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-07-26 00:15 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-07-26 00:15 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-07-26 00:15 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-07-26 00:15 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-07-26 00:15 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-07-26 00:15 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-07-26 00:15 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-07-26 00:15 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-07-26 00:15 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-07-26 00:15 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-07-26 00:15 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-07-26 00:15 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-07-26 00:15 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-07-26 00:15 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-07-26 00:15 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-07-26 00:15 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-07-26 00:15 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-07-26 00:15 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-07-26 00:15 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-07-26 00:15 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-07-26 00:15 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-07-26 00:15 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-07-26 00:15 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-07-26 00:15 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-07-26 00:15 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-07-26 00:15 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-07-26 00:15 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-07-26 00:15 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-07-26 00:15 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-07-26 00:15 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-07-26 00:15 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-07-26 00:15 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-07-26 00:15 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-07-26 00:15 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-07-26 00:15 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-07-26 00:15 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-07-26 00:15 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-07-26 00:15 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-07-26 00:15 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-07-26 00:15 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-07-26 00:15 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-07-26 00:15 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-07-26 00:15 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-07-26 00:15 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-07-26 00:15 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-07-26 00:15 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-07-26 00:15 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-07-26 00:15 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-07-26 00:15 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-07-26 00:15 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-07-26 00:15 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-07-26 00:15 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-07-26 00:15 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-07-26 00:15 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-07-26 00:15 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-07-26 00:15 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-07-26 00:15 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-07-26 00:15 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-07-26 00:15 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-07-26 00:15 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-07-26 00:15 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-07-26 00:15 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-07-26 00:15 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-07-26 00:15 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-07-26 00:15 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-07-26 00:15 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-07-26 00:15 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-07-26 00:15 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-07-26 00:15 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-07-26 00:15 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-07-26 00:15 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-07-26 00:14 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-07-26 00:14 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-07-26 00:14 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-07-26 00:14 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-07-26 00:13 - 2014-07-26 00:14 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
    2014-07-26 00:12 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-07-26 00:12 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-07-26 00:12 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-07-13 23:20 - 2014-05-29 18:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
    2014-07-13 23:20 - 2014-05-29 18:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
    2014-07-13 23:16 - 2014-07-13 23:20 - 00000000 ____D () C:\Users\Phil\AppData\Local\NVIDIA Corporation
    2014-07-13 23:16 - 2014-05-29 18:07 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
    2014-07-13 23:16 - 2014-05-29 18:07 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
    2014-07-13 23:15 - 2014-07-13 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2014-07-13 23:14 - 2014-05-19 18:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
    2014-07-13 23:14 - 2014-05-14 18:49 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
    2014-07-13 23:12 - 2014-05-19 21:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
    2014-07-13 23:12 - 2014-05-19 21:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
    2014-07-13 23:12 - 2014-05-19 21:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
    2014-07-13 23:12 - 2014-03-31 11:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
    2014-07-13 23:12 - 2014-03-31 11:42 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
    2014-07-13 23:12 - 2014-03-31 11:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
    2014-07-13 23:05 - 2014-07-13 23:06 - 231400888 _____ (NVIDIA Corporation) C:\Users\Phil\Downloads\337.88-desktop-win8-win7-winvista-64bit-english-whql.exe
    2014-07-13 17:29 - 2014-07-13 17:29 - 00000000 ____D () C:\Windows\SysWOW64\%Report%
    2014-07-12 19:44 - 2014-07-12 19:44 - 01141408 _____ ( ) C:\Users\Phil\Downloads\hwmonitor_1.25-setup(1).exe
    2014-07-12 19:41 - 2014-07-12 19:42 - 01141408 _____ ( ) C:\Users\Phil\Downloads\hwmonitor_1.25-setup.exe
    2014-07-08 00:58 - 2014-07-08 00:58 - 00262144 _____ () C:\Windows\Minidump\070814-21528-01.dmp
    2014-07-08 00:58 - 2014-07-08 00:58 - 00000000 ____D () C:\Windows\Minidump
    2014-07-06 17:46 - 2014-07-06 17:47 - 00000000 ____D () C:\Users\Phil\Downloads\oQueue_1.9.5
    2014-07-06 17:45 - 2014-07-06 17:45 - 01047296 _____ () C:\Users\Phil\Downloads\oQueue_1.9.5.zip
    2014-07-04 15:57 - 2014-07-04 15:57 - 00002771 _____ () C:\Users\Public\Desktop\Desktop Weather.lnk
    2014-07-04 15:57 - 2014-07-04 15:57 - 00000000 ____D () C:\Users\Phil\AppData\Local\Downloaded Installations
    2014-06-29 01:54 - 2014-06-29 01:54 - 00000000 ____D () C:\Users\Phil\AppData\Local\Skype
    2014-06-29 01:53 - 2014-06-29 01:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2014-06-27 02:23 - 2014-06-27 02:24 - 00000000 ____D () C:\Users\Phil\Downloads\oQueue_1.9.4
    2014-06-27 02:23 - 2014-06-27 02:23 - 01047047 _____ () C:\Users\Phil\Downloads\oQueue_1.9.4.zip

