PDA

View Full Version : need assistance with malware and adware lol



Hunterkiller
2014-07-27, 09:49
1171411716

This is FRST.txt only way I can figure out how to get it in here. sry I got agitated.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Phil (administrator) on PHIL-HUNTER on 27-07-2014 01:30:02
Running from C:\Users\Phil\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Akamai Technologies, Inc.) C:\Users\Phil\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Phil\AppData\Local\Akamai\netsession_win.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe
(Anvisoft Corporation) C:\Program Files (x86)\Anvisoft\Cloud System Booster\extentions\Toolbox\Anvi RAM Booster\Anvi_RAM_Booster.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\klwtblfs.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart�
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-17] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [InstantBurn] => C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [701736 2012-02-02] (CyberLink Corporation.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2012-04-02] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [222504 2012-03-06] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKU\.DEFAULT\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe�
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-311460615-1237340197-3635507080-1000\...\Run: [Power2GoExpress] => [X]
HKU\S-1-5-21-311460615-1237340197-3635507080-1000\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [55120 2014-04-09] ()
HKU\S-1-5-21-311460615-1237340197-3635507080-1000\...\Run: [CloudSystemBooster] => C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe [527544 2014-05-29] (Anvisoft)
HKU\S-1-5-21-311460615-1237340197-3635507080-1000\...\Run: [mmonitor] => C:\Program Files (x86)\Anvisoft\Cloud System Booster\extentions\toolbox\Anvi RAM Booster\Anvi_RAM_Bo (the data entry has 17 more characters).
HKU\S-1-5-21-311460615-1237340197-3635507080-1000\...\MountPoints2: D - D:\setup.exe -a
HKU\S-1-5-21-311460615-1237340197-3635507080-1000\...\MountPoints2: {37408140-39e9-11e3-b020-00044b1992e1} - F:\LGAutoRun.exe
HKU\S-1-5-21-311460615-1237340197-3635507080-1000\...\MountPoints2: {42a4b180-21cd-11e3-8202-00044b1992e1} - F:\setup.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HRBlockDirect.lnk
ShortcutTarget: HRBlockDirect.lnk -> C:\Program Files (x86)\HRBlockDirect\HRBlockDirect.exe (HR Block )

