[geekyandhow]

Hi guys,

 

Yesterday, I downloaded a software called Tardsplaya which streams Twitch without lags.

 

Few hours later, I received an email from FB that someone tried to reset my PW.

 

I'm really worried if my computer has been compromised by this or some other software.

 

 

Any help is appreciated. Thanks!

[Advertisements]

Hi geekyandhow,

Welcome to . My name is Jr0x and I'll be helping you with your problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

Before we get started, there are a few things I need you to take note of.

• Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
• If there is anything you are unclear of, please ask before you start the fix.
• Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
• Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
• There may be delayed response to you as we may live in different timezone.
• Inform me of anything that happens unexpectedly during the fix at any point of time.
• As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
• Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

Let's get started.

Scan with Farbar's Recovery Scan Tool (FRST)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Edited by Jr0x, 22 March 2016 - 07:09 AM.

[Jr0x]

Hi geekyandhow,

Welcome to . My name is Jr0x and I'll be helping you with your problem.

Please Note: I am still in training and my fixes have to be approved by my instructor so there may be a slight delay in my replies. Look upon it as a good thing though in that you have two people looking at your problem.

Before we get started, there are a few things I need you to take note of.

• Please read through the instructions before attempting to follow those procedures. I would recommend printing them out as some of the instructions would requires you to be in safe mode / offline.
• If there is anything you are unclear of, please ask before you start the fix.
• Do not run any scripts / tools on your own, unsupervised usage may cause more harm than good.
• Please stay with me on this thread, do not start another thread in here (Geeks To Go) or any other forum until I've declared you clean and good to go.
• There may be delayed response to you as we may live in different timezone.
• Inform me of anything that happens unexpectedly during the fix at any point of time.
• As much as we like to make this a easy process for you. Malware removal is a complex multi-step process, and things may happen such as data loss or render your machine unbootable. I would recommend that you backup your personal data before we proceed.
• Posts that are not replied to in four (4) days will result in the topic being closed. We have not forgotten you; this is just an effort to keep the boards organized and flowing. To continue on your closed topic, please PM me or any Moderator to have the topic reactivated. If, at any time during our working together, I have not responded to you in 2 days (48 hours), then please PM me.
• Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
• As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

Let's get started.

Scan with Farbar's Recovery Scan Tool (FRST)

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Edited by Jr0x, 22 March 2016 - 07:09 AM.

[geekyandhow]

Hi Jr0x,

 

Thank you very much for your response. Here are the two logs as requested:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01

Ran by Neville (administrator) on VAIO (24-03-2016 03:37:37)

Running from C:\Users\Neville\Desktop

Loaded Profiles: Neville & postgres (Available Profiles: Neville & postgres & Guest)

Platform: Windows 8.1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

() C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe

(Avanquest Software) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE

(Flux Software LLC) C:\Users\Neville\AppData\Local\FluxSoftware\Flux\flux.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-11] (Realtek Semiconductor)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)

HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [533208 2013-04-03] (Broadcom Corporation.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-06] (Microsoft Corporation)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-11-01] (Wondershare)

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-02-18] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3862440 2016-03-02] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\Run: [f.lux] => C:\Users\Neville\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [908824 2016-02-25] (BlueStack Systems, Inc.)

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\Run: [CPN Notifier] => C:\Program Files (x86)\Intertops Poker\PokerNotifier.exe

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\MountPoints2: {91800f8e-ea5d-11e5-bf70-3c77e6dc9c56} - "E:\Startme.exe" 

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\MountPoints2: {c4eefb77-9348-11e5-bf4d-3c77e6dc9c56} - "E:\.\Setup.exe" 

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\Run: [Google Update] => "C:\Users\Neville\AppData\Local\Google\Update\GoogleUpdate.exe" /c

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\Run: [Facebook Update] => "C:\Users\Neville\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\Run: [GoogleChromeAutoLaunch_025349DF926404DCBA5805A40191CC91] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874136 2016-03-08] (Google Inc.)

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\Run: [f.lux] => C:\Users\Neville\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\Run: [CPN Notifier] => C:\Program Files (x86)\Intertops Poker\PokerNotifier.exe

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)

IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\ois.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\Winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrivateTunnel.lnk [2016-02-29]

ShortcutTarget: PrivateTunnel.lnk -> C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\privatetunnel2.5.5.exe (OpenVPN Technologies)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{67916458-BEE9-4A48-8387-C78A355ED6BE}: [DhcpNameServer] 202.88.131.90 202.88.131.89

Tcpip\..\Interfaces\{A7CA6FDC-65B3-4CF9-B6DE-3266EBD35973}: [DhcpNameServer] 192.168.2.1

 

Internet Explorer:

==================

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

SearchScopes: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-01] (Oracle Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-01] (Oracle Corporation)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

 

FireFox:

========

FF ProfilePath: C:\Users\Neville\AppData\Roaming\Mozilla\Firefox\Profiles\zpq2ecz1.default-1395808145287

FF DefaultSearchEngine: AVG Secure Search

FF DefaultSearchEngine.US: Google

FF DefaultSearchUrl: 

FF SelectedSearchEngine: AVG Secure Search

FF Homepage: google.com

FF Keyword.URL: 

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-12] ()

FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll [2013-10-27] (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-12] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-27] (Google, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-01] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-01] (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)

FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2012-07-13] (Sony Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-28] (Adobe Systems Inc.)

FF user.js: detected! => C:\Users\Neville\AppData\Roaming\Mozilla\Firefox\Profiles\zpq2ecz1.default-1395808145287\user.js [2015-10-29]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-09-08]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-10-05]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]

 

Chrome: 

=======

CHR Profile: C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]

CHR Extension: (YouTube) - C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]

CHR Extension: (Google Search) - C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]

CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2016-03-20]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-03-02] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3934184 2016-03-02] (AVG Technologies CZ, s.r.o.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1045928 2016-02-18] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-03-02] (AVG Technologies CZ, s.r.o.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-05] (Broadcom Corporation.)

R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-02-25] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-02-25] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [876056 2016-02-25] (BlueStack Systems, Inc.)

S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)

S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-02] (Intel Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-28] (Sony Corporation)

R2 ovpnagent; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [1493224 2016-02-19] ()

R2 postgresql-8.4; C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe [66048 2011-01-28] (PostgreSQL Global Development Group) [File not signed]

S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2012-09-20] (Sony Corporation) [File not signed]

S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH)

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4364200 2016-02-15] (AVG Technologies CZ, s.r.o.)

R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [48552 2016-02-15] (AVG Technologies CZ, s.r.o.)

R2 UxTuneUp; C:\WINDOWS\SysWOW64\uxtuneup.dll [42408 2016-02-15] (AVG Technologies CZ, s.r.o.)

S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-07] (Sony Corporation)

R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-08-01] (Sony Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-26] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378288 2016-02-03] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [269232 2016-03-02] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)

R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)

R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-05] (Broadcom Corporation.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8469680 2014-03-14] (Broadcom Corporation)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-02-25] (BlueStack Systems)

R3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-05-16] (Broadcom Corporation.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2016-03-18] (Sony Mobile Communications)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2014-04-25] (The OpenVPN Project)

S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [29352 2015-10-09] ()

S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-07-31] ()

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)

S3 tapSF0901; C:\Windows\system32\DRIVERS\tapSF0901.sys [39104 2014-03-21] (Spotflux, Inc.)

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com)

S1 Capsax64Drv0; System32\Drivers\Capsax64Drv0.sys [X]

S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]

S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X]

S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-03-24 03:37 - 2016-03-24 03:37 - 02374144 _____ (Farbar) C:\Users\Neville\Desktop\FRST64.exe

2016-03-24 03:37 - 2016-03-24 03:37 - 00025930 _____ C:\Users\Neville\Desktop\FRST.txt

2016-03-24 03:37 - 2016-03-24 03:37 - 00000000 ____D C:\FRST

2016-03-23 07:33 - 2016-03-23 11:14 - 00000034 _____ C:\Users\Neville\Desktop\caesars.txt

2016-03-22 13:25 - 2016-03-22 13:25 - 03204305 _____ C:\Users\Neville\Desktop\DRWTC-Switch-V 1.2-9-15.pdf

2016-03-22 11:26 - 2016-03-23 02:06 - 00000000 ____D C:\Users\Neville\Downloads\Bol (2011) Urdu 1CD PDVDRip XviD MP3-=MTR=-(www.mastitorrents.com)

2016-03-22 10:20 - 2016-03-22 10:34 - 00000000 ____D C:\Users\Neville\Downloads\e 2005 My Brother... Nikhil (IND) [EngSub]

2016-03-22 09:53 - 2016-03-22 11:00 - 00000000 ____D C:\Users\Neville\Downloads\Time Out (2015) 720p - DVDRip - x264 - AC3 - ESub [DDR]

2016-03-21 01:31 - 2016-03-21 01:32 - 10580340 _____ C:\Users\Neville\Desktop\tardsplaya_1.0.0.5.7z

2016-03-19 04:03 - 2016-03-19 04:03 - 00000610 _____ C:\Users\Neville\Desktop\kijiji Ad.txt

2016-03-18 01:41 - 2016-03-18 01:41 - 00030424 _____ (Sony Mobile Communications) C:\WINDOWS\system32\Drivers\ggsomc.sys

2016-03-18 01:41 - 2016-03-18 01:41 - 00016088 _____ (Sony Mobile Communications) C:\WINDOWS\system32\Drivers\ggflt.sys

2016-03-18 01:40 - 2016-03-18 01:40 - 00000000 ____D C:\ProgramData\Sony Mobile

2016-03-18 01:40 - 2016-03-18 01:40 - 00000000 ____D C:\Program Files (x86)\Sony Mobile

2016-03-18 01:30 - 2016-03-18 01:30 - 00000000 ____R C:\Users\Neville\Desktop\THUMBDATA3--1967290299 File.txt

2016-03-18 01:20 - 2016-03-04 16:06 - 481953207 ____N C:\Users\Neville\Desktop\.thumbdata3--1967290299

2016-03-18 01:19 - 2016-02-29 23:36 - 459533329 ____N C:\Users\Neville\Desktop\.thumbdata3-1763508120

2016-03-18 01:15 - 2016-03-18 01:15 - 00002118 _____ C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk

2016-03-18 01:15 - 2016-03-18 01:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

2016-03-18 01:02 - 2016-03-18 01:04 - 00000000 ____D C:\Users\Neville\Desktop\WhatsApp

2016-03-13 00:01 - 2016-03-13 00:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple

2016-03-13 00:01 - 2016-03-13 00:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2016-03-12 04:45 - 2016-03-12 04:43 - 05603424 ____R C:\Users\Neville\Desktop\The Intelligent Investor - Benjamin Graham.pdf

2016-03-12 04:43 - 2016-03-12 04:43 - 05603424 _____ C:\Users\Neville\Downloads\The Intelligent Investor - Benjamin Graham.pdf

2016-03-12 04:42 - 2016-03-22 09:52 - 00000000 ____D C:\Users\Neville\AppData\LocalLow\BitTorrent

2016-03-12 02:14 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll

2016-03-12 02:13 - 2016-03-12 02:13 - 00001713 _____ C:\Users\Neville\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk

2016-03-12 02:13 - 2016-03-12 02:13 - 00000000 ____D C:\ProgramData\BlueStacksGameManager

2016-03-12 02:12 - 2016-03-12 02:13 - 00000000 ____D C:\ProgramData\BlueStacks

2016-03-12 02:12 - 2016-03-12 02:13 - 00000000 ____D C:\Program Files (x86)\BlueStacks

2016-03-12 02:10 - 2016-03-12 02:10 - 00000000 ____D C:\Users\Neville\AppData\Local\Bluestacks

2016-03-12 02:06 - 2016-03-12 02:08 - 280530984 _____ (BlueStack Systems Inc.) C:\Users\Neville\Desktop\BlueStacks2_native_grindr-ap-us.exe

2016-03-12 00:07 - 2016-03-12 00:07 - 11035328 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

2016-03-11 23:23 - 2016-03-08 12:30 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2016-03-11 23:23 - 2016-03-08 12:30 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2016-03-08 23:42 - 2015-12-31 03:23 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2016-03-08 23:41 - 2016-02-20 21:15 - 01373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2016-03-08 23:41 - 2016-02-20 21:15 - 01168896 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2016-03-08 23:41 - 2016-02-20 21:15 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2016-03-08 23:41 - 2016-02-20 21:15 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2016-03-08 23:41 - 2016-02-20 21:15 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2016-03-08 23:41 - 2016-02-20 21:15 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2016-03-08 23:41 - 2016-02-13 00:44 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2016-03-08 23:41 - 2016-02-12 20:44 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2016-03-08 23:41 - 2016-02-12 20:25 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2016-03-08 23:41 - 2016-02-12 20:24 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

2016-03-08 23:41 - 2016-02-12 20:24 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2016-03-08 23:41 - 2016-02-12 20:24 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

2016-03-08 23:41 - 2016-02-12 20:21 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll

2016-03-08 23:41 - 2016-02-12 20:21 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2016-03-08 23:41 - 2016-02-12 20:21 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe

2016-03-08 23:41 - 2016-02-12 20:18 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2016-03-08 23:41 - 2016-02-12 20:17 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2016-03-08 23:41 - 2016-02-12 20:16 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2016-03-08 23:41 - 2016-02-11 19:51 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll

2016-03-08 23:41 - 2016-02-11 19:51 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll

2016-03-08 23:41 - 2016-02-11 19:50 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll

2016-03-08 23:41 - 2016-02-11 19:50 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll

2016-03-08 23:41 - 2016-02-09 02:35 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2016-03-08 23:41 - 2016-02-09 02:09 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2016-03-08 23:41 - 2016-02-09 02:04 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2016-03-08 23:41 - 2016-02-09 01:59 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll

2016-03-08 23:41 - 2016-02-09 01:58 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2016-03-08 23:41 - 2016-02-09 01:40 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2016-03-08 23:41 - 2016-02-09 01:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2016-03-08 23:41 - 2016-02-09 01:35 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2016-03-08 23:41 - 2016-02-09 01:33 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2016-03-08 23:41 - 2016-02-09 01:32 - 13012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2016-03-08 23:41 - 2016-02-09 01:32 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2016-03-08 23:41 - 2016-02-09 01:31 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2016-03-08 23:41 - 2016-02-09 01:13 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2016-03-08 23:41 - 2016-02-09 01:09 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2016-03-08 23:41 - 2016-02-09 01:08 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2016-03-08 23:41 - 2016-02-08 23:57 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2016-03-08 23:41 - 2016-02-08 23:56 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2016-03-08 23:41 - 2016-02-08 23:46 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2016-03-08 23:41 - 2016-02-08 23:44 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll