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-07-27 01:30 - 2014-07-27 01:26 - 00032548 _____ () C:\Users\Phil\Desktop\FRST.txt
    2014-07-27 01:30 - 2014-07-26 05:16 - 00000000 ____D () C:\FRST
    2014-07-27 01:23 - 2014-07-27 01:23 - 02093568 _____ (Farbar) C:\Users\Phil\Desktop\FRST64.exe
    2014-07-27 01:21 - 2014-07-26 05:17 - 00000000 ____D () C:\Users\Phil\Desktop\VIRUS RECOVERY FOLDER
    2014-07-27 01:21 - 2014-02-14 01:21 - 00000288 _____ () C:\Windows\Tasks\Digital Sites.job
    2014-07-27 01:21 - 2013-10-20 20:21 - 00000288 _____ () C:\Windows\Tasks\DigitalSite.job
    2014-07-27 01:15 - 2013-03-18 18:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2014-07-27 01:10 - 2014-07-27 01:10 - 00002370 _____ () C:\Users\Phil\Desktop\aswMBR.txt
    2014-07-27 01:10 - 2014-07-27 01:10 - 00000512 _____ () C:\Users\Phil\Desktop\MBR.dat
    2014-07-27 00:50 - 2013-09-23 20:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-07-27 00:37 - 2013-08-12 17:42 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-27 00:28 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-07-27 00:21 - 2013-10-20 21:21 - 00000208 _____ () C:\Users\Phil\AppData\Roaming\WB.CFG
    2014-07-26 22:12 - 2013-10-10 18:50 - 00000000 ____D () C:\Users\Phil\AppData\Local\SevereWeatherAlerts
    2014-07-26 21:02 - 2013-10-23 11:46 - 00000000 ____D () C:\Users\Phil\AppData\Local\Battle.net
    2014-07-26 17:55 - 2011-07-20 15:06 - 01212934 _____ () C:\Windows\WindowsUpdate.log
    2014-07-26 09:37 - 2013-08-12 17:42 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-26 08:42 - 2009-07-13 23:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-07-26 08:42 - 2009-07-13 23:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-07-26 08:35 - 2014-07-26 08:35 - 00000224 _____ () C:\Windows\setupact.log
    2014-07-26 08:35 - 2014-07-26 08:35 - 00000000 _____ () C:\Windows\setuperr.log
    2014-07-26 08:35 - 2014-07-26 04:22 - 00000000 ____D () C:\ProgramData\boost_interprocess
    2014-07-26 08:35 - 2013-05-21 18:58 - 00155136 ___SH () C:\Users\Phil\Desktop\Thumbs.db
    2014-07-26 08:35 - 2011-07-24 11:00 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-07-26 08:35 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-07-26 08:34 - 2014-07-26 08:34 - 00001366 _____ () C:\Windows\PFRO.log
    2014-07-26 08:08 - 2013-09-18 03:48 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Guild Wars 2
    2014-07-26 08:08 - 2012-10-18 23:16 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\TS3Client
    2014-07-26 07:57 - 2011-07-20 15:47 - 00000000 ____D () C:\Users\Phil\Documents\My Received Files
    2014-07-26 07:42 - 2014-02-14 02:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-07-26 07:42 - 2011-07-20 17:53 - 00000000 ____D () C:\Windows\Panther
    2014-07-26 07:41 - 2013-10-05 02:20 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy BitTorrent Client
    2014-07-26 07:41 - 2013-02-23 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strongvault Online Backup
    2014-07-26 07:41 - 2012-12-11 06:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
    2014-07-26 07:41 - 2012-10-02 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo
    2014-07-26 07:41 - 2011-10-20 19:37 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