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6076F0CD0DCECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190&type=default&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190&type=default&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190&type=default&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=hp&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190&type=default&q={searchTerms}
URLSearchHook: HKLM-x32 - MixiDJ V43 Toolbar - {62f386ad-a806-4d2c-87d2-f8cf31faf77e} - No File
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S02020^us&si=CJPFuOGX8LACFQhgTAodOTqFwQ&ptb=785D9EDA-F3AC-4EB7-8ED7-9CCF38CE9B0E&psa=&ind=2012062801&st=sb&n=77eda451&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={47693960-E050-11E2-9A02-00044B1992E1}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP0EABCB22-6F73-48BF-BC6F-DA436CAAD75E&q={searchTerms}&SSPV=
SearchScopes: HKCU - 65A02591468F493D9D37BF6677ACE964 URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3307181&CUI=UN25759970510773707&UM=2
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP0EABCB22-6F73-48BF-BC6F-DA436CAAD75E&q={searchTerms}&SSPV=
SearchScopes: HKCU - {3D82820D-B262-4C35-9AC7-4E0EFF941FAF} URL = http://www.mysearchresults.com/search?c=4100&t=04&q={searchTerms}
SearchScopes: HKCU - {47FA6A6E-1C09-4ECA-A70C-81F51DFC8355} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0101&cd=2XzuyEtN2Y1L1QzutDtDtDyEyE0BtCzyzytB0EtB0A0BtAtDtN0D0Tzu0CyBtAtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=65225379&ir=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {CFDB445B-2FCB-4E41-9D54-8EAAC2273CE9} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=7E1CEE6F-5D54-4C72-9082-E75978566431&apn_sauid=98577795-9D61-4581-9A2E-86C704277DF3
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: No Name -> {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: No Name -> {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} -> No File
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: MixiDJ V43 Toolbar -> {62f386ad-a806-4d2c-87d2-f8cf31faf77e} -> No File
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: ArcPluginIEBHO Class -> {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} -> No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: No Name -> {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - MixiDJ V43 Toolbar - {62f386ad-a806-4d2c-87d2-f8cf31faf77e} - No File
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\km1wbfpq.default
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP0EABCB22-6F73-48BF-BC6F-DA436CAAD75E&SSPV=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @ei.GamingWonderland.com/Plugin - C:\Program Files (x86)\GamingWonderlandEI\Installr\1.bin\NPgtEISB.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: anvisoft.com/AdblockPlugin - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\npAdblockPlugin.dll (Anvisoft)
FF user.js: detected! => C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\km1wbfpq.default\user.js
FF SearchPlugin: C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\km1wbfpq.default\searchplugins\conduit-search.xml
FF Extension: SySaver - C:\Program Files (x86)\Mozilla Firefox\extensions\ecyoivyyjrojzoyplneg@nrbkkafymvigofepbi.org [2014-02-14]
FF Extension: Unit Layers - C:\Program Files (x86)\Mozilla Firefox\extensions\fgsegj@ohwcaijlmohgftbpsu.org [2014-02-14]
FF Extension: AnviAdblock - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\AnviAdblock@anvisoft.com.xpi [2014-07-26]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-03-18]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-03-18]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-03-18]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-03-18]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-03-18]
FF HKLM-x32\...\Firefox\Extensions: [{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}] - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP
CHR RestoreOnStartup: "hxxp://www.msn.com/?pc=BDT3&ocid=BDT3DHP","http:\/\/search.conduit.com\/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP0EABCB22-6F73-48BF-BC6F-DA436CAAD75E&SSPV="
CHR NewTab: "chrome-extension://pflphaooapbgpeakohlggbpidpppgdff/content/newtab/newtab.html"
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://www.bing.com/search?FORM=BDT3DF&PC=BDT3&q={searchTerms}
CHR Extension: (Docs) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-23]
CHR Extension: (Google Drive) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-23]
CHR Extension: (YouTube) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-23]
CHR Extension: (Extended Protection) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2013-11-05]
CHR Extension: (Google Search) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-23]
CHR Extension: (xVidly1) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dachbokeklmhlikpklnkmmealjdfanoh [2013-10-23]
CHR Extension: (Kaspersky URL Advisor) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-10-23]
CHR Extension: (Safe Money) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-10-23]
CHR Extension: (Vgrabber v1.5) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\hchkdglnjoagfcnikmcebkjlfbcbkhnm [2013-10-23]
CHR Extension: (Lightning Newtab) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-11-05]
CHR Extension: (MixiDJ V43) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplmoojljbihgoknngmcimjbaddnnhkd [2013-10-23]
CHR Extension: (Virtual Keyboard) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-10-23]
CHR Extension: (WhiteSmoke New) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi [2013-10-23]
CHR Extension: (Ziftr Alerts - formerly FreePriceAlerts.com) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngoiabglmnijabkfknliolcbjfcmbmdl [2013-10-23]
CHR Extension: (Google Wallet) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-23]
CHR Extension: (GreatArcadeHits Add-on) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh [2013-11-05]
CHR Extension: (MySearchDial New Tab) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2014-02-02]
CHR Extension: (Gmail) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-23]
CHR Extension: (Anti-Banner) - C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-10-23]
CHR HKCU\...\Chrome\Extension: [dachbokeklmhlikpklnkmmealjdfanoh] - C:\Users\Phil\AppData\Local\CRE\dachbokeklmhlikpklnkmmealjdfanoh.crx [2013-08-07]
CHR HKCU\...\Chrome\Extension: [hchkdglnjoagfcnikmcebkjlfbcbkhnm] - C:\Users\Phil\AppData\Local\CRE\hchkdglnjoagfcnikmcebkjlfbcbkhnm.crx [2013-08-20]
CHR HKCU\...\Chrome\Extension: [iplmoojljbihgoknngmcimjbaddnnhkd] - C:\Users\Phil\AppData\Local\CRE\iplmoojljbihgoknngmcimjbaddnnhkd.crx [2013-10-02]
CHR HKCU\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Phil\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-04-25]
CHR HKLM-x32\...\Chrome\Extension: [dachbokeklmhlikpklnkmmealjdfanoh] - C:\Users\Phil\AppData\Local\CRE\dachbokeklmhlikpklnkmmealjdfanoh.crx [2013-08-07]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [hchkdglnjoagfcnikmcebkjlfbcbkhnm] - C:\Users\Phil\AppData\Local\CRE\hchkdglnjoagfcnikmcebkjlfbcbkhnm.crx [2013-08-20]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [iplmoojljbihgoknngmcimjbaddnnhkd] - C:\Users\Phil\AppData\Local\CRE\iplmoojljbihgoknngmcimjbaddnnhkd.crx [2013-10-02]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-18]
CHR HKLM-x32\...\Chrome\Extension: [klibnahbojhkanfgaglnlalfkgpcppfi] - C:\Users\Phil\AppData\Local\CRE\klibnahbojhkanfgaglnlalfkgpcppfi.crx [2013-04-25]
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx [2014-04-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - [url]https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2014-07-14]
CHR HKLM-x32\...\Chrome\Extension: [ngoiabglmnijabkfknliolcbjfcmbmdl] - C:\ProgramData\FreePriceAlerts\Chrome\FreePriceAlerts.crx [2013-09-16]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-18]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.dosearches.com/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=sc&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [42680 2014-05-29] (Anvisoft)
R2 ASD2Svc; C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2Srv.exe [1206504 2014-05-28] (Anvisoft)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-17] (Kaspersky Lab ZAO)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2012-04-02] (CyberLink)
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-07-20] (Creative Labs) [File not signed]
R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2010-09-06] () [File not signed]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [X]
S2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 asd2fsm; C:\Windows\System32\DRIVERS\asd2fsm.sys [48656 2014-05-28] (Anvisoft)
R1 Asdids; C:\Windows\System32\DRIVERS\asdids.sys [47632 2014-05-28] (Anvisoft)
S0 aswRvrt; No ImagePath
R1 CLBStor; C:\Windows\System32\DRIVERS\CLBStor.sys [24560 2012-02-02] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [377840 2012-02-02] (CyberLink Corporation.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-06-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-04-23] (Kaspersky Lab ZAO)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-13] (Microsoft Corporation)
S3 WN111v2; C:\Windows\System32\DRIVERS\WN111v2x.sys [553472 2008-09-29] (Atheros Communications, Inc.)
R3 aswVmm; \??\C:\Users\Phil\AppData\Local\Temp\aswVmm.sys [X]
S3 cpuz136; \??\C:\Users\Phil\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
U3 aswMBR; \??\C:\Users\Phil\AppData\Local\Temp\aswMBR.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 01:26 - 2014-07-27 01:30 - 00032548 _____ () C:\Users\Phil\Desktop\FRST.txt
2014-07-27 01:23 - 2014-07-27 01:23 - 02093568 _____ (Farbar) C:\Users\Phil\Desktop\FRST64.exe