2016-03-08 23:41 - 2016-02-08 23:43 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2016-03-08 23:41 - 2016-02-08 23:21 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2016-03-08 23:41 - 2016-02-08 23:12 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2016-03-08 23:41 - 2016-02-08 23:07 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2016-03-08 23:41 - 2016-02-08 23:04 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2016-03-08 23:41 - 2016-02-08 23:03 - 14613504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2016-03-08 23:41 - 2016-02-08 23:03 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2016-03-08 23:41 - 2016-02-08 22:49 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2016-03-08 23:41 - 2016-02-08 22:45 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2016-03-08 23:41 - 2016-02-08 22:37 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2016-03-08 23:41 - 2016-02-08 22:25 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2016-03-08 23:41 - 2016-02-06 23:38 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll

2016-03-08 23:41 - 2016-02-06 22:28 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2016-03-08 23:41 - 2016-02-06 22:02 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2016-03-08 23:41 - 2016-02-06 00:36 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2016-03-08 23:41 - 2016-02-05 20:29 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2016-03-08 23:41 - 2016-02-05 20:25 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2016-03-08 23:41 - 2016-02-05 20:18 - 07075840 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll

2016-03-08 23:41 - 2016-02-05 20:17 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll

2016-03-08 23:41 - 2016-02-04 02:07 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll

2016-03-08 23:41 - 2016-02-04 02:06 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll

2016-03-08 23:41 - 2016-02-03 20:39 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll

2016-03-08 23:41 - 2016-02-03 20:30 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll

2016-03-08 23:41 - 2016-02-03 20:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll

2016-03-08 23:41 - 2016-01-24 23:49 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

2016-03-08 23:41 - 2016-01-24 23:49 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2016-03-08 23:41 - 2016-01-24 23:49 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys

2016-03-08 23:41 - 2016-01-24 17:27 - 01335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll

2016-03-08 23:41 - 2016-01-24 17:15 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll

2016-03-08 23:41 - 2016-01-10 22:11 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll

2016-03-08 23:41 - 2016-01-10 22:01 - 01344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll

2016-03-08 23:41 - 2016-01-09 07:19 - 00218448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll

2016-03-08 23:41 - 2016-01-09 07:19 - 00192120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll

2016-03-08 23:41 - 2016-01-09 07:08 - 00091992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys

2016-03-08 23:41 - 2016-01-07 05:16 - 00148752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll

2016-03-08 23:41 - 2016-01-07 05:15 - 00177712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll

2016-03-08 23:41 - 2016-01-06 23:55 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys

2016-03-08 23:41 - 2016-01-06 22:17 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll

2016-03-08 23:41 - 2015-11-19 20:03 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll

2016-03-08 23:41 - 2015-11-19 19:56 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll

2016-03-08 23:40 - 2016-02-06 00:37 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL

2016-03-08 23:40 - 2016-02-06 00:37 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL

2016-03-08 23:40 - 2016-02-05 20:33 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll

2016-03-08 23:40 - 2016-02-05 20:30 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll

2016-03-08 23:40 - 2016-02-04 23:48 - 04174336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2016-03-08 23:40 - 2016-02-04 23:48 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2016-03-08 23:40 - 2016-02-04 23:42 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2016-03-08 23:40 - 2016-02-04 23:14 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2016-03-08 23:40 - 2016-02-04 23:09 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2016-03-08 23:40 - 2016-02-04 22:54 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll

2016-03-08 23:40 - 2016-02-04 22:32 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll

2016-03-08 23:40 - 2016-02-01 00:46 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS

2016-03-08 23:40 - 2016-01-15 22:26 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll

2016-03-08 23:40 - 2016-01-15 22:15 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll

2016-03-08 23:40 - 2016-01-05 20:30 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe

2016-03-08 23:40 - 2015-12-31 02:19 - 00470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys

2016-03-08 23:40 - 2015-12-20 20:27 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll

2016-03-08 23:40 - 2015-12-20 20:26 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe

2016-03-08 23:40 - 2015-12-20 20:13 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll

2016-03-07 04:35 - 2016-03-07 04:35 - 00607023 _____ C:\Users\Neville\Desktop\CPA-PER-2015-EN.pdf

2016-03-07 04:18 - 2016-03-07 05:28 - 00000000 ____D C:\Users\Neville\Desktop\CPA

2016-03-05 01:16 - 2016-03-23 01:07 - 00015762 _____ C:\Users\Neville\Desktop\Reads.xlsx

2016-03-02 23:43 - 2016-03-02 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker

2016-03-02 10:21 - 2016-03-02 10:21 - 00269232 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys

2016-02-29 02:53 - 2016-03-20 22:24 - 00000000 ____D C:\Users\Neville\AppData\Local\PrivateTunnel

2016-02-29 02:53 - 2016-02-29 02:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Technologies

2016-02-24 22:55 - 2016-02-24 22:55 - 00000000 ____D C:\Users\Neville\AppData\Local\PokerClient

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-03-24 03:07 - 2013-12-11 15:13 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-03-24 02:44 - 2014-04-04 01:42 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-03-24 01:45 - 2015-10-29 11:40 - 00000000 ____D C:\ProgramData\MFAData

2016-03-24 01:45 - 2014-04-04 01:42 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-03-24 01:43 - 2012-07-26 13:29 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-03-23 14:21 - 2013-08-22 21:06 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-03-23 13:02 - 2015-01-23 06:27 - 00000000 __RDO C:\Users\Neville\OneDrive

2016-03-23 12:41 - 2015-01-25 13:56 - 00003774 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2EDEAA1B-DC61-4DA2-AC32-19AE130F8449}

2016-03-23 12:39 - 2013-12-11 14:43 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2107339062-2504870960-3837946639-1001

2016-03-23 08:24 - 2013-12-30 12:01 - 00000000 ____D C:\Users\Neville\AppData\Local\PokerStars

2016-03-23 03:02 - 2014-01-10 23:10 - 00000000 ____D C:\Users\Neville\AppData\Roaming\BitTorrent

2016-03-23 00:59 - 2013-08-22 18:55 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM

2016-03-22 13:26 - 2013-12-11 14:46 - 00000000 ____D C:\Users\Neville\AppData\Roaming\Skype

2016-03-22 10:30 - 2016-02-02 09:37 - 00000000 ____D C:\Users\Neville\AppData\Local\Bodog.eu

2016-03-22 01:17 - 2014-03-26 14:52 - 00000000 ____D C:\ProgramData\BlueStacksSetup

2016-03-21 02:42 - 2013-12-11 14:46 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-03-21 02:42 - 2013-12-11 14:46 - 00000000 ____D C:\ProgramData\Skype

2016-03-20 22:29 - 2015-08-07 15:41 - 00003888 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2016-03-19 04:29 - 2014-07-15 16:19 - 00000000 ____D C:\Users\Neville\AppData\Roaming\vlc

2016-03-18 01:46 - 2013-08-22 19:06 - 00000000 ____D C:\WINDOWS\Inf

2016-03-18 01:41 - 2015-10-14 15:15 - 00000000 ____D C:\Users\Neville\.oracle_jre_usage

2016-03-18 01:15 - 2013-10-27 12:14 - 00000000 ____D C:\ProgramData\Sony

2016-03-18 01:15 - 2013-10-27 11:43 - 00000000 ____D C:\Program Files (x86)\Sony

2016-03-18 01:15 - 2013-10-27 11:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2016-03-16 08:09 - 2014-06-30 19:36 - 00000000 ____D C:\Users\Neville\AppData\Roaming\HoldemManager

2016-03-16 08:06 - 2014-06-30 19:36 - 00000000 ____D C:\Program Files (x86)\Holdem Manager 2

2016-03-16 03:53 - 2014-10-07 13:44 - 00000641 _____ C:\Users\Neville\Desktop\Dates for PR.txt

2016-03-15 07:15 - 2014-07-16 06:14 - 00000000 ____D C:\Users\Neville\Desktop\Crush Live Poker

2016-03-15 04:45 - 2014-04-04 01:43 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-03-15 03:48 - 2015-12-01 04:36 - 00001447 _____ C:\Users\Neville\Desktop\DNP list.txt

2016-03-13 00:01 - 2015-12-23 02:02 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2016-03-12 06:26 - 2016-01-20 18:46 - 00000010 _____ C:\Users\Neville\Desktop\iPhone Songs.txt

2016-03-12 04:53 - 2015-09-24 21:18 - 00000000 ____D C:\Users\Neville\AppData\Roaming\Apple Computer

2016-03-12 04:43 - 2016-02-12 17:58 - 00000000 ____D C:\Users\Neville\Downloads\Piku.2015.720p.BluRay.x264.Hindi.AAC-ETRG

2016-03-12 02:13 - 2013-08-22 21:06 - 00000000 __RHD C:\Users\Public\Libraries

2016-03-12 00:07 - 2013-12-11 15:13 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2016-03-11 23:28 - 2013-08-22 20:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-03-11 23:26 - 2015-10-29 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2016-03-11 23:21 - 2013-08-22 20:14 - 00524536 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-03-11 02:48 - 2015-01-22 14:08 - 00000000 ____D C:\Users\postgres

2016-03-11 02:47 - 2015-01-26 06:12 - 00000000 ____D C:\WINDOWS\system32\appraiser

2016-03-10 23:57 - 2013-12-29 04:18 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-03-10 23:47 - 2013-12-29 04:18 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-03-10 20:46 - 2015-01-22 14:08 - 00000000 ____D C:\Users\Neville

2016-03-10 20:42 - 2015-01-22 14:08 - 00000000 ____D C:\Users\Guest

2016-03-05 04:45 - 2016-02-14 02:01 - 00000012 _____ C:\Users\Neville\Desktop\A52.txt

2016-03-05 00:28 - 2014-08-21 02:45 - 00000267 _____ C:\Users\Neville\Desktop\Mileage Programs.txt

2016-03-05 00:28 - 2014-03-10 22:59 - 00000000 ____D C:\Users\Neville\Desktop\Neville

2016-03-03 00:06 - 2013-12-12 07:17 - 00000000 ____D C:\Program Files (x86)\CarbonPoker

2016-03-02 23:50 - 2014-07-04 02:57 - 00000000 ____D C:\Program Files (x86)\Full Tilt Poker

2016-03-02 23:43 - 2014-10-02 10:48 - 00001549 _____ C:\ProgramData\Microsoft\Windows\Start Menu\partypoker.lnk

2016-03-02 23:43 - 2014-10-02 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2016-03-01 23:53 - 2014-01-03 14:15 - 00000000 ____D C:\ProgramData\Oracle

2016-03-01 22:53 - 2016-01-27 05:54 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2016-03-01 22:53 - 2016-01-27 05:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2016-03-01 22:53 - 2014-01-29 09:45 - 00000000 ____D C:\Program Files (x86)\Java

2016-03-01 14:24 - 2015-04-04 18:43 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX

2016-03-01 14:24 - 2015-04-04 18:43 - 00000000 ___SD C:\WINDOWS\system32\GWX

2016-02-29 02:53 - 2014-04-28 08:15 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies

2016-02-24 22:28 - 2013-12-11 14:36 - 00000000 ____D C:\Users\Neville\AppData\Roaming\Adobe

2016-02-24 22:22 - 2014-08-02 06:22 - 00000000 ____D C:\Users\Neville\AppData\Local\Adobe

 

==================== Files in the root of some directories =======

 

2015-10-27 00:46 - 2015-10-25 12:46 - 0000040 ____H () C:\Program Files (x86)\4e98b98d.tmp

2014-01-06 04:18 - 2014-01-06 04:18 - 0069291 _____ () C:\Program Files (x86)\hminstalllog.txt

2015-01-22 14:01 - 2015-01-22 14:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

 

Some files in TEMP:

====================

C:\Users\Guest\AppData\Local\Temp\avguirn_081014093654.exe

C:\Users\Guest\AppData\Local\Temp\avguirn_08931144661.exe

C:\Users\Guest\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo02eiq.dll

C:\Users\Neville\AppData\Local\Temp\SkypeSetup.exe

C:\Users\TEMP\AppData\Local\Temp\JExplorer32.2.7.1.dll

C:\Users\TEMP\AppData\Local\Temp\JExplorer32.2.7.1.exe

C:\Users\TEMP\AppData\Local\Temp\JExplorer64.2.7.1.dll

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-09-18 03:09

 

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01

Ran by Neville (2016-03-24 03:38:16)

Running from C:\Users\Neville\Desktop

Windows 8.1 (X64) (2015-01-23 00:52:19)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2107339062-2504870960-3837946639-500 - Administrator - Disabled)

Guest (S-1-5-21-2107339062-2504870960-3837946639-501 - Limited - Enabled) => C:\Users\Guest

Neville (S-1-5-21-2107339062-2504870960-3837946639-1001 - Administrator - Enabled) => C:\Users\Neville

postgres (S-1-5-21-2107339062-2504870960-3837946639-1003 - Limited - Enabled) => C:\Users\postgres

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

FW: AVG update module (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.15)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated)

Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

AVG (Version: 16.51.7497 - AVG Technologies) Hidden

AVG 2016 (Version: 16.0.4545 - AVG Technologies) Hidden

AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.22.1.58906 - AVG Technologies)

AVG PC TuneUp (x32 Version: 16.22.3 - AVG Technologies) Hidden

AVG Protection (HKLM\...\AVG) (Version: 2016.51.7497 - AVG Technologies)

BitTorrent (HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\BitTorrent) (Version: 7.9.5.41866 - BitTorrent Inc.)

BitTorrent (HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\BitTorrent) (Version: 7.8.2.30445 - BitTorrent Inc.)

BlueStacks App Player (HKLM-x32\...\{DCDD7FA2-3933-4722-9089-0B95A132B37D}) (Version: 2.1.0.5905 - BlueStack Systems, Inc.)

BodogPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E7}}_is1) (Version:   - )

Bovada Hand Converter (HKLM-x32\...\{1843AD45-F895-4E7B-BC65-CD1F76B48HDC}_is1) (Version: 1.0.0.43 - Ace Poker Solutions)

Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.181 - Broadcom Corporation)

Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.125 - Broadcom Corporation)

CarbonPoker (HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\CarbonPoker) (Version: 6.0 - )

CarbonPoker (HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\CarbonPoker) (Version: 6.0 - )

CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)

CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5790 - CDBurnerXP)

Dropbox (HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)

ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden

f.lux (HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\Flux) (Version:  - )

f.lux (HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\Flux) (Version:  - )

FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

FMW 1 (Version: 1.62.2 - AVG Technologies) Hidden

Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 5.14.1.WIN.FullTilt.COM - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)

Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

Holdem Manager (HKLM-x32\...\HoldemManager) (Version:  - )

Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version:  - )

ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)

Intel® PROSet/Wireless NFC Software (HKLM\...\Intel® PROSet/Wireless NFC Software) (Version: 1.1.1.002 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intertops Poker (HKLM-x32\...\Intertops Poker) (Version: 2.0.1.8547 - Intertops Poker)

ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)

iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)

Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft SkyDrive (HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)

Microsoft SkyDrive (HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)

Networkx64 (Version: 1.0.0 - Sony Corporation) Hidden

OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)

partypoker (HKLM-x32\...\PartyPoker) (Version:  - PartyGaming)

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)

PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)

PokerStars Beta (HKLM-x32\...\PokerStars Beta) (Version:  - PokerStars Beta)

PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)

PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.5.5.14 - OpenVPN Technologies)

Reader for PC (HKLM-x32\...\{25340F94-F74E-4CCF-ABDF-ECBCF03911BE}) (Version: 2.0.00.07121 - Sony Corporation)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7177 - Realtek Semiconductor Corp.)

Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28135 - Realtek Semiconductor Corp.)

RedKings Poker 1.0.0 (HKLM-x32\...\RedKings Poker_is1) (Version: 1.0.0 - redkings)

Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden

Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)

Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)

Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.16.4.201603071758 - Sony Mobile Communications Inc.)

Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)

Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)

SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden

SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.5.0 - Synaptics Incorporated)

TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38475 - TeamViewer)

Thrill Poker (HKLM-x32\...\thrillpoker (Poker)) (Version: 16.6.2.11243 - )

VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)

VAIO - Remote Keyboard with PlayStation®3 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.1.05220 - Sony Corporation)

VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.3.11280 - Sony Corporation)

VAIO BIOS Data Transfer Utility (x32 Version: 1.0.0.02050 - Sony Corporation) Hidden

VAIO Care Hardware Diagnostics Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.8.0.13250 - Sony Corporation)

VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)

VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.2.0.03070 - Sony Corporation)

VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)

VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.11.0.13250 - Sony Corporation)

VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.2.0.01230 - Sony Corporation)

VAIO Gesture Control (x32 Version: 2.2.0.01230 - Sony Corporation) Hidden

VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.3.00.10220 - Sony Corporation)

VAIO Image Optimizer (x32 Version: 3.1.00.14260 - Sony Corporation) Hidden

VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.2.0.01240 - Sony Corporation)

VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.1.0.02220 - Sony Corporation)

VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.3.01.11140 - Sony Corporation)

VAIO Movie Creator (x32 Version: 4.1.01.15140 - Sony Corporation) Hidden

VAIO Sample Music (HKLM-x32\...\{FBEE3D44-0933-4B84-BB6A-49957F89187F}) (Version: 1.0.0.03051 - Sony Corporation)

VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)

VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.1.0.08060 - Sony Corporation)

VCCMMx64 (Version: 1.0.0 - Sony Corporation) Hidden

VCCMMx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden

VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VIx64 (Version: 1.0.0 - Sony Corporation) Hidden

VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

VoipConnect (HKLM-x32\...\VoipConnect_is1) (Version: 4.14 build 760 - Finarea S.A. Switzerland)

VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden

VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden

VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden

VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden

VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6400 - Broadcom Corporation)

William Hill Poker (HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\William Hill Poker) (Version:  - )

William Hill Poker (HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\William Hill Poker) (Version:  - )

Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)

WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)

WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {06579122-4774-4FE5-BA42-2DFCD63E686B} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)

Task: {079EEEEE-DE33-4C0D-9F49-5428DC4EA542} - System32\Tasks\0915tbUpdateInfo => C:\ProgramData\Avg_Update_0915tb\0915tb_{CAFCF47A-5BF8-451F-85F6-5B5B73064D94}.exe

Task: {0B929CE9-5CD0-47A6-9859-0423FCA07A18} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-11-29] (Sony Corporation)

Task: {0EB38FC8-EB83-41E6-862F-84002080840C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)

Task: {11183CC6-475F-4A52-9EEF-622927D6FEE0} - System32\Tasks\{B0988E86-0FC5-4456-B793-57B83BE615AA} => pcalua.exe -a C:\Users\Neville\Desktop\PokerStoveSetup121.exe -d C:\Users\Neville\Desktop

Task: {14247623-9215-4D5E-83DA-C5D35B069FF0} - System32\Tasks\Sony Corporation\VAIO Care\UpdateConfig => C:\ProgramData\Sony Corporation\VCM Data\UpdateConfig.exe [2015-03-03] (Sony Corporation)

Task: {28EAF5D8-B94E-418A-A4E3-DDB193749F87} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {2FBCE8A5-96DC-4092-B3AD-AC9E71801E2A} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-01-29] (Oracle Corporation)

Task: {3F9B4FAF-468B-4583-9A33-402A4B8EA742} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2015-07-31] (Sony Corporation)

Task: {4F0CDC45-E6C1-41CA-B307-3DDF4AA23436} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

Task: {5179E4E0-AA1B-48C0-B87F-9522BF8136AD} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2014-11-18] (Sony Corporation)

Task: {52E4841A-71D1-429B-8041-2303E3275D42} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {5498C027-A95D-4CC9-99B4-6ACEC1536CED} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)

Task: {56A8D7F9-58D8-48E0-BA81-2D60AAFB2BB5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-12] (Adobe Systems Incorporated)

Task: {684817BB-2A3D-4E29-94B0-CD3E80177905} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2013-01-23] (Sony Corporation)

Task: {6C9E0999-32F0-42E8-A951-470F7EFAD1A1} - System32\Tasks\0116avUpdateInfo => C:\ProgramData\Avg_Update_0116av\0116av_AVG-Secure-Search-Update.exe [2016-01-10] ()

Task: {6FB19CEE-A97B-468E-9405-292CFD3C450F} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-01-25] (Sony Corporation)

Task: {8F210BC0-738A-4D76-B866-CAAC5C3CEC4B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-10] (Microsoft Corporation)

Task: {A1806928-5204-420F-94D8-4390119A4658} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => C:\ProgramData\Sony Corporation\VAIO Care\UpdateContacts.exe

Task: {A226E913-2A47-4362-A349-EFFFA5792A3B} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient

Task: {A72AE3AD-BD03-4C90-AF4F-227AABACB2A0} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2015-08-07] (Sony Corporation)

Task: {A95F0D9D-F5CB-4F42-84A8-1D23E8C5E67A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

Task: {B78E69AE-B46C-4F0C-B396-CA3D1FC99691} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-05-27] (Synaptics Incorporated)

Task: {D0686BE4-176F-47F2-B1A1-26848FA9E4E9} - System32\Tasks\Sony Corporation\VAIO Hardware Diagnostics\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2013-01-25] (Sony Corporation)

Task: {D2BDFCC8-A2A9-45B4-96AB-2A7ECE41DD7B} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2014-11-18] (Sony Corporation)

Task: {D5DE55C0-234E-45D9-9307-0CC90B346B85} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2016-02-15] (AVG Technologies CZ, s.r.o.)

Task: {DA446F9E-8A05-47FE-9B15-0C243127AFC0} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\0116avUpdateInfo.job => C:\ProgramData\Avg_Update_0116av\0116av_AVG-Secure-Search-Update.exe

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2013-04-03 01:33 - 2013-04-03 01:33 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll

2016-02-19 02:52 - 2016-02-19 02:52 - 01493224 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe

2013-09-05 09:47 - 2013-09-05 09:47 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-21 01:53 - 2010-10-21 01:53 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-01-06 04:15 - 2011-01-28 10:45 - 00172032 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\LIBPQ.dll

2014-01-06 04:15 - 2009-02-13 00:31 - 00976384 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\libxml2.dll

2014-01-06 04:15 - 2005-07-20 16:18 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\zlib1.dll

2013-10-27 11:30 - 2013-01-23 14:56 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2016-03-18 01:15 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll

2016-02-25 16:06 - 2016-03-12 02:13 - 03306496 _____ () C:\Program Files (x86)\BlueStacks\libGLESv2.dll

2015-10-29 11:36 - 2015-10-29 11:34 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll

2016-03-15 04:45 - 2016-03-08 08:18 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll

2016-03-15 04:45 - 2016-03-08 08:18 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\Program Files (x86)\Intertops Poker:MID [81]

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\007guard.com -> install.007guard.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\008k.com -> www.008k.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\00hq.com -> www.00hq.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\010402.com -> 010402.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\0scan.com -> www.0scan.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\10sek.com -> www.10sek.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\123simsen.com -> www.123simsen.com

 

There are 7864 more sites.

 

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\007guard.com -> install.007guard.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\008k.com -> www.008k.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\00hq.com -> www.00hq.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\010402.com -> 010402.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\0scan.com -> www.0scan.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\10sek.com -> www.10sek.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\123simsen.com -> www.123simsen.com

 

There are 7864 more sites.

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 18:55 - 2013-08-22 18:55 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Neville\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Sony\VAIO 13 img1 Wallpaper 1366x768.jpg

DNS Servers: 192.168.2.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\StartupFolder: => "PrivateTunnel.lnk"

HKLM\...\StartupApproved\Run: => "Bluetooth"

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "Adobe ARM"

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

HKLM\...\StartupApproved\Run32: => "BCSSync"

HKLM\...\StartupApproved\Run32: => "vProt"

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"

HKLM\...\StartupApproved\Run32: => "Dropbox"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\StartupApproved\Run: => "CloudSystemBooster"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\StartupApproved\Run: => "Google Update"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\StartupApproved\Run: => "CPN Notifier"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\StartupApproved\Run: => "*LABAL*"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\StartupApproved\Run: => "iCloudServices"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\StartupApproved\Run: => "ApplePhotoStreams"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\StartupApproved\Run: => "iCloudDrive"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\StartupApproved\Run: => "CloudSystemBooster"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\StartupApproved\Run: => "Google Update"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\StartupApproved\Run: => "CPN Notifier"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{F084201A-A7D8-44A9-A765-F0D9584E5EFD}] => (Allow) C:\Program Files (x86)\Intertops Poker\PokerClient.exe

FirewallRules: [{4434A480-C8DA-41E6-A1B3-A739C9A96B69}] => (Allow) C:\Program Files (x86)\Intertops Poker\PokerClient.exe

FirewallRules: [{3ECC34DC-19CA-4393-A2E3-41E2820A2225}] => (Allow) C:\Users\Neville\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{A1D51E74-2948-469A-928F-704EBD4CDFA8}] => (Allow) C:\Users\Neville\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{7A7D3E58-B6F5-4532-A839-204CE20ACE00}] => (Allow) LPort=5432

FirewallRules: [{B3F73D6A-D788-4282-A2C9-7D394868C820}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

FirewallRules: [{DF8C06FD-95DB-4BCE-AD7C-2FBE6CB042BF}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

FirewallRules: [{CE415401-76A6-40E4-8BB2-7FE79BA8AF22}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{1F93BCB9-CC2D-4BB4-B163-FEC221BBBCAD}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe

FirewallRules: [UDP Query User{B7761E61-F2AC-48BD-A196-07CCE1A1DF3D}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe

FirewallRules: [{94592703-7F49-4685-97C3-1997490A0C8F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{B467D672-A6BD-4AD7-863B-78ACA6FF3408}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{3672522E-52BB-46C8-ADAE-56456380960F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{1D97DD2B-FB72-4C9C-A448-357F636917ED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [TCP Query User{39E7E607-6D17-4793-BB76-D03AAAD55F23}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe

FirewallRules: [UDP Query User{646241AB-77E1-467B-AFFF-C2A2908663CB}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe

FirewallRules: [TCP Query User{FCC9C41D-06D4-41C4-B398-B16209969AFA}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe

FirewallRules: [UDP Query User{BF7F3FA2-3AA9-4BB5-AB25-D6D2592458BB}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe

FirewallRules: [TCP Query User{62C78096-5BC7-48E3-BCA8-5EBB53B3D9DB}D:\ezwizard.exe] => (Allow) D:\ezwizard.exe

FirewallRules: [UDP Query User{2468B7C0-AA2E-40A5-BFC9-4C1FD60A1FF5}D:\ezwizard.exe] => (Allow) D:\ezwizard.exe

FirewallRules: [{3ADC594E-A7F8-457F-8DC0-D0F9B3318877}] => (Block) D:\ezwizard.exe

FirewallRules: [{51111525-21CD-4A69-ADD3-4E0E9A4C7BF7}] => (Block) D:\ezwizard.exe

FirewallRules: [{DFD8FEDE-1A30-4E81-A85D-6208F622E0A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{0825714A-D8AD-4144-A3F3-B7D56AC6CE90}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{1FB5EBF2-CD7E-472C-8078-C2657DDF8351}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{16631159-A572-4E19-B961-FCCC40DF3B20}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{3263A5A8-8D5F-4316-8FF0-DB988CCA9F8E}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{5241025F-F366-4041-9BEE-041CFB78C144}] => (Allow) C:\Program Files (x86)\Intertops Poker\PokerClient.exe

FirewallRules: [{8A7FE851-DC0F-4127-B429-54D67EE3EB65}] => (Allow) C:\Program Files (x86)\Intertops Poker\PokerClient.exe

FirewallRules: [TCP Query User{AF69AC9B-D617-4315-A8AD-1A751F6146D3}C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe

FirewallRules: [UDP Query User{0656834B-50F0-4724-A184-944648411456}C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe

FirewallRules: [{41B2D95D-C074-461A-B954-634D44990B8E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{6914FA57-7481-457E-A7A7-F1828CFE646B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{A99B07CD-C6F0-4C2E-802E-1EA9C914042F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{3FE202F5-9041-436E-A8AF-3C964C1BAC0E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{0478E70F-E0C0-4368-A210-6B76FCE9F0E1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [{B5EE1D31-6D82-4F40-AC42-4528C7D5DC25}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [{C3F4AA5A-B9A4-4866-AA2E-9A008F860904}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe

FirewallRules: [{2A07E221-DDD9-4C40-93BF-EA49F4E58179}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe

FirewallRules: [{BE3662E4-EEA6-4EB7-BBE8-7C29157B42FD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{98321966-74DF-4B11-8692-B02212A3C595}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe

FirewallRules: [{5A36CD8D-BBA5-42D5-8F43-5019AB788A05}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe

 

==================== Restore Points =========================

 

12-02-2016 17:56:12 Windows Update

01-03-2016 14:23:51 Windows Update

05-03-2016 00:29:16 Removed Bonjour

10-03-2016 23:41:14 Windows Update

12-03-2016 02:13:45 Installed DirectX

18-03-2016 01:15:31 Sony PC Companion

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/24/2016 03:39:06 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-02-28T22:09:06Z. Error Code: 0x80041318.