    2014-07-26 07:41 - 2011-07-20 15:48 - 00000000 ___RD () C:\Users\Phil\Desktop\Kalyn Hunter
    2014-07-26 07:32 - 2014-07-26 04:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
    2014-07-26 07:32 - 2014-07-26 03:58 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
    2014-07-26 07:10 - 2013-08-15 00:35 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{63CEC37D-1E44-4705-B186-48006A0133CC}
    2014-07-26 05:58 - 2014-01-02 09:09 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
    2014-07-26 05:28 - 2014-07-26 05:28 - 00002052 _____ () C:\Windows\epplauncher.mif
    2014-07-26 05:15 - 2014-07-26 05:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PHIL-HUNTER-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    2014-07-26 05:13 - 2014-07-26 05:13 - 00000000 ____D () C:\RegBackup
    2014-07-26 05:12 - 2014-07-26 05:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2014-07-26 05:11 - 2014-07-26 05:11 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-07-26 05:05 - 2014-07-26 05:05 - 00003732 _____ () C:\Windows\System32\Tasks\ASD_Schedule
    2014-07-26 05:05 - 2014-07-26 04:22 - 00003272 _____ () C:\Windows\System32\Tasks\ASD_Main
    2014-07-26 04:22 - 2014-07-26 04:22 - 00001191 _____ () C:\Users\Phil\Desktop\Anvi Smart Defender.lnk
    2014-07-26 04:01 - 2014-07-26 04:01 - 13829304 _____ (Microsoft Corporation) C:\Users\Phil\Downloads\mseinstall.exe
    2014-07-26 03:58 - 2014-07-26 03:58 - 00000000 ____D () C:\ProgramData\Anvisoft
    2014-07-26 03:57 - 2014-07-26 03:57 - 36035456 _____ (Anvisoft) C:\Users\Phil\Downloads\asdsetup.exe
    2014-07-26 01:08 - 2009-07-13 23:45 - 00425504 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-07-26 01:07 - 2012-06-28 00:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-07-26 01:07 - 2012-06-28 00:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-07-26 01:06 - 2014-05-09 07:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-07-26 01:06 - 2010-11-21 02:17 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-07-26 01:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-07-26 01:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-07-26 01:05 - 2014-07-26 01:05 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Oracle
    2014-07-26 01:04 - 2013-10-17 21:50 - 00000000 ____D () C:\ProgramData\Oracle
    2014-07-26 00:22 - 2013-08-06 08:00 - 00000000 ____D () C:\Windows\system32\MRT
    2014-07-26 00:20 - 2011-07-24 10:52 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-07-26 00:19 - 2012-06-28 00:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-07-26 00:19 - 2011-07-20 15:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-07-26 00:14 - 2014-07-26 00:13 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
    2014-07-26 00:14 - 2013-06-26 20:21 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-07-24 18:54 - 2013-10-23 11:46 - 00000000 ____D () C:\Program Files (x86)\Battle.net
    2014-07-24 17:21 - 2013-09-06 15:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
    2014-07-22 18:26 - 2014-03-12 05:49 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
    2014-07-13 23:20 - 2014-07-13 23:16 - 00000000 ____D () C:\Users\Phil\AppData\Local\NVIDIA Corporation
    2014-07-13 23:20 - 2011-07-24 10:59 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