2014-07-27 01:10 - 2014-07-27 01:10 - 00002370 _____ () C:\Users\Phil\Desktop\aswMBR.txt
2014-07-27 01:10 - 2014-07-27 01:10 - 00000512 _____ () C:\Users\Phil\Desktop\MBR.dat
2014-07-26 08:35 - 2014-07-26 08:35 - 00000224 _____ () C:\Windows\setupact.log
2014-07-26 08:35 - 2014-07-26 08:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-26 08:34 - 2014-07-26 08:34 - 00001366 _____ () C:\Windows\PFRO.log
2014-07-26 05:28 - 2014-07-26 05:28 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-07-26 05:17 - 2014-07-27 01:21 - 00000000 ____D () C:\Users\Phil\Desktop\VIRUS RECOVERY FOLDER
2014-07-26 05:16 - 2014-07-27 01:30 - 00000000 ____D () C:\FRST
2014-07-26 05:15 - 2014-07-26 05:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PHIL-HUNTER-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-07-26 05:13 - 2014-07-26 05:13 - 00000000 ____D () C:\RegBackup
2014-07-26 05:12 - 2014-07-26 05:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-26 05:11 - 2014-07-26 05:11 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-26 05:05 - 2014-07-26 05:05 - 00003732 _____ () C:\Windows\System32\Tasks\ASD_Schedule
2014-07-26 04:22 - 2014-07-26 08:35 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-26 04:22 - 2014-07-26 07:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-07-26 04:22 - 2014-07-26 05:05 - 00003272 _____ () C:\Windows\System32\Tasks\ASD_Main
2014-07-26 04:22 - 2014-07-26 04:22 - 00001191 _____ () C:\Users\Phil\Desktop\Anvi Smart Defender.lnk
2014-07-26 04:01 - 2014-07-26 04:01 - 13829304 _____ (Microsoft Corporation) C:\Users\Phil\Downloads\mseinstall.exe
2014-07-26 03:58 - 2014-07-26 07:32 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-07-26 03:58 - 2014-07-26 03:58 - 00000000 ____D () C:\ProgramData\Anvisoft
2014-07-26 03:58 - 2014-05-28 21:03 - 00048656 _____ (Anvisoft) C:\Windows\system32\Drivers\asd2fsm.sys
2014-07-26 03:57 - 2014-07-26 03:57 - 36035456 _____ (Anvisoft) C:\Users\Phil\Downloads\asdsetup.exe
2014-07-26 01:05 - 2014-07-26 01:05 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Oracle
2014-07-26 00:16 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-26 00:16 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-26 00:16 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-26 00:16 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-26 00:16 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-26 00:16 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-26 00:15 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-26 00:15 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-26 00:15 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-26 00:15 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-26 00:15 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-26 00:15 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-26 00:15 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-26 00:15 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-26 00:15 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-26 00:15 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-26 00:15 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-26 00:15 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-26 00:15 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-26 00:15 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-26 00:15 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-26 00:15 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-26 00:15 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-26 00:15 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-26 00:15 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-26 00:15 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-26 00:15 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-26 00:15 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-26 00:15 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-26 00:15 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-26 00:15 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-26 00:15 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-26 00:15 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-26 00:15 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-26 00:15 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-26 00:15 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-26 00:15 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-26 00:15 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-26 00:15 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-26 00:15 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-26 00:15 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-26 00:15 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-26 00:15 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-26 00:15 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-26 00:15 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-26 00:15 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-26 00:15 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-26 00:15 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-26 00:15 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-26 00:15 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-26 00:15 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-26 00:15 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-26 00:15 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-26 00:15 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-26 00:15 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-26 00:15 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-26 00:15 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-26 00:15 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-26 00:15 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-26 00:15 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-26 00:15 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-26 00:15 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-26 00:15 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-26 00:15 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-26 00:15 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-26 00:15 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-26 00:15 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-26 00:15 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-26 00:15 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-26 00:15 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-26 00:15 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-26 00:15 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-26 00:15 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-26 00:15 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-26 00:15 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-26 00:15 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-26 00:15 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-26 00:15 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-26 00:14 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-26 00:14 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-26 00:14 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-26 00:14 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-26 00:13 - 2014-07-26 00:14 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-26 00:12 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-26 00:12 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-26 00:12 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-13 23:20 - 2014-05-29 18:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-07-13 23:20 - 2014-05-29 18:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-07-13 23:16 - 2014-07-13 23:20 - 00000000 ____D () C:\Users\Phil\AppData\Local\NVIDIA Corporation
2014-07-13 23:16 - 2014-05-29 18:07 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-07-13 23:16 - 2014-05-29 18:07 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-07-13 23:15 - 2014-07-13 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-13 23:14 - 2014-05-19 18:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-07-13 23:14 - 2014-05-14 18:49 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-07-13 23:12 - 2014-05-19 21:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-07-13 23:12 - 2014-05-19 21:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-07-13 23:12 - 2014-05-19 21:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-07-13 23:12 - 2014-03-31 11:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-07-13 23:12 - 2014-03-31 11:42 - 00037320 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-07-13 23:12 - 2014-03-31 11:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-07-13 23:05 - 2014-07-13 23:06 - 231400888 _____ (NVIDIA Corporation) C:\Users\Phil\Downloads\337.88-desktop-win8-win7-winvista-64bit-english-whql.exe
2014-07-13 17:29 - 2014-07-13 17:29 - 00000000 ____D () C:\Windows\SysWOW64\%Report%
2014-07-12 19:44 - 2014-07-12 19:44 - 01141408 _____ ( ) C:\Users\Phil\Downloads\hwmonitor_1.25-setup(1).exe
2014-07-12 19:41 - 2014-07-12 19:42 - 01141408 _____ ( ) C:\Users\Phil\Downloads\hwmonitor_1.25-setup.exe
2014-07-08 00:58 - 2014-07-08 00:58 - 00262144 _____ () C:\Windows\Minidump\070814-21528-01.dmp
2014-07-08 00:58 - 2014-07-08 00:58 - 00000000 ____D () C:\Windows\Minidump
2014-07-06 17:46 - 2014-07-06 17:47 - 00000000 ____D () C:\Users\Phil\Downloads\oQueue_1.9.5
2014-07-06 17:45 - 2014-07-06 17:45 - 01047296 _____ () C:\Users\Phil\Downloads\oQueue_1.9.5.zip
2014-07-04 15:57 - 2014-07-04 15:57 - 00002771 _____ () C:\Users\Public\Desktop\Desktop Weather.lnk
2014-07-04 15:57 - 2014-07-04 15:57 - 00000000 ____D () C:\Users\Phil\AppData\Local\Downloaded Installations
2014-06-29 01:54 - 2014-06-29 01:54 - 00000000 ____D () C:\Users\Phil\AppData\Local\Skype
2014-06-29 01:53 - 2014-06-29 01:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-27 02:23 - 2014-06-27 02:24 - 00000000 ____D () C:\Users\Phil\Downloads\oQueue_1.9.4
2014-06-27 02:23 - 2014-06-27 02:23 - 01047047 _____ () C:\Users\Phil\Downloads\oQueue_1.9.4.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-27 01:30 - 2014-07-27 01:26 - 00032548 _____ () C:\Users\Phil\Desktop\FRST.txt
2014-07-27 01:30 - 2014-07-26 05:16 - 00000000 ____D () C:\FRST
2014-07-27 01:23 - 2014-07-27 01:23 - 02093568 _____ (Farbar) C:\Users\Phil\Desktop\FRST64.exe
2014-07-27 01:21 - 2014-07-26 05:17 - 00000000 ____D () C:\Users\Phil\Desktop\VIRUS RECOVERY FOLDER
2014-07-27 01:21 - 2014-02-14 01:21 - 00000288 _____ () C:\Windows\Tasks\Digital Sites.job
2014-07-27 01:21 - 2013-10-20 20:21 - 00000288 _____ () C:\Windows\Tasks\DigitalSite.job
2014-07-27 01:15 - 2013-03-18 18:46 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-27 01:10 - 2014-07-27 01:10 - 00002370 _____ () C:\Users\Phil\Desktop\aswMBR.txt
2014-07-27 01:10 - 2014-07-27 01:10 - 00000512 _____ () C:\Users\Phil\Desktop\MBR.dat
2014-07-27 00:50 - 2013-09-23 20:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-27 00:37 - 2013-08-12 17:42 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-27 00:28 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-27 00:21 - 2013-10-20 21:21 - 00000208 _____ () C:\Users\Phil\AppData\Roaming\WB.CFG
2014-07-26 22:12 - 2013-10-10 18:50 - 00000000 ____D () C:\Users\Phil\AppData\Local\SevereWeatherAlerts
2014-07-26 21:02 - 2013-10-23 11:46 - 00000000 ____D () C:\Users\Phil\AppData\Local\Battle.net
2014-07-26 17:55 - 2011-07-20 15:06 - 01212934 _____ () C:\Windows\WindowsUpdate.log
2014-07-26 09:37 - 2013-08-12 17:42 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-26 08:42 - 2009-07-13 23:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-26 08:42 - 2009-07-13 23:45 - 00022064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-26 08:35 - 2014-07-26 08:35 - 00000224 _____ () C:\Windows\setupact.log
2014-07-26 08:35 - 2014-07-26 08:35 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-26 08:35 - 2014-07-26 04:22 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-07-26 08:35 - 2013-05-21 18:58 - 00155136 ___SH () C:\Users\Phil\Desktop\Thumbs.db
2014-07-26 08:35 - 2011-07-24 11:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-26 08:35 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-26 08:34 - 2014-07-26 08:34 - 00001366 _____ () C:\Windows\PFRO.log
2014-07-26 08:08 - 2013-09-18 03:48 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Guild Wars 2
2014-07-26 08:08 - 2012-10-18 23:16 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\TS3Client
2014-07-26 07:57 - 2011-07-20 15:47 - 00000000 ____D () C:\Users\Phil\Documents\My Received Files
2014-07-26 07:42 - 2014-02-14 02:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-26 07:42 - 2011-07-20 17:53 - 00000000 ____D () C:\Windows\Panther
2014-07-26 07:41 - 2013-10-05 02:20 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Easy BitTorrent Client
2014-07-26 07:41 - 2013-02-23 22:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strongvault Online Backup
2014-07-26 07:41 - 2012-12-11 06:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-07-26 07:41 - 2012-10-02 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo
2014-07-26 07:41 - 2011-10-20 19:37 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-07-26 07:41 - 2011-07-20 15:48 - 00000000 ___RD () C:\Users\Phil\Desktop\Kalyn Hunter
2014-07-26 07:32 - 2014-07-26 04:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-07-26 07:32 - 2014-07-26 03:58 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-07-26 07:10 - 2013-08-15 00:35 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{63CEC37D-1E44-4705-B186-48006A0133CC}
2014-07-26 05:58 - 2014-01-02 09:09 - 00000000 ____D () C:\Program Files (x86)\Mobogenie
2014-07-26 05:28 - 2014-07-26 05:28 - 00002052 _____ () C:\Windows\epplauncher.mif
2014-07-26 05:15 - 2014-07-26 05:15 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PHIL-HUNTER-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-07-26 05:13 - 2014-07-26 05:13 - 00000000 ____D () C:\RegBackup
2014-07-26 05:12 - 2014-07-26 05:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-07-26 05:11 - 2014-07-26 05:11 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-07-26 05:05 - 2014-07-26 05:05 - 00003732 _____ () C:\Windows\System32\Tasks\ASD_Schedule
2014-07-26 05:05 - 2014-07-26 04:22 - 00003272 _____ () C:\Windows\System32\Tasks\ASD_Main
2014-07-26 04:22 - 2014-07-26 04:22 - 00001191 _____ () C:\Users\Phil\Desktop\Anvi Smart Defender.lnk
2014-07-26 04:01 - 2014-07-26 04:01 - 13829304 _____ (Microsoft Corporation) C:\Users\Phil\Downloads\mseinstall.exe
2014-07-26 03:58 - 2014-07-26 03:58 - 00000000 ____D () C:\ProgramData\Anvisoft
2014-07-26 03:57 - 2014-07-26 03:57 - 36035456 _____ (Anvisoft) C:\Users\Phil\Downloads\asdsetup.exe
2014-07-26 01:08 - 2009-07-13 23:45 - 00425504 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-26 01:07 - 2012-06-28 00:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-26 01:07 - 2012-06-28 00:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-26 01:06 - 2014-05-09 07:15 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-26 01:06 - 2010-11-21 02:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-26 01:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-26 01:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-26 01:05 - 2014-07-26 01:05 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Oracle
2014-07-26 01:04 - 2013-10-17 21:50 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-26 00:22 - 2013-08-06 08:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-26 00:20 - 2011-07-24 10:52 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-26 00:19 - 2012-06-28 00:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-26 00:19 - 2011-07-20 15:24 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-26 00:14 - 2014-07-26 00:13 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-26 00:14 - 2013-06-26 20:21 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-24 18:54 - 2013-10-23 11:46 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-07-24 17:21 - 2013-09-06 15:50 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-22 18:26 - 2014-03-12 05:49 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-07-13 23:20 - 2014-07-13 23:16 - 00000000 ____D () C:\Users\Phil\AppData\Local\NVIDIA Corporation
2014-07-13 23:20 - 2011-07-24 10:59 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-13 23:18 - 2014-04-29 23:38 - 00000000 ____D () C:\Users\Phil\AppData\Local\NVIDIA
2014-07-13 23:18 - 2011-07-24 10:59 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-07-13 23:16 - 2011-07-24 11:00 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-07-13 23:15 - 2014-07-13 23:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-13 23:06 - 2014-07-13 23:05 - 231400888 _____ (NVIDIA Corporation) C:\Users\Phil\Downloads\337.88-desktop-win8-win7-winvista-64bit-english-whql.exe
2014-07-13 22:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-13 17:57 - 2011-07-20 15:06 - 00000000 ____D () C:\Users\Phil
2014-07-13 17:29 - 2014-07-13 17:29 - 00000000 ____D () C:\Windows\SysWOW64\%Report%
2014-07-12 19:44 - 2014-07-12 19:44 - 01141408 _____ ( ) C:\Users\Phil\Downloads\hwmonitor_1.25-setup(1).exe
2014-07-12 19:44 - 2014-03-11 16:00 - 00000930 _____ () C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2014-07-12 19:42 - 2014-07-12 19:41 - 01141408 _____ ( ) C:\Users\Phil\Downloads\hwmonitor_1.25-setup.exe
2014-07-11 03:02 - 2014-07-26 00:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-26 00:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-26 00:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-26 00:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-08 18:50 - 2013-09-23 20:44 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 18:50 - 2013-09-23 20:44 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 18:50 - 2013-09-23 20:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 00:58 - 2014-07-08 00:58 - 00262144 _____ () C:\Windows\Minidump\070814-21528-01.dmp
2014-07-08 00:58 - 2014-07-08 00:58 - 00000000 ____D () C:\Windows\Minidump
2014-07-08 00:31 - 2013-09-06 15:51 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Skype
2014-07-06 17:47 - 2014-07-06 17:46 - 00000000 ____D () C:\Users\Phil\Downloads\oQueue_1.9.5
2014-07-06 17:47 - 2011-07-20 18:43 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-07-06 17:45 - 2014-07-06 17:45 - 01047296 _____ () C:\Users\Phil\Downloads\oQueue_1.9.5.zip
2014-07-04 15:57 - 2014-07-04 15:57 - 00002771 _____ () C:\Users\Public\Desktop\Desktop Weather.lnk
2014-07-04 15:57 - 2014-07-04 15:57 - 00000000 ____D () C:\Users\Phil\AppData\Local\Downloaded Installations
2014-07-04 15:57 - 2013-09-14 11:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Weather Channel
2014-07-04 15:57 - 2013-09-14 11:27 - 00000000 ____D () C:\Program Files (x86)\The Weather Channel
2014-06-29 21:09 - 2014-07-26 00:16 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 21:04 - 2014-07-26 00:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 01:54 - 2014-06-29 01:54 - 00000000 ____D () C:\Users\Phil\AppData\Local\Skype
2014-06-29 01:53 - 2014-06-29 01:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-29 01:53 - 2013-09-06 15:50 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-29 01:53 - 2013-09-06 15:50 - 00000000 ____D () C:\ProgramData\Skype
2014-06-27 02:24 - 2014-06-27 02:23 - 00000000 ____D () C:\Users\Phil\Downloads\oQueue_1.9.4
2014-06-27 02:23 - 2014-06-27 02:23 - 01047047 _____ () C:\Users\Phil\Downloads\oQueue_1.9.4.zip

Some content of TEMP:
====================
C:\Users\Phil\AppData\Local\Temp\_is100B.exe
C:\Users\Phil\AppData\Local\Temp\_isEC84.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-06-30 20:46

==================== End Of Log ============================

Juliet
2014-07-27, 15:45
Welcome

Your computer is seriously infected. This will take several runs with different tools to try and get you clean.

You have several extensions located in Google Chrome and Firefox we will have to remove by setting these browsers back to default. This will need to be done first.

Please visit each of the following sites and lets reset all of your browsers back to defaults to prevent unexpected issues.
If you are not using one of the browsers but it is installed then you may want to consider uninstalling it as older versions of some software can pose an increase in the potential for an infection to get in.

Internet Explorer
How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)

Firefox
Click on Help / Troubleshooting Information then click on the Reset Firefox button.

Chrome
Chrome - Reset browser settings (https://support.google.com/chrome/answer/3296214?hl=en)

*******************************
The below script I have created will reboot your computer, please don't be alarmed.

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)



start
HKLM-x32\...\Run: [] => [X]
HKU\.DEFAULT\...\Run: [SearchProtect] => \SearchProtect\bin\cltmng.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_sourc...&ts=1383634190
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190&type=default&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_sourc...&ts=1383634190
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190&type=default&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190&type=default&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dosearches.com/?utm_sourc...&ts=1383634190
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://search.dosearches.com/web/?utm_source=b&utm_medium=tugs&utm_campaign=rg&utm_content=ds&from=tugs&uid=3219913727_67194_C482AB30&ts=1383634190&type=default&q={searchTerms}
URLSearchHook: HKLM-x32 - MixiDJ V43 Toolbar - {62f386ad-a806-4d2c-87d2-f8cf31faf77e} - No File
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.dosearches.com/?utm_sourc...&ts=1383634190
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL =
SearchScopes: HKLM-x32 - {a5b9c0f5-5616-47cd-a95f-e43b488faccf} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^XP^xdm044^S02020^us&si=CJPFuOGX8LACFQhgTAodOTqFwQ&ptb=785D9EDA-F3AC-4EB7-8ED7-9CCF38CE9B0E&psa=&ind=2012062801&st=sb&n=77eda451&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={47693960-E050-11E2-9A02-00044B1992E1}
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP0EABCB22-6F73-48BF-BC6F-DA436CAAD75E&q={searchTerms}&SSPV=
SearchScopes: HKCU - 65A02591468F493D9D37BF6677ACE964 URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3307181&CUI=UN25759970510773707&UM=2
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP0EABCB22-6F73-48BF-BC6F-DA436CAAD75E&q={searchTerms}&SSPV=
SearchScopes: HKCU - {3D82820D-B262-4C35-9AC7-4E0EFF941FAF} URL = http://www.mysearchresults.com/search?c=4100&t=04&q={searchTerms}
SearchScopes: HKCU - {47FA6A6E-1C09-4ECA-A70C-81F51DFC8355} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr0101&cd=2XzuyEtN2Y1L1QzutDtDtDyEyE0BtCzyzytB0EtB0A0BtAtDtN0D0Tzu0CyBtAtBtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=65225379&ir=
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {CFDB445B-2FCB-4E41-9D54-8EAAC2273CE9} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=7E1CEE6F-5D54-4C72-9082-E75978566431&apn_sauid=98577795-9D61-4581-9A2E-86C704277DF3
BHO: No Name -> {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} -> No File
BHO-x32: No Name -> {1C8501DD-5580-48AB-B25C-6D5DBE835A6A} -> No File
BHO-x32: MixiDJ V43 Toolbar -> {62f386ad-a806-4d2c-87d2-f8cf31faf77e} -> No File
BHO-x32: No Name -> {A7C0A55C-300E-4193-8FB5-5DB8E6533D35} -> No File
BHO-x32: Ask Toolbar -> {D4027C7F-154A-4066-A1AD-4243D8127440} -> No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - MixiDJ V43 Toolbar - {62f386ad-a806-4d2c-87d2-f8cf31faf77e} - No File
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3314759&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP0EABCB22-6F73-48BF-BC6F-DA436CAAD75E&SSPV=
FF Plugin-x32: @ei.GamingWonderland.com/Plugin - C:\Program Files (x86)\GamingWonderlandEI\Installr\1.bin\NPgtEISB.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @perfectworld.com/npArcPlayNowPlugin - C:\Program Files (x86)\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll No File
FF user.js: detected! => C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\km1wbfpq.default\user.js
FF SearchPlugin: C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\km1wbfpq.default\searchplugins\conduit-search.xml
C:\Users\Phil\AppData\Local\Temp\_is100B.exe
C:\Users\Phil\AppData\Local\Temp\_isEC84.exe
Reboot:
End


Open FRST/FRST64 and press the Fix button just once and wait.

http://i739.photobucket.com/albums/xx33/emeraldnzl/FRSTconsole-2.jpg (http://s739.photobucket.com/user/emeraldnzl/media/FRSTconsole-2.jpg.html)

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

**************************

AdwCleaner by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


Close all open windows and browsers.



Right click the AdwCleaner icon http://i1059.photobucket.com/albums/t432/cinjo23/RightClickonAdwCleanerIcon.jpg on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

*****
https://dl.dropbox.com/u/73555776/AdwCleaner.GIF


Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Click the Report button to get the log
Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.

*****************************************

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif



On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes


Please post:
Fixlog.txt
C:\AdwCleaner\AdwCleaner.txt
MBAM log

Juliet
2014-08-02, 14:42
Due to the lack of feedback this Topic is closed.