 

Error: (03/24/2016 03:38:36 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-02-28T22:08:36Z. Error Code: 0x80041318.

 

Error: (03/24/2016 03:38:06 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-02-28T22:08:06Z. Error Code: 0x80041318.

 

Error: (03/24/2016 03:37:36 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-02-28T22:07:36Z. Error Code: 0x80041318.

 

Error: (03/24/2016 03:37:06 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-02-28T22:07:06Z. Error Code: 0x80041318.

 

Error: (03/24/2016 03:36:36 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-02-28T22:06:36Z. Error Code: 0x80041318.

 

Error: (03/24/2016 03:36:06 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-02-28T22:06:06Z. Error Code: 0x80041318.

 

Error: (03/24/2016 03:35:36 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-02-28T22:05:36Z. Error Code: 0x80041318.

 

Error: (03/24/2016 03:35:06 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-02-28T22:05:06Z. Error Code: 0x80041318.

 

Error: (03/24/2016 03:34:36 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-02-28T22:04:36Z. Error Code: 0x80041318.

 

 

System errors:

=============

Error: (03/24/2016 01:41:51 AM) (Source: DCOM) (EventID: 10016) (User: VAIO)

Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}VAIOGuestS-1-5-21-2107339062-2504870960-3837946639-501LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (03/23/2016 03:28:25 PM) (Source: DCOM) (EventID: 10016) (User: VAIO)

Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}VAIOGuestS-1-5-21-2107339062-2504870960-3837946639-501LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (03/23/2016 03:28:25 PM) (Source: DCOM) (EventID: 10016) (User: VAIO)

Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}VAIOGuestS-1-5-21-2107339062-2504870960-3837946639-501LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (03/23/2016 02:26:19 PM) (Source: DCOM) (EventID: 10016) (User: VAIO)

Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}VAIOGuestS-1-5-21-2107339062-2504870960-3837946639-501LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (03/23/2016 02:26:19 PM) (Source: DCOM) (EventID: 10016) (User: VAIO)

Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}VAIOGuestS-1-5-21-2107339062-2504870960-3837946639-501LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (03/23/2016 02:24:19 PM) (Source: DCOM) (EventID: 10016) (User: VAIO)

Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}VAIOGuestS-1-5-21-2107339062-2504870960-3837946639-501LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (03/23/2016 02:21:34 PM) (Source: DCOM) (EventID: 10016) (User: VAIO)

Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}VAIOGuestS-1-5-21-2107339062-2504870960-3837946639-501LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (03/23/2016 01:34:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (03/23/2016 12:45:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

 

Error: (03/23/2016 12:27:34 PM) (Source: DCOM) (EventID: 10016) (User: VAIO)

Description: application-specificLocalActivation{8BC3F05E-D86B-11D0-A075-00C04FB68820}{8BC3F05E-D86B-11D0-A075-00C04FB68820}VAIOGuestS-1-5-21-2107339062-2504870960-3837946639-501LocalHost (Using LRPC)UnavailableUnavailable

 

 

CodeIntegrity:

===================================

  Date: 2016-03-24 01:45:09.857

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-24 01:45:08.559

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-24 01:44:54.511

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-24 01:44:54.245

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-24 01:44:53.933

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-24 01:44:53.573

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-24 01:44:53.183

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-23 13:01:12.726

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-23 13:01:12.460

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-23 13:01:12.179

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz

Percentage of memory in use: 34%

Total physical RAM: 8070.8 MB

Available physical RAM: 5321.9 MB

Total Virtual: 10037.2 MB

Available Virtual: 6770.43 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:665.34 GB) (Free:537.66 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 698.6 GB) (Disk ID: F4E95A4A)

 

Partition: GPT.

 

==================== End of Addition.txt ============================

[Jr0x]

Hi geekyandhow,

!!! P2P Warning !!!

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true. You may continue to use P2P sharing at your own risk; however, please keep in mind that this practice may be the source of your current malware infestation

I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
USAToday

I would recommend that you uninstall any P2P Programs, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.

BitTorrent

If you decide to keep the program in spite of the risks involved, do not use it until I have finished cleaning your computer and have given you the all clear.

Now that we are clear with the rules, let's proceed with the actual removal process.

Fix with FRST

• Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. To do this highlight the contents of the box, right click on it and select copy.
• Right-click in the open notepad and select Paste.
• Save it on the desktop as fixlist.txt

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\MountPoints2: {91800f8e-ea5d-11e5-bf70-3c77e6dc9c56} - "E:\Startme.exe" 
HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\MountPoints2: {c4eefb77-9348-11e5-bf4d-3c77e6dc9c56} - "E:\.\Setup.exe" 
SearchScopes: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF DefaultSearchUrl: 
FF Keyword.URL: 
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-09-08]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-10-05]
S1 Capsax64Drv0; System32\Drivers\Capsax64Drv0.sys [X]
S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]
S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X]
S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys [X]
AlternateDataStreams: C:\Program Files (x86)\Intertops Poker:MID [81]

Emptytemp:
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.

Note: Your machine will reboot after the fix.


Scan with AdwCleaner

Download AdwCleaner from here or from here. Save the file to the Desktop.

Note: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

• XP users: Double click the AdwCleaner icon to start the program.
• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  You will see the following console:
  
• Click the Scan button and wait for the scan to finish.
• After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove. Please Do Not delete anything at this time.
• Do not click the Cleaning button.
• Click the Logfile button to get the log.
• Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt.
• Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.

In your next reply, please include the following:

• FRST fixlog
• AdwCleaner scan log

[geekyandhow]

Hey bud.. here are the two logs.. thanks again..

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01

Ran by Neville (2016-03-25 17:11:36) Run:1

Running from C:\Users\Neville\Desktop

Loaded Profiles: Neville & postgres (Available Profiles: Neville & postgres & Guest)

Boot Mode: Normal

==============================================

 

fixlist content:

*****************

Start

CreateRestorePoint:

CloseProcesses:

 

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\MountPoints2: {91800f8e-ea5d-11e5-bf70-3c77e6dc9c56} - "E:\Startme.exe" 

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\MountPoints2: {c4eefb77-9348-11e5-bf4d-3c77e6dc9c56} - "E:\.\Setup.exe" 

SearchScopes: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

FF DefaultSearchUrl: 

FF Keyword.URL: 

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-09-08]

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-10-05]

S1 Capsax64Drv0; System32\Drivers\Capsax64Drv0.sys [X]

S1 CSN5PDTS82; System32\Drivers\CSN5PDTS82.sys [X]

S1 CSN5PDTS82x64; System32\Drivers\CSN5PDTS82x64.sys [X]

S1 CsNdisLWF; System32\Drivers\CsNdisLWF.sys [X]

AlternateDataStreams: C:\Program Files (x86)\Intertops Poker:MID [81]

 

Emptytemp:

End

*****************

 

Restore point was successfully created.

Processes closed successfully.

"HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91800f8e-ea5d-11e5-bf70-3c77e6dc9c56}" => key removed successfully

HKCR\CLSID\{91800f8e-ea5d-11e5-bf70-3c77e6dc9c56} => key not found. 

"HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c4eefb77-9348-11e5-bf4d-3c77e6dc9c56}" => key removed successfully

HKCR\CLSID\{c4eefb77-9348-11e5-bf4d-3c77e6dc9c56} => key not found. 

"HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully

HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 

Firefox DefaultSearchUrl removed successfully

Firefox "Keyword.URL" removed successfully

C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml => moved successfully

C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml => moved successfully

Capsax64Drv0 => service removed successfully

CSN5PDTS82 => service removed successfully

CSN5PDTS82x64 => service removed successfully

CsNdisLWF => service removed successfully

C:\Program Files (x86)\Intertops Poker => ":MID" ADS removed successfully.

EmptyTemp: => 2.8 GB temporary data Removed.

 

 

The system needed a reboot.

 

==== End of Fixlog 17:13:43 ====

 

 

 

 

# AdwCleaner v5.105 - Logfile created 25/03/2016 at 17:24:18

# Updated 21/03/2016 by Xplode

# Database : 2016-03-24.4 [Server]

# Operating system : Windows 8.1  (x64)

# Username : Neville - VAIO

# Running from : C:\Users\Neville\Desktop\AdwCleaner.exe

# Option : Scan

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

Folder Found : C:\ProgramData\20e00f38a928ec56

Folder Found : C:\ProgramData\Avg_Update_0116av

Folder Found : C:\ProgramData\Avg_Update_0215tb

Folder Found : C:\ProgramData\Avg_Update_1214tb

Folder Found : C:\Users\Guest\AppData\LocalLow\AVG SafeGuard toolbar

Folder Found : C:\Users\Guest\AppData\LocalLow\avg web tuneup

 

***** [ Files ] *****

 

 

***** [ DLL ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

Key Found : HKU\.DEFAULT\Software\AVG Web TuneUp

Key Found : HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\The weDownload Manager

Key Found : HKU\S-1-5-18\Software\AVG Web TuneUp

 

***** [ Web browsers ] *****

 

[C:\Users\Neville\AppData\Roaming\Mozilla\Firefox\Profiles\zpq2ecz1.default-1395808145287\prefs.js] [Preference] Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");

[C:\Users\Neville\AppData\Roaming\Mozilla\Firefox\Profiles\zpq2ecz1.default-1395808145287\prefs.js] [Preference] Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

[C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

[C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : conduit.search

[C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bopakagnckmlgajfccecajhnimjiiedh

[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

 

*************************

 

C:\AdwCleaner\AdwCleaner[S1].txt - [3120 bytes] - [25/03/2016 17:24:18]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3193 bytes] ##########

 

[Jr0x]

Hi geekyandhow,
 
A couple more things to go.

Re-run AdwCleaner

Close all open windows and browsers.

Re-open AdwCleaner

• XP users: Double click the AdwCleaner icon to start the program.
• Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
• Click the Scan button and wait for the scan to finish.
• Everything left checked will be deleted.
• Now click the Cleaning button.
• Once done it will ask to reboot, allow this.
• On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C1].txt

Re-scan with Malwarebytes Anti-Malware

• Launch Malwarebytes from your Desktop
• In Database version section, click Update Now
• Once the update is done, click Settings>Detection and Protection
• Make sure that all three boxes under Detection Options are checked
  
• Go back to Dashboard and click the big, green Scan Now button.
• Wait for Malwarebytes Anti-Malware to finish the scan
• If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
• Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
• Click Export, then click Copy to Clipboard.
• Paste (CTRL+V) the log into your next reply.

Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

• Accept the Terms of Use and click Start.
• Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

• Download esetsmartinstaller_enu.exe that you'll be given link to.
• Double click esetsmartinstaller_enu.exe.
• Allow the Terms of Use and click Start.

To perform the scan:

• Make sure that Enable detection of potentially unwanted applications is checked.
• In the Advanced Settings dropdown menu:
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Use custom proxy settings is unchecked.
• Click Start
• The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
• When completed, the program will begin to scan. This may take several hours. Please, be patient.
• Do not do anything on your machine as it may interrupt the scan.
• When the scan is done, click Finish.
• A logfile will be created at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!


Re-Scan with Farbar's Recovery Scan Tool (FRST)

• Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File).
• Please ensure you place a check mark in the Addition.txt check box at the bottom of the form before running.
• Press Scan button.
• It will produce a log called FRST.txt in the same directory the tool is run from.
• Please copy and paste log back here.
• Because you selected the Addition.txt check box this log will be created as well. Please also paste that along with the FRST.txt into your reply.

In your next reply, please include the following:

• AdwCleaner log
• Malwarebytes log
• ESET log
• FRST log
• FRST Addition log
• Any more issue with FB?

[geekyandhow]

hey bud here are all 5 logs.. thanks a lot... and no trouble with fb now..

 

 

 

# AdwCleaner v5.105 - Logfile created 25/03/2016 at 20:19:21

# Updated 21/03/2016 by Xplode

# Database : 2016-03-24.4 [Server]

# Operating system : Windows 8.1  (x64)

# Username : Neville - VAIO

# Running from : C:\Users\Neville\Desktop\AdwCleaner.exe

# Option : Clean

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\ProgramData\20e00f38a928ec56

[-] Folder Deleted : C:\ProgramData\Avg_Update_0116av

[-] Folder Deleted : C:\ProgramData\Avg_Update_0215tb

[-] Folder Deleted : C:\ProgramData\Avg_Update_1214tb

[-] Folder Deleted : C:\Users\Guest\AppData\LocalLow\AVG SafeGuard toolbar

[-] Folder Deleted : C:\Users\Guest\AppData\LocalLow\avg web tuneup

 

***** [ Files ] *****

 

 

***** [ DLLs ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

[-] Key Deleted : HKU\.DEFAULT\Software\AVG Web TuneUp

[-] Key Deleted : HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\The weDownload Manager

 

***** [ Web browsers ] *****

 

[-] [C:\Users\Neville\AppData\Roaming\Mozilla\Firefox\Profiles\zpq2ecz1.default-1395808145287\prefs.js] [Preference] Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");

[-] [C:\Users\Neville\AppData\Roaming\Mozilla\Firefox\Profiles\zpq2ecz1.default-1395808145287\prefs.js] [Preference] Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

[-] [C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

[-] [C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : conduit.search

[-] [C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh

[-] [C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

 

*************************

 

:: "Tracing" keys removed

:: Winsock settings cleared

 

*************************

 

C:\AdwCleaner\AdwCleaner[C1].txt - [3309 bytes] - [25/03/2016 20:19:21]

C:\AdwCleaner\AdwCleaner[S1].txt - [3284 bytes] - [25/03/2016 17:24:18]

C:\AdwCleaner\AdwCleaner[S2].txt - [3357 bytes] - [25/03/2016 20:18:20]

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3528 bytes] ##########

 

 

-----------------------------------------------------------

 

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 2016-03-27

Scan Time: 1:42 AM

Logfile: 

Administrator: Yes

 

Version: 2.2.1.1043

Malware Database: v2016.03.26.05

Rootkit Database: v2016.03.12.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: Neville

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 543996

Time Elapsed: 1 hr, 3 min, 30 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Warn

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 

 

 

---------------------------------------

 

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=c9d8632f6cc15d41833f469bc4670ad4

# end=init

# utc_time=2016-03-26 09:36:19

# local_time=2016-03-27 03:06:19 (+0530, India Standard Time)

# country="Canada"

# osver=6.2.9200 NT 

Update Init

Update Download

Update Finalize

Updated modules version: 28769

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# EOSSerial=c9d8632f6cc15d41833f469bc4670ad4

# end=updated

# utc_time=2016-03-26 09:38:34

# local_time=2016-03-27 03:08:34 (+0530, India Standard Time)

# country="Canada"

# osver=6.2.9200 NT 

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7777

# api_version=3.1.1

# EOSSerial=c9d8632f6cc15d41833f469bc4670ad4

# engine=28769

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2016-03-26 11:30:46

# local_time=2016-03-27 05:00:46 (+0530, India Standard Time)

# country="Canada"

# lang=1033

# osver=6.2.9200 NT 

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 12194992 22822816 0 0

# scanned=305722

# found=5

# cleaned=0

# scan_time=6731

sh=61EE2622F3D01AB196E3F441A6422BE8AE63D576 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application" ac=I fn="C:\AdwCleaner\RegistryQuarantine\reg_vctsivsmws.reg"

sh=7E32BFF7C3D4ED7057E2DEB59AA0B41F1F5EC04F ft=1 fh=368e763288aa4a7b vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Program Files (x86)\AVG\Av\Notification\avg_ask_tb.exe"

sh=19BCC645E5423F706C325A4DCFFCF81E15618E6A ft=1 fh=b9d44f7128be6c0a vn="a variant of Win32/AdkDLLWrapper.A potentially unwanted application" ac=I fn="C:\Users\Neville\AppData\Roaming\BitTorrent\updates\7.8.2_30445.exe"

sh=9B270BE1FD4C1EDB289D58E91589C7F7647D7B1A ft=1 fh=1d8be44095b89823 vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Users\Neville\AppData\Roaming\BitTorrent\updates\7.9.3_40299.exe"

sh=B67798917C90EA1C7D87546F39C9BD00696A4AFB ft=1 fh=bd6dc7e85e4d6cf2 vn="a variant of Win32/FusionCore.D potentially unwanted application" ac=I fn="C:\Users\Neville\Downloads\PowerISO6-x64.exe"

 

 

------------------------------------------

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01

Ran by Neville (administrator) on VAIO (27-03-2016 05:08:28)

Running from C:\Users\Neville\Desktop

Loaded Profiles: Neville & postgres (Available Profiles: Neville & postgres & Guest)

Platform: Windows 8.1 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

() C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe

(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Windows\System32\LogonUI.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe

(Flux Software LLC) C:\Users\Neville\AppData\Local\FluxSoftware\Flux\flux.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe

(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(BlueStack Systems, Inc.) C:\ProgramData\BlueStacksGameManager\BlueStacks.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Frontend.exe

(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe

(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Rational Intellectual Holdings Ltd.) C:\Program Files (x86)\PokerStars\PokerStars.exe

(Rational Intellectual Holdings Ltd.) C:\Program Files (x86)\PokerStars\gameutil1.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

 

 

==================== Registry (Whitelisted) ===========================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-11] (Realtek Semiconductor)

HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)

HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [533208 2013-04-03] (Broadcom Corporation.)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)

HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-06] (Microsoft Corporation)

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2072928 2014-11-01] (Wondershare)

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-02-18] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3862440 2016-03-02] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\Run: [f.lux] => C:\Users\Neville\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [908824 2016-02-25] (BlueStack Systems, Inc.)

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\Run: [Google Update] => "C:\Users\Neville\AppData\Local\Google\Update\GoogleUpdate.exe" /c

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\Run: [Facebook Update] => "C:\Users\Neville\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\Run: [GoogleChromeAutoLaunch_025349DF926404DCBA5805A40191CC91] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874136 2016-03-08] (Google Inc.)

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\Run: [f.lux] => C:\Users\Neville\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\Run: [CPN Notifier] => C:\Program Files (x86)\Intertops Poker\PokerNotifier.exe

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)

IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\mstore.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\ois.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

IFEO\Winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PrivateTunnel.lnk [2016-02-29]

ShortcutTarget: PrivateTunnel.lnk -> C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\privatetunnel2.5.5.exe (OpenVPN Technologies)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

Tcpip\..\Interfaces\{67916458-BEE9-4A48-8387-C78A355ED6BE}: [DhcpNameServer] 202.88.131.90 202.88.131.89

Tcpip\..\Interfaces\{A7CA6FDC-65B3-4CF9-B6DE-3266EBD35973}: [DhcpNameServer] 192.168.2.1

 

Internet Explorer:

==================

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://sony13.msn.com

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-01] (Oracle Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-01] (Oracle Corporation)

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

 

FireFox:

========

FF ProfilePath: C:\Users\Neville\AppData\Roaming\Mozilla\Firefox\Profiles\zpq2ecz1.default-1395808145287

FF DefaultSearchEngine.US: Google

FF Homepage: google.com

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-24] ()

FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll [2013-10-27] (Oracle Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)

FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-24] ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-08-27] (Google, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-01] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-01] (Oracle Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)

FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2012-07-13] (Sony Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-28] (Adobe Systems Inc.)

FF user.js: detected! => C:\Users\Neville\AppData\Roaming\Mozilla\Firefox\Profiles\zpq2ecz1.default-1395808145287\user.js [2015-10-29]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]

 

Chrome: 

=======

CHR Profile: C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]

CHR Extension: (YouTube) - C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]

CHR Extension: (Google Search) - C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]

CHR Extension: (Lightshot (screenshot tool)) - C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbniclmhobmnbdlbpiphghaielnnpgdp [2016-03-27]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Neville\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]

 

==================== Services (Whitelisted) ========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-03-02] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3934184 2016-03-02] (AVG Technologies CZ, s.r.o.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1045928 2016-02-18] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-03-02] (AVG Technologies CZ, s.r.o.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-05] (Broadcom Corporation.)

R3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [437784 2016-02-25] (BlueStack Systems, Inc.)

R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [417304 2016-02-25] (BlueStack Systems, Inc.)

R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [876056 2016-02-25] (BlueStack Systems, Inc.)

S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)

S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-02] (Intel Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)

S3 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [629336 2013-09-28] (Sony Corporation)

R2 ovpnagent; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [1493224 2016-02-19] ()

R2 postgresql-8.4; C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe [66048 2011-01-28] (PostgreSQL Global Development Group) [File not signed]

S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2012-09-20] (Sony Corporation) [File not signed]

S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH)

R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4364200 2016-02-15] (AVG Technologies CZ, s.r.o.)

R2 UxTuneUp; C:\Windows\System32\uxtuneup.dll [48552 2016-02-15] (AVG Technologies CZ, s.r.o.)

R2 UxTuneUp; C:\WINDOWS\SysWOW64\uxtuneup.dll [42408 2016-02-15] (AVG Technologies CZ, s.r.o.)

S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-07] (Sony Corporation)

R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1653272 2015-08-01] (Sony Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)

R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]

 

===================== Drivers (Whitelisted) ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-26] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378288 2016-02-03] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [269232 2016-03-02] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)

R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)

R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-05] (Broadcom Corporation.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8469680 2014-03-14] (Broadcom Corporation)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [154680 2016-02-25] (BlueStack Systems)

R3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-05-16] (Broadcom Corporation.)

S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)

S3 ggsomc; C:\Windows\System32\drivers\ggsomc.sys [30424 2016-03-18] (Sony Mobile Communications)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-27] (Malwarebytes)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)

R3 ptun0901; C:\Windows\system32\DRIVERS\ptun0901.sys [27136 2014-04-25] (The OpenVPN Project)

S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [29352 2015-10-09] ()

S3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2015-07-31] ()

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-05-27] (Synaptics Incorporated)

S3 tapSF0901; C:\Windows\system32\DRIVERS\tapSF0901.sys [39104 2014-03-21] (Spotflux, Inc.)

R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)

R2 WinisoCDBus; C:\Windows\System32\drivers\WinisoCDBus.sys [204032 2014-02-26] (WinISO.com)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

 

==================== One Month Created files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-03-27 03:06 - 2016-03-27 03:06 - 00000000 ____D C:\Program Files (x86)\ESET

2016-03-27 03:05 - 2016-03-27 03:05 - 02870984 _____ (ESET) C:\Users\Neville\Desktop\esetsmartinstaller_enu.exe

2016-03-27 03:04 - 2016-03-27 03:04 - 00001035 _____ C:\Users\Neville\Desktop\MBAM SCAN.txt

2016-03-27 02:51 - 2016-03-27 02:51 - 00141804 _____ C:\Users\Neville\Desktop\Appointment Reciept.pdf

2016-03-25 17:23 - 2016-03-25 20:19 - 00000000 ____D C:\AdwCleaner

2016-03-25 17:23 - 2016-03-25 17:23 - 01530368 _____ C:\Users\Neville\Desktop\AdwCleaner.exe

2016-03-25 17:11 - 2016-03-25 17:13 - 00002871 _____ C:\Users\Neville\Desktop\Fixlog.txt

2016-03-24 03:50 - 2016-03-24 03:50 - 00000000 ____D C:\Users\Neville\Desktop\Job Search

2016-03-24 03:38 - 2016-03-24 03:39 - 00046994 _____ C:\Users\Neville\Desktop\Addition.txt

2016-03-24 03:37 - 2016-03-27 05:09 - 00025546 _____ C:\Users\Neville\Desktop\FRST.txt

2016-03-24 03:37 - 2016-03-27 05:08 - 00000000 ____D C:\FRST

2016-03-24 03:37 - 2016-03-24 03:37 - 02374144 _____ (Farbar) C:\Users\Neville\Desktop\FRST64.exe

2016-03-23 07:33 - 2016-03-23 11:14 - 00000034 _____ C:\Users\Neville\Desktop\caesars.txt

2016-03-22 13:25 - 2016-03-22 13:25 - 03204305 _____ C:\Users\Neville\Desktop\RMG Water Controller Manual.pdf

2016-03-22 11:26 - 2016-03-23 02:06 - 00000000 ____D C:\Users\Neville\Downloads\Bol (2011) Urdu 1CD PDVDRip XviD MP3-=MTR=-(www.mastitorrents.com)

2016-03-22 10:20 - 2016-03-22 10:34 - 00000000 ____D C:\Users\Neville\Downloads\e 2005 My Brother... Nikhil (IND) [EngSub]

2016-03-22 09:53 - 2016-03-22 11:00 - 00000000 ____D C:\Users\Neville\Downloads\Time Out (2015) 720p - DVDRip - x264 - AC3 - ESub [DDR]

2016-03-21 01:31 - 2016-03-21 01:32 - 10580340 _____ C:\Users\Neville\Desktop\tardsplaya_1.0.0.5.7z

2016-03-18 01:41 - 2016-03-18 01:41 - 00030424 _____ (Sony Mobile Communications) C:\WINDOWS\system32\Drivers\ggsomc.sys

2016-03-18 01:41 - 2016-03-18 01:41 - 00016088 _____ (Sony Mobile Communications) C:\WINDOWS\system32\Drivers\ggflt.sys

2016-03-18 01:40 - 2016-03-18 01:40 - 00000000 ____D C:\ProgramData\Sony Mobile

2016-03-18 01:40 - 2016-03-18 01:40 - 00000000 ____D C:\Program Files (x86)\Sony Mobile

2016-03-18 01:30 - 2016-03-18 01:30 - 00000000 ____R C:\Users\Neville\Desktop\THUMBDATA3--1967290299 File.txt

2016-03-18 01:20 - 2016-03-04 16:06 - 481953207 ____N C:\Users\Neville\Desktop\.thumbdata3--1967290299

2016-03-18 01:19 - 2016-02-29 23:36 - 459533329 ____N C:\Users\Neville\Desktop\.thumbdata3-1763508120

2016-03-18 01:15 - 2016-03-18 01:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

2016-03-13 00:01 - 2016-03-13 00:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple

2016-03-13 00:01 - 2016-03-13 00:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2016-03-12 04:43 - 2016-03-12 04:43 - 05603424 _____ C:\Users\Neville\Downloads\The Intelligent Investor - Benjamin Graham.pdf

2016-03-12 04:42 - 2016-03-22 09:52 - 00000000 ____D C:\Users\Neville\AppData\LocalLow\BitTorrent

2016-03-12 02:14 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll

2016-03-12 02:13 - 2016-03-12 02:13 - 00001713 _____ C:\Users\Neville\AppData\Roaming\Microsoft\Windows\Start Menu\BlueStacks.lnk

2016-03-12 02:13 - 2016-03-12 02:13 - 00000000 ____D C:\ProgramData\BlueStacksGameManager

2016-03-12 02:12 - 2016-03-12 02:13 - 00000000 ____D C:\ProgramData\BlueStacks

2016-03-12 02:12 - 2016-03-12 02:13 - 00000000 ____D C:\Program Files (x86)\BlueStacks

2016-03-12 02:10 - 2016-03-12 02:10 - 00000000 ____D C:\Users\Neville\AppData\Local\Bluestacks

2016-03-11 23:23 - 2016-03-08 12:30 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2016-03-11 23:23 - 2016-03-08 12:30 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2016-03-08 23:42 - 2015-12-31 03:23 - 02017624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2016-03-08 23:41 - 2016-02-20 21:15 - 01373184 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2016-03-08 23:41 - 2016-02-20 21:15 - 01168896 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2016-03-08 23:41 - 2016-02-20 21:15 - 00696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2016-03-08 23:41 - 2016-02-20 21:15 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2016-03-08 23:41 - 2016-02-20 21:15 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2016-03-08 23:41 - 2016-02-20 21:15 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2016-03-08 23:41 - 2016-02-13 00:44 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2016-03-08 23:41 - 2016-02-12 20:44 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2016-03-08 23:41 - 2016-02-12 20:25 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2016-03-08 23:41 - 2016-02-12 20:24 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll

2016-03-08 23:41 - 2016-02-12 20:24 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2016-03-08 23:41 - 2016-02-12 20:24 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe

2016-03-08 23:41 - 2016-02-12 20:21 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll

2016-03-08 23:41 - 2016-02-12 20:21 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2016-03-08 23:41 - 2016-02-12 20:21 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe

2016-03-08 23:41 - 2016-02-12 20:18 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2016-03-08 23:41 - 2016-02-12 20:17 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2016-03-08 23:41 - 2016-02-12 20:16 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2016-03-08 23:41 - 2016-02-11 19:51 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll

2016-03-08 23:41 - 2016-02-11 19:51 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll

2016-03-08 23:41 - 2016-02-11 19:50 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll

2016-03-08 23:41 - 2016-02-11 19:50 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll

2016-03-08 23:41 - 2016-02-09 02:35 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2016-03-08 23:41 - 2016-02-09 02:09 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2016-03-08 23:41 - 2016-02-09 02:04 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2016-03-08 23:41 - 2016-02-09 01:59 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll

2016-03-08 23:41 - 2016-02-09 01:58 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2016-03-08 23:41 - 2016-02-09 01:40 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2016-03-08 23:41 - 2016-02-09 01:37 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll

2016-03-08 23:41 - 2016-02-09 01:35 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2016-03-08 23:41 - 2016-02-09 01:33 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2016-03-08 23:41 - 2016-02-09 01:32 - 13012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2016-03-08 23:41 - 2016-02-09 01:32 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2016-03-08 23:41 - 2016-02-09 01:31 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2016-03-08 23:41 - 2016-02-09 01:13 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2016-03-08 23:41 - 2016-02-09 01:09 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2016-03-08 23:41 - 2016-02-09 01:08 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2016-03-08 23:41 - 2016-02-08 23:57 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2016-03-08 23:41 - 2016-02-08 23:56 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2016-03-08 23:41 - 2016-02-08 23:46 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2016-03-08 23:41 - 2016-02-08 23:44 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll

2016-03-08 23:41 - 2016-02-08 23:43 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2016-03-08 23:41 - 2016-02-08 23:21 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2016-03-08 23:41 - 2016-02-08 23:12 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll

2016-03-08 23:41 - 2016-02-08 23:07 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2016-03-08 23:41 - 2016-02-08 23:04 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2016-03-08 23:41 - 2016-02-08 23:03 - 14613504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2016-03-08 23:41 - 2016-02-08 23:03 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2016-03-08 23:41 - 2016-02-08 22:49 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2016-03-08 23:41 - 2016-02-08 22:45 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2016-03-08 23:41 - 2016-02-08 22:37 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2016-03-08 23:41 - 2016-02-08 22:25 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2016-03-08 23:41 - 2016-02-06 23:38 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll

2016-03-08 23:41 - 2016-02-06 22:28 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2016-03-08 23:41 - 2016-02-06 22:02 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2016-03-08 23:41 - 2016-02-06 00:36 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2016-03-08 23:41 - 2016-02-05 20:29 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2016-03-08 23:41 - 2016-02-05 20:25 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2016-03-08 23:41 - 2016-02-05 20:18 - 07075840 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll

2016-03-08 23:41 - 2016-02-05 20:17 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll

2016-03-08 23:41 - 2016-02-04 02:07 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll

2016-03-08 23:41 - 2016-02-04 02:06 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll

2016-03-08 23:41 - 2016-02-03 20:39 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll

2016-03-08 23:41 - 2016-02-03 20:30 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll

2016-03-08 23:41 - 2016-02-03 20:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll

2016-03-08 23:41 - 2016-01-24 23:49 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

2016-03-08 23:41 - 2016-01-24 23:49 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2016-03-08 23:41 - 2016-01-24 23:49 - 00331608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys

2016-03-08 23:41 - 2016-01-24 17:27 - 01335296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll

2016-03-08 23:41 - 2016-01-24 17:15 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll

2016-03-08 23:41 - 2016-01-10 22:11 - 01707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll

2016-03-08 23:41 - 2016-01-10 22:01 - 01344512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll

2016-03-08 23:41 - 2016-01-09 07:19 - 00218448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll

2016-03-08 23:41 - 2016-01-09 07:19 - 00192120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll

2016-03-08 23:41 - 2016-01-09 07:08 - 00091992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys

2016-03-08 23:41 - 2016-01-07 05:16 - 00148752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll

2016-03-08 23:41 - 2016-01-07 05:15 - 00177712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll

2016-03-08 23:41 - 2016-01-06 23:55 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys

2016-03-08 23:41 - 2016-01-06 22:17 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll

2016-03-08 23:41 - 2015-11-19 20:03 - 00994760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll

2016-03-08 23:41 - 2015-11-19 19:56 - 00922432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll

2016-03-08 23:40 - 2016-02-06 00:37 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL

2016-03-08 23:40 - 2016-02-06 00:37 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL

2016-03-08 23:40 - 2016-02-05 20:33 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll

2016-03-08 23:40 - 2016-02-05 20:30 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll

2016-03-08 23:40 - 2016-02-04 23:48 - 04174336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2016-03-08 23:40 - 2016-02-04 23:48 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2016-03-08 23:40 - 2016-02-04 23:42 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2016-03-08 23:40 - 2016-02-04 23:14 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2016-03-08 23:40 - 2016-02-04 23:09 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2016-03-08 23:40 - 2016-02-04 22:54 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll

2016-03-08 23:40 - 2016-02-04 22:32 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll

2016-03-08 23:40 - 2016-02-01 00:46 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS

2016-03-08 23:40 - 2016-01-15 22:26 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll

2016-03-08 23:40 - 2016-01-15 22:15 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll

2016-03-08 23:40 - 2016-01-05 20:30 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe

2016-03-08 23:40 - 2015-12-31 02:19 - 00470360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys

2016-03-08 23:40 - 2015-12-20 20:27 - 00839168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll

2016-03-08 23:40 - 2015-12-20 20:26 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe

2016-03-08 23:40 - 2015-12-20 20:13 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll

2016-03-07 04:18 - 2016-03-07 05:28 - 00000000 ____D C:\Users\Neville\Desktop\CPA

2016-03-05 01:16 - 2016-03-24 08:42 - 00016084 _____ C:\Users\Neville\Desktop\Reads.xlsx

2016-03-02 23:43 - 2016-03-02 23:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker

2016-03-02 10:21 - 2016-03-02 10:21 - 00269232 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys

2016-02-29 02:53 - 2016-03-25 17:09 - 00000000 ____D C:\Users\Neville\AppData\Local\PrivateTunnel

2016-02-29 02:53 - 2016-02-29 02:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Technologies

 

==================== One Month Modified files and folders ========

 

(If an entry is included in the fixlist, the file/folder will be moved.)

 

2016-03-27 05:07 - 2015-01-23 06:27 - 00000000 ___DO C:\Users\Neville\OneDrive

2016-03-27 05:07 - 2013-12-11 15:13 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-03-27 04:44 - 2014-04-04 01:42 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-03-27 04:41 - 2013-12-30 12:01 - 00000000 ____D C:\Users\Neville\AppData\Local\PokerStars

2016-03-27 03:09 - 2015-08-07 15:41 - 00003888 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2016-03-27 01:36 - 2014-07-22 05:22 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2016-03-27 01:34 - 2013-12-11 14:43 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2107339062-2504870960-3837946639-1001

2016-03-27 01:29 - 2014-07-22 05:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-03-27 01:29 - 2014-07-22 05:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-03-27 01:29 - 2014-01-10 23:25 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-03-27 01:21 - 2015-10-29 11:40 - 00000000 ____D C:\ProgramData\MFAData

2016-03-27 01:21 - 2015-01-25 13:56 - 00003774 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2EDEAA1B-DC61-4DA2-AC32-19AE130F8449}

2016-03-26 04:39 - 2013-12-11 14:46 - 00000000 ____D C:\Users\Neville\AppData\Roaming\Skype

2016-03-26 04:31 - 2014-03-26 14:52 - 00000000 ____D C:\ProgramData\BlueStacksSetup

2016-03-25 20:20 - 2014-04-04 01:42 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-03-25 20:20 - 2013-08-22 20:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-03-25 20:19 - 2013-08-22 18:55 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

2016-03-25 12:09 - 2014-08-21 02:45 - 00000302 _____ C:\Users\Neville\Desktop\Mileage Programs.txt

2016-03-25 09:26 - 2014-07-16 06:14 - 00000000 ____D C:\Users\Neville\Desktop\Crush Live Poker

2016-03-25 09:25 - 2014-07-15 16:19 - 00000000 ____D C:\Users\Neville\AppData\Roaming\vlc

2016-03-24 12:07 - 2013-12-11 15:13 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2016-03-24 10:10 - 2015-12-01 04:36 - 00001485 _____ C:\Users\Neville\Desktop\DNP list.txt

2016-03-24 01:43 - 2012-07-26 13:29 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-03-23 14:21 - 2013-08-22 21:06 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-03-23 03:02 - 2014-01-10 23:10 - 00000000 ____D C:\Users\Neville\AppData\Roaming\BitTorrent

2016-03-23 00:59 - 2013-08-22 18:55 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM

2016-03-22 10:30 - 2016-02-02 09:37 - 00000000 ____D C:\Users\Neville\AppData\Local\Bodog.eu

2016-03-21 02:42 - 2013-12-11 14:46 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-03-21 02:42 - 2013-12-11 14:46 - 00000000 ____D C:\ProgramData\Skype

2016-03-18 01:46 - 2013-08-22 19:06 - 00000000 ____D C:\WINDOWS\Inf

2016-03-18 01:41 - 2015-10-14 15:15 - 00000000 ____D C:\Users\Neville\.oracle_jre_usage

2016-03-18 01:15 - 2013-10-27 12:14 - 00000000 ____D C:\ProgramData\Sony

2016-03-18 01:15 - 2013-10-27 11:43 - 00000000 ____D C:\Program Files (x86)\Sony

2016-03-18 01:15 - 2013-10-27 11:31 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2016-03-16 08:09 - 2014-06-30 19:36 - 00000000 ____D C:\Users\Neville\AppData\Roaming\HoldemManager

2016-03-16 08:06 - 2014-06-30 19:36 - 00000000 ____D C:\Program Files (x86)\Holdem Manager 2

2016-03-16 03:53 - 2014-10-07 13:44 - 00000641 _____ C:\Users\Neville\Desktop\Dates for PR.txt

2016-03-15 04:45 - 2014-04-04 01:43 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-03-13 00:01 - 2015-12-23 02:02 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2016-03-12 06:26 - 2016-01-20 18:46 - 00000010 _____ C:\Users\Neville\Desktop\iPhone Songs.txt

2016-03-12 04:53 - 2015-09-24 21:18 - 00000000 ____D C:\Users\Neville\AppData\Roaming\Apple Computer

2016-03-12 04:43 - 2016-02-12 17:58 - 00000000 ____D C:\Users\Neville\Downloads\Piku.2015.720p.BluRay.x264.Hindi.AAC-ETRG

2016-03-12 02:13 - 2013-08-22 21:06 - 00000000 __RHD C:\Users\Public\Libraries

2016-03-11 23:26 - 2015-10-29 11:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2016-03-11 23:21 - 2013-08-22 20:14 - 00524536 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-03-11 02:48 - 2015-01-22 14:08 - 00000000 ____D C:\Users\postgres

2016-03-11 02:47 - 2015-01-26 06:12 - 00000000 ____D C:\WINDOWS\system32\appraiser

2016-03-10 23:57 - 2013-12-29 04:18 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-03-10 23:47 - 2013-12-29 04:18 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-03-10 20:46 - 2015-01-22 14:08 - 00000000 ____D C:\Users\Neville

2016-03-10 20:42 - 2015-01-22 14:08 - 00000000 ____D C:\Users\Guest

2016-03-10 14:09 - 2014-07-22 05:14 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2016-03-10 14:08 - 2014-07-22 05:14 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2016-03-10 14:08 - 2014-01-10 23:25 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2016-03-05 00:28 - 2014-03-10 22:59 - 00000000 ____D C:\Users\Neville\Desktop\Neville

2016-03-03 00:06 - 2013-12-12 07:17 - 00000000 ____D C:\Program Files (x86)\CarbonPoker

2016-03-02 23:50 - 2014-07-04 02:57 - 00000000 ____D C:\Program Files (x86)\Full Tilt Poker

2016-03-02 23:43 - 2014-10-02 10:48 - 00001549 _____ C:\ProgramData\Microsoft\Windows\Start Menu\partypoker.lnk

2016-03-02 23:43 - 2014-10-02 10:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2016-03-01 23:53 - 2014-01-03 14:15 - 00000000 ____D C:\ProgramData\Oracle

2016-03-01 22:53 - 2016-01-27 05:54 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll

2016-03-01 22:53 - 2016-01-27 05:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2016-03-01 22:53 - 2014-01-29 09:45 - 00000000 ____D C:\Program Files (x86)\Java

2016-03-01 14:24 - 2015-04-04 18:43 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX

2016-03-01 14:24 - 2015-04-04 18:43 - 00000000 ___SD C:\WINDOWS\system32\GWX

2016-02-29 02:53 - 2014-04-28 08:15 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies

 

==================== Files in the root of some directories =======

 

2015-10-27 00:46 - 2015-10-25 12:46 - 0000040 ____H () C:\Program Files (x86)\4e98b98d.tmp

2014-01-06 04:18 - 2014-01-06 04:18 - 0069291 _____ () C:\Program Files (x86)\hminstalllog.txt

2015-01-22 14:01 - 2015-01-22 14:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

 

Some files in TEMP:

====================

C:\Users\Neville\AppData\Local\Temp\sqlite3.dll

C:\Users\TEMP\AppData\Local\Temp\JExplorer32.2.7.1.dll

C:\Users\TEMP\AppData\Local\Temp\JExplorer32.2.7.1.exe

C:\Users\TEMP\AppData\Local\Temp\JExplorer64.2.7.1.dll

 

 

==================== Bamital & volsnap =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-09-18 03:09

 

==================== End of FRST.txt ============================

 

 

-----------------------------------

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01

Ran by Neville (2016-03-27 05:09:32)

Running from C:\Users\Neville\Desktop

Windows 8.1 (X64) (2015-01-23 00:52:19)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2107339062-2504870960-3837946639-500 - Administrator - Disabled)

Guest (S-1-5-21-2107339062-2504870960-3837946639-501 - Limited - Enabled) => C:\Users\Guest

Neville (S-1-5-21-2107339062-2504870960-3837946639-1001 - Administrator - Enabled) => C:\Users\Neville

postgres (S-1-5-21-2107339062-2504870960-3837946639-1003 - Limited - Enabled) => C:\Users\postgres

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: AVG AntiVirus Free Edition (Disabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition (Disabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

FW: AVG update module (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.15)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated)

Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

AVG (Version: 16.51.7497 - AVG Technologies) Hidden

AVG 2016 (Version: 16.0.4545 - AVG Technologies) Hidden

AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.22.1.58906 - AVG Technologies)

AVG PC TuneUp (x32 Version: 16.22.3 - AVG Technologies) Hidden

AVG Protection (HKLM\...\AVG) (Version: 2016.51.7497 - AVG Technologies)

BitTorrent (HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\BitTorrent) (Version: 7.9.5.41866 - BitTorrent Inc.)

BitTorrent (HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\BitTorrent) (Version: 7.8.2.30445 - BitTorrent Inc.)

BlueStacks App Player (HKLM-x32\...\{DCDD7FA2-3933-4722-9089-0B95A132B37D}) (Version: 2.1.0.5905 - BlueStack Systems, Inc.)

BodogPoker (HKLM-x32\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E7}}_is1) (Version:   - )

Bovada Hand Converter (HKLM-x32\...\{1843AD45-F895-4E7B-BC65-CD1F76B48HDC}_is1) (Version: 1.0.0.43 - Ace Poker Solutions)

Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.181 - Broadcom Corporation)

Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.125 - Broadcom Corporation)

CarbonPoker (HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\CarbonPoker) (Version: 6.0 - )

CarbonPoker (HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\CarbonPoker) (Version: 6.0 - )

CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)

CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5790 - CDBurnerXP)

Dropbox (HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\Dropbox) (Version: 2.6.2 - Dropbox, Inc.)

ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )

f.lux (HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\Flux) (Version:  - )

f.lux (HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\Flux) (Version:  - )

FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

FMW 1 (Version: 1.62.2 - AVG Technologies) Hidden

Full Tilt Poker (HKLM-x32\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 5.14.1.WIN.FullTilt.COM - )

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)

Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

Holdem Manager (HKLM-x32\...\HoldemManager) (Version:  - )

Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version:  - )

ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)

Intel® PROSet/Wireless NFC Software (HKLM\...\Intel® PROSet/Wireless NFC Software) (Version: 1.1.1.002 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Intertops Poker (HKLM-x32\...\Intertops Poker) (Version: 2.0.1.8547 - Intertops Poker)

ISO to USB (HKLM-x32\...\{D08A30AC-A663-4EA8-8D81-B98E17F19F1C}_is1) (Version:  - isotousb.com)

iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)

Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)

Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft SkyDrive (HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)

Microsoft SkyDrive (HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)

Networkx64 (Version: 1.0.0 - Sony Corporation) Hidden

OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)

partypoker (HKLM-x32\...\PartyPoker) (Version:  - PartyGaming)

Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.248 - Google, Inc.)

PokerStars (HKLM-x32\...\PokerStars) (Version:  - PokerStars)

PokerStars Beta (HKLM-x32\...\PokerStars Beta) (Version:  - PokerStars Beta)

PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)

PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.5.5.14 - OpenVPN Technologies)

Reader for PC (HKLM-x32\...\{25340F94-F74E-4CCF-ABDF-ECBCF03911BE}) (Version: 2.0.00.07121 - Sony Corporation)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7177 - Realtek Semiconductor Corp.)

Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.28135 - Realtek Semiconductor Corp.)

RedKings Poker 1.0.0 (HKLM-x32\...\RedKings Poker_is1) (Version: 1.0.0 - redkings)

Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden

Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)

Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)

Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.16.4.201603071758 - Sony Mobile Communications Inc.)

Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)

Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)

SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden

SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.5.0 - Synaptics Incorporated)

TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.38475 - TeamViewer)

Thrill Poker (HKLM-x32\...\thrillpoker (Poker)) (Version: 16.6.2.11243 - )

VAIO - Remote Keyboard (HKLM-x32\...\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}) (Version: 1.2.0.09270 - Sony Corporation)

VAIO - Remote Keyboard with PlayStation®3 (HKLM-x32\...\{E682702C-609C-4017-99E7-3129C163955F}) (Version: 1.2.1.05220 - Sony Corporation)

VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.3.11280 - Sony Corporation)

VAIO BIOS Data Transfer Utility (x32 Version: 1.0.0.02050 - Sony Corporation) Hidden

VAIO Care Hardware Diagnostics Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.8.0.13250 - Sony Corporation)

VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)

VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.2.0.03070 - Sony Corporation)

VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)

VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.11.0.13250 - Sony Corporation)

VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.2.0.01230 - Sony Corporation)

VAIO Gesture Control (x32 Version: 2.2.0.01230 - Sony Corporation) Hidden

VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.3.00.10220 - Sony Corporation)

VAIO Image Optimizer (x32 Version: 3.1.00.14260 - Sony Corporation) Hidden

VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.2.0.01240 - Sony Corporation)

VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.1.0.02220 - Sony Corporation)

VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.3.01.11140 - Sony Corporation)

VAIO Movie Creator (x32 Version: 4.1.01.15140 - Sony Corporation) Hidden

VAIO Sample Music (HKLM-x32\...\{FBEE3D44-0933-4B84-BB6A-49957F89187F}) (Version: 1.0.0.03051 - Sony Corporation)

VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)

VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.1.0.08060 - Sony Corporation)

VCCMMx64 (Version: 1.0.0 - Sony Corporation) Hidden

VCCMMx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden

VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VIx64 (Version: 1.0.0 - Sony Corporation) Hidden

VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

VoipConnect (HKLM-x32\...\VoipConnect_is1) (Version: 4.14 build 760 - Finarea S.A. Switzerland)

VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden

VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden

VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden

VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden

VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6400 - Broadcom Corporation)

William Hill Poker (HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\William Hill Poker) (Version:  - )

William Hill Poker (HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\William Hill Poker) (Version:  - )

Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)

WinISO (HKLM-x32\...\WinISO) (Version: 6.4.0.5170 - WinISO Computing Inc.)

WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {06579122-4774-4FE5-BA42-2DFCD63E686B} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)

Task: {079EEEEE-DE33-4C0D-9F49-5428DC4EA542} - System32\Tasks\0915tbUpdateInfo => C:\ProgramData\Avg_Update_0915tb\0915tb_{CAFCF47A-5BF8-451F-85F6-5B5B73064D94}.exe

Task: {0B929CE9-5CD0-47A6-9859-0423FCA07A18} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-11-29] (Sony Corporation)

Task: {0EB38FC8-EB83-41E6-862F-84002080840C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)

Task: {11183CC6-475F-4A52-9EEF-622927D6FEE0} - System32\Tasks\{B0988E86-0FC5-4456-B793-57B83BE615AA} => pcalua.exe -a C:\Users\Neville\Desktop\PokerStoveSetup121.exe -d C:\Users\Neville\Desktop

Task: {14247623-9215-4D5E-83DA-C5D35B069FF0} - System32\Tasks\Sony Corporation\VAIO Care\UpdateConfig => C:\ProgramData\Sony Corporation\VCM Data\UpdateConfig.exe [2015-03-03] (Sony Corporation)

Task: {28EAF5D8-B94E-418A-A4E3-DDB193749F87} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {2FBCE8A5-96DC-4092-B3AD-AC9E71801E2A} - System32\Tasks\Java Platform SE Auto Updater => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2016-01-29] (Oracle Corporation)

Task: {3F9B4FAF-468B-4583-9A33-402A4B8EA742} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2015-07-31] (Sony Corporation)

Task: {4F0CDC45-E6C1-41CA-B307-3DDF4AA23436} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)

Task: {5179E4E0-AA1B-48C0-B87F-9522BF8136AD} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2014-11-18] (Sony Corporation)

Task: {52E4841A-71D1-429B-8041-2303E3275D42} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {5498C027-A95D-4CC9-99B4-6ACEC1536CED} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)

Task: {56A8D7F9-58D8-48E0-BA81-2D60AAFB2BB5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-24] (Adobe Systems Incorporated)

Task: {684817BB-2A3D-4E29-94B0-CD3E80177905} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2013-01-23] (Sony Corporation)

Task: {6FB19CEE-A97B-468E-9405-292CFD3C450F} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-01-25] (Sony Corporation)

Task: {8F210BC0-738A-4D76-B866-CAAC5C3CEC4B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-10] (Microsoft Corporation)

Task: {A1806928-5204-420F-94D8-4390119A4658} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => C:\ProgramData\Sony Corporation\VAIO Care\UpdateContacts.exe

Task: {A226E913-2A47-4362-A349-EFFFA5792A3B} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient

Task: {A95F0D9D-F5CB-4F42-84A8-1D23E8C5E67A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

Task: {B78E69AE-B46C-4F0C-B396-CA3D1FC99691} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-05-27] (Synaptics Incorporated)

Task: {CA09D6D7-109F-40F9-8C4E-4D28080B49E7} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2015-08-07] (Sony Corporation)

Task: {D0686BE4-176F-47F2-B1A1-26848FA9E4E9} - System32\Tasks\Sony Corporation\VAIO Hardware Diagnostics\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2013-01-25] (Sony Corporation)

Task: {D2BDFCC8-A2A9-45B4-96AB-2A7ECE41DD7B} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2014-11-18] (Sony Corporation)

Task: {D5DE55C0-234E-45D9-9307-0CC90B346B85} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2016-02-15] (AVG Technologies CZ, s.r.o.)

Task: {DA446F9E-8A05-47FE-9B15-0C243127AFC0} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Shortcuts =============================

 

(The entries could be listed to be restored or removed.)

 

==================== Loaded Modules (Whitelisted) ==============

 

2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2013-04-03 01:33 - 2013-04-03 01:33 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll

2013-09-05 09:47 - 2013-09-05 09:47 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-21 01:53 - 2010-10-21 01:53 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2016-02-19 02:52 - 2016-02-19 02:52 - 01493224 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe

2014-01-06 04:15 - 2011-01-28 10:45 - 00172032 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\LIBPQ.dll

2014-01-06 04:15 - 2009-02-13 00:31 - 00976384 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\libxml2.dll

2014-01-06 04:15 - 2005-07-20 16:18 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\zlib1.dll

2016-02-25 16:06 - 2016-03-12 02:13 - 03306496 _____ () C:\Program Files (x86)\BlueStacks\libGLESv2.dll

2015-10-29 11:36 - 2015-10-29 11:34 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll

2013-10-27 11:30 - 2013-01-23 14:56 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2013-09-05 09:44 - 2013-09-05 09:44 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-21 02:15 - 2010-10-21 02:15 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2016-03-15 04:45 - 2016-03-08 08:18 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll

2016-03-15 04:45 - 2016-03-08 08:18 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll

2016-02-11 18:50 - 2016-02-11 18:50 - 03378688 _____ () C:\ProgramData\BlueStacksGameManager\xulrunner-sdk\mozjs.dll

2016-02-25 16:06 - 2016-03-12 02:13 - 00133120 _____ () C:\Program Files (x86)\BlueStacks\libEGL.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\007guard.com -> install.007guard.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\008k.com -> www.008k.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\00hq.com -> www.00hq.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\010402.com -> 010402.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\0scan.com -> www.0scan.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\10sek.com -> www.10sek.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\123simsen.com -> www.123simsen.com

 

There are 7864 more sites.

 

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\007guard.com -> install.007guard.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\008k.com -> www.008k.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\00hq.com -> www.00hq.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\010402.com -> 010402.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\0scan.com -> www.0scan.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\1-2005-search.com -> www.1-2005-search.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\1-domains-registrations.com -> www.1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\1000gratisproben.com -> www.1000gratisproben.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\1001namen.com -> www.1001namen.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\100888290cs.com -> mir.100888290cs.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\100sexlinks.com -> www.100sexlinks.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\10sek.com -> www.10sek.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\12-26.net -> user1.12-26.net

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\12-27.net -> user1.12-27.net

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\123fporn.info -> www.123fporn.info

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\123haustiereundmehr.com -> www.123haustiereundmehr.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\123moviedownload.com -> www.123moviedownload.com

IE restricted site: HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\123simsen.com -> www.123simsen.com

 

There are 7864 more sites.

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 18:55 - 2013-08-22 18:55 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

 

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Neville\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Sony\VAIO 13 img1 Wallpaper 1366x768.jpg

DNS Servers: 192.168.2.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

(Currently there is no automatic fix for this section.)

 

HKLM\...\StartupApproved\StartupFolder: => "PrivateTunnel.lnk"

HKLM\...\StartupApproved\Run: => "Bluetooth"

HKLM\...\StartupApproved\Run: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "Adobe ARM"

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

HKLM\...\StartupApproved\Run32: => "BCSSync"

HKLM\...\StartupApproved\Run32: => "vProt"

HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"

HKLM\...\StartupApproved\Run32: => "Dropbox"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\StartupApproved\Run: => "CloudSystemBooster"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\StartupApproved\Run: => "Google Update"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\StartupApproved\Run: => "CPN Notifier"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\StartupApproved\Run: => "*LABAL*"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\StartupApproved\Run: => "iCloudServices"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\StartupApproved\Run: => "ApplePhotoStreams"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1001\...\StartupApproved\Run: => "iCloudDrive"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\StartupApproved\Run: => "CloudSystemBooster"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\StartupApproved\Run: => "Google Update"

HKU\S-1-5-21-2107339062-2504870960-3837946639-1003\...\StartupApproved\Run: => "CPN Notifier"

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{F084201A-A7D8-44A9-A765-F0D9584E5EFD}] => (Allow) C:\Program Files (x86)\Intertops Poker\PokerClient.exe

FirewallRules: [{4434A480-C8DA-41E6-A1B3-A739C9A96B69}] => (Allow) C:\Program Files (x86)\Intertops Poker\PokerClient.exe

FirewallRules: [{3ECC34DC-19CA-4393-A2E3-41E2820A2225}] => (Allow) C:\Users\Neville\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{A1D51E74-2948-469A-928F-704EBD4CDFA8}] => (Allow) C:\Users\Neville\AppData\Roaming\BitTorrent\BitTorrent.exe

FirewallRules: [{7A7D3E58-B6F5-4532-A839-204CE20ACE00}] => (Allow) LPort=5432

FirewallRules: [{B3F73D6A-D788-4282-A2C9-7D394868C820}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

FirewallRules: [{DF8C06FD-95DB-4BCE-AD7C-2FBE6CB042BF}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

FirewallRules: [{CE415401-76A6-40E4-8BB2-7FE79BA8AF22}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [TCP Query User{1F93BCB9-CC2D-4BB4-B163-FEC221BBBCAD}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe

FirewallRules: [UDP Query User{B7761E61-F2AC-48BD-A196-07CCE1A1DF3D}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe

FirewallRules: [{94592703-7F49-4685-97C3-1997490A0C8F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{B467D672-A6BD-4AD7-863B-78ACA6FF3408}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{3672522E-52BB-46C8-ADAE-56456380960F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{1D97DD2B-FB72-4C9C-A448-357F636917ED}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [TCP Query User{39E7E607-6D17-4793-BB76-D03AAAD55F23}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe

FirewallRules: [UDP Query User{646241AB-77E1-467B-AFFF-C2A2908663CB}C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe] => (Allow) C:\program files (x86)\voipconnect.com\voipconnect\voipconnect.exe

FirewallRules: [TCP Query User{FCC9C41D-06D4-41C4-B398-B16209969AFA}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe

FirewallRules: [UDP Query User{BF7F3FA2-3AA9-4BB5-AB25-D6D2592458BB}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe

FirewallRules: [TCP Query User{62C78096-5BC7-48E3-BCA8-5EBB53B3D9DB}D:\ezwizard.exe] => (Allow) D:\ezwizard.exe

FirewallRules: [UDP Query User{2468B7C0-AA2E-40A5-BFC9-4C1FD60A1FF5}D:\ezwizard.exe] => (Allow) D:\ezwizard.exe

FirewallRules: [{3ADC594E-A7F8-457F-8DC0-D0F9B3318877}] => (Block) D:\ezwizard.exe

FirewallRules: [{51111525-21CD-4A69-ADD3-4E0E9A4C7BF7}] => (Block) D:\ezwizard.exe

FirewallRules: [{DFD8FEDE-1A30-4E81-A85D-6208F622E0A0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{0825714A-D8AD-4144-A3F3-B7D56AC6CE90}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{1FB5EBF2-CD7E-472C-8078-C2657DDF8351}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{16631159-A572-4E19-B961-FCCC40DF3B20}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{3263A5A8-8D5F-4316-8FF0-DB988CCA9F8E}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{5241025F-F366-4041-9BEE-041CFB78C144}] => (Allow) C:\Program Files (x86)\Intertops Poker\PokerClient.exe

FirewallRules: [{8A7FE851-DC0F-4127-B429-54D67EE3EB65}] => (Allow) C:\Program Files (x86)\Intertops Poker\PokerClient.exe

FirewallRules: [TCP Query User{AF69AC9B-D617-4315-A8AD-1A751F6146D3}C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe

FirewallRules: [UDP Query User{0656834B-50F0-4724-A184-944648411456}C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\jp2launcher.exe

FirewallRules: [{41B2D95D-C074-461A-B954-634D44990B8E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{6914FA57-7481-457E-A7A7-F1828CFE646B}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{A99B07CD-C6F0-4C2E-802E-1EA9C914042F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{3FE202F5-9041-436E-A8AF-3C964C1BAC0E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{0478E70F-E0C0-4368-A210-6B76FCE9F0E1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [{B5EE1D31-6D82-4F40-AC42-4528C7D5DC25}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [{C3F4AA5A-B9A4-4866-AA2E-9A008F860904}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe

FirewallRules: [{2A07E221-DDD9-4C40-93BF-EA49F4E58179}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe

FirewallRules: [{BE3662E4-EEA6-4EB7-BBE8-7C29157B42FD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{98321966-74DF-4B11-8692-B02212A3C595}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe

FirewallRules: [{5A36CD8D-BBA5-42D5-8F43-5019AB788A05}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe

 

==================== Restore Points =========================

 

12-02-2016 17:56:12 Windows Update

01-03-2016 14:23:51 Windows Update

05-03-2016 00:29:16 Removed Bonjour

10-03-2016 23:41:14 Windows Update

12-03-2016 02:13:45 Installed DirectX

18-03-2016 01:15:31 Sony PC Companion

25-03-2016 17:11:38 Restore Point Created by FRST

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (03/27/2016 05:11:01 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-03-02T23:41:01Z. Error Code: 0x80041318.

 

Error: (03/27/2016 05:10:31 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-03-02T23:40:31Z. Error Code: 0x80041318.

 

Error: (03/27/2016 05:10:01 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-03-02T23:40:01Z. Error Code: 0x80041318.

 

Error: (03/27/2016 05:08:43 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-03-02T23:38:43Z. Error Code: 0x80041318.

 

Error: (03/27/2016 05:08:13 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-03-02T23:38:13Z. Error Code: 0x80041318.

 

Error: (03/27/2016 05:07:45 AM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.

 

Error: (03/27/2016 05:07:43 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-03-02T23:37:43Z. Error Code: 0x80041318.

 

Error: (03/27/2016 05:07:13 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-03-02T23:37:13Z. Error Code: 0x80041318.

 

Error: (03/27/2016 05:06:43 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-03-02T23:36:43Z. Error Code: 0x80041318.

 

Error: (03/27/2016 05:06:13 AM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )

Description: Failed to schedule Software Protection service for re-start at 2116-03-02T23:36:13Z. Error Code: 0x80041318.

 

 

System errors:

=============

Error: (03/27/2016 03:06:42 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

%%1275

 

Error: (03/27/2016 03:06:42 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\Neville\AppData\Local\Temp\ehdrv.sys

 

Error: (03/27/2016 03:06:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

%%1275

 

Error: (03/27/2016 03:06:41 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\Neville\AppData\Local\Temp\ehdrv.sys

 

Error: (03/27/2016 03:06:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The eapihdrv service failed to start due to the following error: 

%%1275

 

Error: (03/27/2016 03:06:41 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\Users\Neville\AppData\Local\Temp\ehdrv.sys

 

Error: (03/26/2016 04:28:39 AM) (Source: DCOM) (EventID: 10010) (User: VAIO)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

Error: (03/25/2016 08:20:39 PM) (Source: NETLOGON) (EventID: 3095) (User: )

Description: This computer is configured as a member of a workgroup, not as

a member of a domain. The Netlogon service does not need to run in this

configuration.

 

Error: (03/25/2016 08:19:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

 

Error: (03/25/2016 08:19:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has stopped unexpectedly.

 

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

 

 

CodeIntegrity:

===================================

  Date: 2016-03-27 03:19:09.731

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\1\avgnetclix.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-27 03:19:08.606

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\1\avgnetclix.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-27 03:19:08.122

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-27 01:21:48.188

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-27 01:21:46.813

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-27 01:21:13.630

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-27 01:21:13.296

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-27 01:21:12.946

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-27 01:21:12.680

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2016-03-27 01:21:12.332

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\AVG\Framework\Common\avgfmwbasex.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz

Percentage of memory in use: 52%

Total physical RAM: 8070.8 MB

Available physical RAM: 3800.37 MB

Total Virtual: 9350.8 MB

Available Virtual: 4057.24 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:665.34 GB) (Free:537.83 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 698.6 GB) (Disk ID: F4E95A4A)

 

Partition: GPT.

 

==================== End of Addition.txt ============================

 

 

-----------------------------------

[Jr0x]

Hi geekyandhow,
 
I noticed that you have your AVG disabled. Please follow the steps below to enable it.

Enable AVG 2016

• Right-click the AVG icon in the system tray next to the clock.
• Click Enable AVG Protection

OK! Well done. Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please complete the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.

If you didn't uninstall ESET after running the program we will do it now.

Uninstall ESET

• Swipe in from the right edge of the screen, then tap Search. (If you're using a mouse, point to the top-right corner of the screen, move the mouse pointer down, then click Search.)
• Enter control panel in the search box, then tap or click Control Panel.
• Under View by:, select Large Icons, then tap or click Programs and features.
• In the list of programs installed, locate the following program(s):
  
  ESET
• Click on each program to highlight it and right click the program and click Uninstall.
• After the programs have been uninstalled, close the Installed Programs window and the Control Panel
• Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files\ESET
C:\Program Files (86)\ESET

2. Close Windows Explorer.

Tools CleanUp with DelFix

Download Delfix and save it to the Desktop.

• Right click the and click Run as Administrator.
• Ensure ALL boxes are checked.
  
• Click the Run button.
• The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

Delete the following Files and Folders (If Present):

Chrome Installer (ChromeSetup.exe)
Tweaking Registry Backup Installer (tweaking.com_registry_backup_setup.exe)
BFE.reg

Delete any other .bat, .log, .reg, .txt, and any other files created or downloaded during this process, and left on the desktop and empty the Recycle Bin.

Keeping your software updated

Windows Updates

• Swipe in from the right edge of the screen, then tap Search. (If you're using a mouse, point to the top-right corner of the screen, move the mouse pointer down, then click Search.)
• Enter control panel in the search box, then tap or click Control Panel.
• Under View by:, select Large Icons, then tap or click Windows Update.
• Click on Change Settings
  
  
• Select "Install updates automatically (recommended)" from the Important updates drop-down.
  
  
• Choose a day and a time when you know the computer will be on and connected to the internet. The default is 3:00AM every day.
• Ensure that all of the other check boxes are checked.
• Click OK.

Malwarebytes Anti-Malware

I recommend keeping Malwarebytes Anti-Malware installed. Make sure to update it and run it at least once a week. If it finds things such as PUP's (Potentially Unwanted Programs) you can delete those with no worries. However, if it finds something like a trojan, come see us.

Keep Java Updated

Java has become the #1 program exploited by thieves and hackers as of today. It's gotten so bad, the Department of Homeland Security recently recommended that users disable Java on their machines.

For more information regarding this, see the two articles below:

Forbes: US Department of Homeland Security Calls on user do disable Java

US warns on Java software

Unless you have software on your machine that absolutely requires Java, I highly recommend you completely remove it from your system.
If you do have software that requires it, then disable it until such time as it's needed by those programs.
Please click the link below for instructions to disable and uninstall Java.

How to Disable Java in your Web Browser

How to Completely Remove and Uninstall Java From Windows PC

Filehippo Updatechecker

Another weapon against malicious programs and viruses is to keeping other programs updated. There are several programs out there that can check for out of date programs on your computer. One is Filehippo. You can run this on a weekly or monthly basis to check your programs for updates and then it will provide a link for you to download them.

Download Filehippo Updatechecker

Tips, Information, and Optional Installation

Watch what you open in your emails. If you get an email from an unknown source with any attached files, do not open it.

Be careful of the websites you visit.

When installing new programs, don't be "click happy" and click through the screens. Many programs come with adware in them and are set to install them by default. Several programs require that you uncheck or select no to prevent the installation. Take you time and read each screen as you go.

To help protect yourself while on the web, I recommend you read Answers to common security questions - Best Practices

Installation of Unchecky (Optional)

This is a very good little program that will automatically uncheck any boxes during a software installation. This helps prevent the software from installing any malware that is by default checked while the program is being installed.

Click here to be taken to Unchecky.com

Click the very large Download button.

Click Save

Once downloaded, double click the program (Vista, Win 7, and 8, right click and Run as Administrator)

Once open, click the Install button.



Then click Finish



Unchecky is now installed and will help you keep unwanted check boxes unchecked.

Installation of CryptoPrevent (Optional)

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You may read more about this here.

To download and install:

• Click CryptoPrevent
• Under the Free Edition column, enter your name and email and click on Request Download Link button to request for a download link
• Once received a link in your email (may need to check your Junk mail), download the tool to your Desktop
• Open the program by clicking Run when prompted from your browser or by going to the Desktop where the file was saved and right-click and select Run as Administrator
• Accept all the defaults during the install. The last screen of the install has a checkmark in "Launch CryptoPrevent". This is good and will launch the program once you click Finish.
• You will get a prompt asking if you purchased a Product Key for Automatic Updates. You can answer No.
• You will then be prompted to learn more about automatic updates or if you want to purchase a key. This is up to you but you don't have to.
• You will be prompted to click OK to continue and select your protection level. Go ahead and click OK.
• Click the Apply button to set Default protection.
• You may get a message stating that Windows Sidebar and Desktop Gadgets are a major security vulnerability and asking you if you want to disable them. If you don't use these features, answer Yes.
• That's it. The protection is in place.

Note: The free version doesn't provide automatic updates. Periodically, you should open up the program (there is a shortcut on your desktop now) and select the Updates! menu....and select Check for Updates to see if there are any as this infection has serious consequences.

If you have any other questions, please feel free to ask me.

[geekyandhow]

Hi jR0x,

 

I did as you suggested except for the AVG. If you noticed, I had to disable AVG during ESET run, for which I had temporarily disabled it from the taskbar for 10 mins twice (although, I later realised that 10 mins was too less as ESET ran for over an hour).

 

Now today, I see a couple of weird things:

 

- Upon rebooting, most of the desktop icons remained white forever, and when I rebooted they were okay. Upon the next reboot, it's fine now.

- AVG is missing in the taskbar and won't load. Ever.

- Around 7-8 of my regular items loaded in the taskbar normally and now after 5 mins, they've all disappeared except Malwarebytes, Bluetooth devices and Action Center.

[geekyandhow]

Sorry, here's the Delfix.txt log...

 

 

# DelFix v1.012 - Logfile created 27/03/2016 at 16:24:27

# Updated 04/03/2015 by Xplode

# Username : Neville - VAIO

# Operating System : Windows 8.1  (64 bits)

 

~ Removing disinfection tools ...

 

Deleted : C:\FRST

Deleted : C:\AdwCleaner

Deleted : C:\Users\Neville\Desktop\Addition.txt

Deleted : C:\Users\Neville\Desktop\AdwCleaner.exe

Deleted : C:\Users\Neville\Desktop\esetsmartinstaller_enu.exe

Deleted : C:\Users\Neville\Desktop\Fixlog.txt

Deleted : C:\Users\Neville\Desktop\FRST.txt

Deleted : C:\Users\Neville\Desktop\FRST64.exe

 

~ Creating registry backup ... OK

 

~ Cleaning system restore ...

 

Deleted : RP #61 [Windows Update | 02/12/2016 12:26:12]

Deleted : RP #62 [Windows Update | 03/01/2016 08:53:51]

Deleted : RP #63 [Removed Bonjour | 03/04/2016 18:59:16]

Deleted : RP #64 [Windows Update | 03/10/2016 18:11:14]

Deleted : RP #65 [Installed DirectX | 03/11/2016 20:43:45]

Deleted : RP #66 [Sony PC Companion | 03/17/2016 19:45:31]

Deleted : RP #68 [Restore Point Created by FRST | 03/25/2016 11:41:38]

 

New restore point created !

 

~ Resetting system settings ... OK

 

########## - EOF - ##########

[Jr0x]

Hi geekyandhow,

 

Please see if these icons are hidden in the taskbar as shown below.

 

 

Remember to turn back on AVG now that ESET is no longer in play. Are you able to start AVG through other means such as opening from Desktop icon, or from the Start menu?

[geekyandhow]

Hi Jr0x,

 

It was missing before, but I manually opened it from Search and it seems to have returned back. However, I notice a new icon in my tray which says "Event Viewer" which says My location was accessed recently. No idea where did it pop up from?

 

Thanks!

[Jr0x]

Hi geekyandhow,

 

 

 

However, I notice a new icon in my tray which says "Event Viewer" which says My location was accessed recently. 

 

That's a alert only in Windows 8, 8.1, 10.

 

To disable it, you can perform the following.

• Press “Wind + C” keyboard keys.
• Click on “Settings” from the window that will be displayed on your device.
• Then go towards “Change PC settings”.
• From the left panel of your window, click on “Privacy”.
• Also pick “Location”.
• And now just turn off the location access service and you are done.

 

For more information, please read here.

[Essexboy]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.