    2014-07-13 23:18 - 2014-04-29 23:38 - 00000000 ____D () C:\Users\Phil\AppData\Local\NVIDIA
    2014-07-13 23:18 - 2011-07-24 10:59 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
    2014-07-13 23:16 - 2011-07-24 11:00 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
    2014-07-13 23:15 - 2014-07-13 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2014-07-13 23:06 - 2014-07-13 23:05 - 231400888 _____ (NVIDIA Corporation) C:\Users\Phil\Downloads\337.88-desktop-win8-win7-winvista-64bit-english-whql.exe
    2014-07-13 22:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-07-13 17:57 - 2011-07-20 15:06 - 00000000 ____D () C:\Users\Phil
    2014-07-13 17:29 - 2014-07-13 17:29 - 00000000 ____D () C:\Windows\SysWOW64\%Report%
    2014-07-12 19:44 - 2014-07-12 19:44 - 01141408 _____ ( ) C:\Users\Phil\Downloads\hwmonitor_1.25-setup(1).exe
    2014-07-12 19:44 - 2014-03-11 16:00 - 00000930 _____ () C:\Users\Public\Desktop\CPUID HWMonitor.lnk
    2014-07-12 19:42 - 2014-07-12 19:41 - 01141408 _____ ( ) C:\Users\Phil\Downloads\hwmonitor_1.25-setup.exe
    2014-07-11 03:02 - 2014-07-26 00:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-07-11 02:56 - 2014-07-26 00:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2014-07-11 02:56 - 2014-07-26 00:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2014-07-11 02:55 - 2014-07-26 00:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2014-07-08 18:50 - 2013-09-23 20:44 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-07-08 18:50 - 2013-09-23 20:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-07-08 18:50 - 2013-09-23 20:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-07-08 00:58 - 2014-07-08 00:58 - 00262144 _____ () C:\Windows\Minidump\070814-21528-01.dmp
    2014-07-08 00:58 - 2014-07-08 00:58 - 00000000 ____D () C:\Windows\Minidump
    2014-07-08 00:31 - 2013-09-06 15:51 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Skype
    2014-07-06 17:47 - 2014-07-06 17:46 - 00000000 ____D () C:\Users\Phil\Downloads\oQueue_1.9.5
    2014-07-06 17:47 - 2011-07-20 18:43 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
    2014-07-06 17:45 - 2014-07-06 17:45 - 01047296 _____ () C:\Users\Phil\Downloads\oQueue_1.9.5.zip
    2014-07-04 15:57 - 2014-07-04 15:57 - 00002771 _____ () C:\Users\Public\Desktop\Desktop Weather.lnk
    2014-07-04 15:57 - 2014-07-04 15:57 - 00000000 ____D () C:\Users\Phil\AppData\Local\Downloaded Installations
    2014-07-04 15:57 - 2013-09-14 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
    2014-07-04 15:57 - 2013-09-14 11:27 - 00000000 ____D () C:\Program Files (x86)\The Weather Channel
    2014-06-29 21:09 - 2014-07-26 00:16 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-06-29 21:04 - 2014-07-26 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-06-29 01:54 - 2014-06-29 01:54 - 00000000 ____D () C:\Users\Phil\AppData\Local\Skype
    2014-06-29 01:53 - 2014-06-29 01:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2014-06-29 01:53 - 2013-09-06 15:50 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
    2014-06-29 01:53 - 2013-09-06 15:50 - 00000000 ____D () C:\ProgramData\Skype
    2014-06-27 02:24 - 2014-06-27 02:23 - 00000000 ____D () C:\Users\Phil\Downloads\oQueue_1.9.4
    2014-06-27 02:23 - 2014-06-27 02:23 - 01047047 _____ () C:\Users\Phil\Downloads\oQueue_1.9.4.zip

    Some content of TEMP:
    ====================
    C:\Users\Phil\AppData\Local\Temp\_is100B.exe
    C:\Users\Phil\AppData\Local\Temp\_isEC84.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-06-30 20:46

    ==================== End Of Log ============================

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Welcome

    Your computer is seriously infected. This will take several runs with different tools to try and get you clean.

    You have several extensions located in Google Chrome and Firefox we will have to remove by setting these browsers back to default. This will need to be done first.

    Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
    If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

    Internet Explorer
    How to reset Internet Explorer settings

    Firefox
    Click on Help / Troubleshooting Information then click on the Reset Firefox button.

    Chrome
    Chrome - Reset browser settings

    *******************************
    The below script I have created will reboot your computer, please don't be alarmed.

    Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

    start
    HKLM-x32\...\Run: [] => [X]
    HKU\.DEFAULT\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_sourc...&ts=1383634190
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190&type=default&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_sourc...&ts=1383634190
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190&type=default&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190&type=default&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_sourc...&ts=1383634190
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190&type=default&q={searchTerms}
    URLSearchHook: HKLM-x32 - MixiDJ V43 Toolbar - {62f386ad-a806-4d2c-87d2-f8cf31faf77e} - No File
    URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_sourc...&ts=1383634190
    SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
    SearchScopes: HKLM-x32 - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S02020^us&si=CJPFuOGX8LACFQhgTAodOTqFwQ&ptb=785D9EDA-F3AC-4EB7-8ED7-9CCF38CE9B0E&psa=&ind=2012062801&st=sb&n=77eda451&searchfor={searchTerms}
    SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={47693960-E050-11E2-9A02-00044B1992E1}
    SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP0EABCB22-6F73-48BF-BC6F-DA436CAAD75E&q={searchTerms}&SSPV=
    SearchScopes: HKCU - 65A02591468F493D9D37BF6677ACE964 URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3307181&CUI=UN25759970510773707&UM=2
    SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP0EABCB22-6F73-48BF-BC6F-DA436CAAD75E&q={searchTerms}&SSPV=
    SearchScopes: HKCU - {3D82820D-B262-4C35-9AC7-4E0EFF941FAF} URL = http://www.mysearchresults.com/search?c=4100&t=04&q={searchTerms}
    SearchScopes: HKCU - {47FA6A6E-1C09-4ECA-A70C-81F51DFC8355} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0101&cd=2XzuyEtN2Y1L1QzutDtDtDyEyE0BtCzyzytB0EtB0A0BtAtDtN0D0Tzu0CyBtAtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=65225379&ir=
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    SearchScopes: HKCU - {CFDB445B-2FCB-4E41-9D54-8EAAC2273CE9} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=7E1CEE6F-5D54-4C72-9082-E75978566431&apn_sauid=98577795-9D61-4581-9A2E-86C704277DF3
    BHO: No Name -> {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} -> No File
    BHO-x32: No Name -> {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} -> No File
    BHO-x32: MixiDJ V43 Toolbar -> {62f386ad-a806-4d2c-87d2-f8cf31faf77e} -> No File
    BHO-x32: No Name -> {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} -> No File
    BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
    Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKLM-x32 - MixiDJ V43 Toolbar - {62f386ad-a806-4d2c-87d2-f8cf31faf77e} - No File
    Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
    Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
    FF DefaultSearchEngine: Conduit Search
    FF SelectedSearchEngine: Conduit Search
    FF Homepage: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP0EABCB22-6F73-48BF-BC6F-DA436CAAD75E&SSPV=
    FF Plugin-x32: @ei.GamingWonderland.com/Plugin - C:\Program Files (x86)\GamingWonderlandEI\Installr\1.bin\NPgtEISB.dll No File
    FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
    FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
    FF user.js: detected! => C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\km1wbfpq.default\user.js
    FF SearchPlugin: C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\km1wbfpq.default\searchplugins\conduit-search.xml
    C:\Users\Phil\AppData\Local\Temp\_is100B.exe
    C:\Users\Phil\AppData\Local\Temp\_isEC84.exe
    Reboot:
    End
    Open FRST/FRST64 and press the Fix button just once and wait.

    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    **************************

    AdwCleaner by Xplode

    Click on this link to download : ADWCleaner
    Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

    Do not click on any links in the top Advertisment.


    Close all open windows and browsers.


    • Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

      *****


    • Click the Scan button and wait for the scan to finish.

    • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove.
    • After the scan is complete click on "Clean"
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Click the Report button to get the log
    • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
    • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
    • NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


    *****************************************

    Download Malwarebytes' Anti-Malware to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"







    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Dections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • When the scan is finished and the log pops up...select Copy to Clipboard
    • Please paste the log back into this thread for review
    • Exit Malwarebytes


    Please post:
    Fixlog.txt
    C:\AdwCleaner\AdwCleaner.txt
    MBAM log
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Due to the lack of feedback this Topic is closed.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •