Solved First check-up scan

simonb87

Posts: 22   +0
Hi,

Just followed the 4-step thread and wanted to run this to see if there is anything that shouldn't be there. Computer has been playing up lately after I cleaned various virus/malware. Once issue is that when it gets to the desktop when laptop first booted it will freeze for about 4-5 mins before I'm able to click on any icons or open anything. Also MSE (anti-virus software) keeps turning itself off at times as keep getting windows notifications to turn back on.

First logs posted below. Cheers
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Simon (administrator) on SIMON-PC (16-12-2016 16:54:18)
Running from C:\Users\Simon\Downloads
Loaded Profiles: Simon & postgres (Available Profiles: Simon & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Flux Software LLC) C:\Users\Simon\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2370856 2010-09-24] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\Run: [F.lux] => C:\Users\Simon\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)
HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\MountPoints2: F - F:\SETUP.EXE
HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\MountPoints2: {2a1d79bc-2f50-11e2-843e-001e101fa2bb} - G:\AutoRun.exe
HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\MountPoints2: {3a208e75-dcbc-11e1-b138-14feb5ab73c2} - F:\AutoRun.exe
HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\MountPoints2: {43f8b5ff-1b76-11e2-9310-14feb5ab73c2} - G:\AutoRun.exe
HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\MountPoints2: {56cca580-1af8-11e2-a845-14feb5ab73c2} - F:\AutoRun.exe
HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\MountPoints2: {6b0fa2f5-1af6-11e2-871b-14feb5ab73c2} - F:\AutoRun.exe
HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\MountPoints2: {6b0fa309-1af6-11e2-871b-14feb5ab73c2} - F:\AutoRun.exe
HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\MountPoints2: {817d1276-db36-11e1-b00e-14feb5ab73c2} - F:\AutoRun.exe
HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\MountPoints2: {817d1288-db36-11e1-b00e-14feb5ab73c2} - F:\AutoRun.exe
HKU\S-1-5-18\...\Run: [HanaConnect] => "C:\Program Files (x86)\HanaMobile\HanaConnect\StarterApp.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => No File
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog9 01 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-07] (Lavasoft Limited)
Winsock: Catalog9 02 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-07] (Lavasoft Limited)
Winsock: Catalog9 03 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-07] (Lavasoft Limited)
Winsock: Catalog9 04 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-07] (Lavasoft Limited)
Winsock: Catalog9 16 C:\Windows\SysWOW64\LavasoftTcpService.dll [345360 2015-10-07] (Lavasoft Limited)
Winsock: Catalog9-x64 01 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-07] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-07] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-07] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-07] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\Windows\system32\LavasoftTcpService64.dll [425744 2015-10-07] (Lavasoft Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4B1662B1-8625-4BAE-86F6-94EBD87CD8A5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{84203CBC-4261-4B96-82B3-A76FD9C27360}: [DhcpNameServer] 172.20.10.1

Internet Explorer:
==================
HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?fr=vmn&type=auslog_yaapp1_hp
HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
HKU\S-1-5-21-1326312913-1543494360-2169407760-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/solidyoutube/{60D694DF-65F2-4A39-85E3-67EE94669878}
HKU\S-1-5-21-1326312913-1543494360-2169407760-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
URLSearchHook: [S-1-5-21-1326312913-1543494360-2169407760-1005] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {419EDEF7-92C6-48D5-895D-9F83F128870D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {419EDEF7-92C6-48D5-895D-9F83F128870D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E2FB2571-A71F-4BEE-B559-8F5C2AC618FA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {E2FB2571-A71F-4BEE-B559-8F5C2AC618FA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1326312913-1543494360-2169407760-1001 -> DefaultScope {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp1_ch&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1326312913-1543494360-2169407760-1001 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-1326312913-1543494360-2169407760-1001 -> {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp1_ch&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1326312913-1543494360-2169407760-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1326312913-1543494360-2169407760-1001 -> {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://www.bigseekpro.com/search/browser/solidyoutube/{60D694DF-65F2-4A39-85E3-67EE94669878}?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1326312913-1543494360-2169407760-1001 -> {E2FB2571-A71F-4BEE-B559-8F5C2AC618FA} URL =
SearchScopes: HKU\S-1-5-21-1326312913-1543494360-2169407760-1005 -> DefaultScope {E2FB2571-A71F-4BEE-B559-8F5C2AC618FA} URL =
SearchScopes: HKU\S-1-5-21-1326312913-1543494360-2169407760-1005 -> {E2FB2571-A71F-4BEE-B559-8F5C2AC618FA} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-10-30] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-10-30] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\58ps9lyh.default-1407246833247
FF NewTab: hxxp://google.com/
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxps://search.yahoo.com/?fr=vmn&type=auslog_yaapp1_hp
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-11-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-11-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-1326312913-1543494360-2169407760-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Simon\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-21] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\58ps9lyh.default-1407246833247\searchplugins\google-lavasoft.xml [2015-10-07]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-09-11]
FF Extension: Adblock Plus - C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\58ps9lyh.default-1407246833247\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-02]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-09-16]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-05]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.bettinggods.com/blog-2/
CHR StartupUrls: Default -> "hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_pltk_15_07&param1=1&param2=f%253D7%26b%3DChrome%26cc%3Dgb%26pa%3DWinYahoo%26cd%3D2XzuyEtN2Y1L1Qzuzz0C0AzyzztBzzyDtByE0E0ByBtB0E0EtN0D0Tzu0StCtCtAzztN1L2XzutAtFyBtFyCtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StC0B0B0B0A0A0D0AtG0FtAtB0DtG0C0CyB0CtGyByCtD0DtGyDtC0CyCyDtA0B0F0F0CtByE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CtDyB0EyCyDtC0FtG0A0AzzzztGyEtAzytCtG0A0EtC0BtGyB0DtBtAyDtD0ByDtDtDzzyC2Q%26cr%3D664696211%26a%3Dwny_pltk_15_07%26os%3DWindows 7 Home Premium"
CHR Profile: C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (Google Docs Offline) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (AdBlock) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-07]
CHR Extension: (Auto Refresh) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifooldnmmcmlbdennkpdnlnbgbmfalko [2015-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-03]
CHR Extension: (Unisales) - C:\ProgramData\cngijofimaelgigkibgffjdjhaglooao\ []

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]
S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2016-10-30] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S4 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC) [File not signed]
R2 postgresql-8.4; C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe [66048 2011-01-28] (PostgreSQL Global Development Group) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 jumi; C:\Windows\System32\DRIVERS\jumi.sys [15160 2010-06-03] (Windows (R) Codename Longhorn DDK provider)
S3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2013-02-26] (Windows (R) Win 7 DDK provider)
S3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2013-02-26] (Windows (R) Win 7 DDK provider)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2014-10-14] (The OpenVPN Project)
S3 cpuz137; \??\C:\Users\Simon\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S4 nvpciflt; \SystemRoot\system32\DRIVERS\nvpciflt.sys [X]
S3 RkHit; \??\C:\Windows\system32\drivers\RKHit.sys [X]
S1 SASDIFSV; \??\C:\Users\Simon\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Users\Simon\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [X]
S3 WinRing0_1_2_0; \??\C:\Users\Simon\AppData\Local\Temp\Rar$EX05.784\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-16 16:54 - 2016-12-16 16:55 - 00025015 _____ C:\Users\Simon\Downloads\FRST.txt
2016-12-16 16:54 - 2016-12-16 16:54 - 00000000 ____D C:\FRST
2016-12-16 16:52 - 2016-12-16 16:53 - 02193920 _____ (Farbar) C:\Users\Simon\Downloads\FRST64.exe
2016-12-16 16:12 - 2016-12-16 16:12 - 00000165 ____H C:\Users\Simon\Documents\~$Bet Archive - 2016 onwards.xlsx
2016-12-14 19:37 - 2016-12-14 19:37 - 00000000 ____D C:\Users\Simon\Desktop\ECP APPEAL
2016-12-14 18:12 - 2016-12-14 18:12 - 00003536 ____N C:\bootsqm.dat
2016-12-14 14:47 - 2016-12-14 14:47 - 00001144 _____ C:\Users\Simon\Downloads\DyK5prvU20161214094654.zip
2016-12-12 23:21 - 2016-12-12 23:21 - 01058214 _____ C:\Users\Simon\Downloads\WakeupOnStandBy (1).zip
2016-12-12 23:08 - 2016-12-16 15:56 - 00000336 _____ C:\Windows\setupact.log
2016-12-12 23:08 - 2016-12-12 23:08 - 00000000 _____ C:\Windows\setuperr.log
2016-12-12 19:34 - 2016-12-12 19:34 - 00001275 _____ C:\Users\Simon\Desktop\Auslogics Disk Defrag.lnk
2016-12-12 19:29 - 2016-12-12 19:30 - 08409136 _____ (Auslogics Labs Pty Ltd ) C:\Users\Simon\Downloads\disk-defrag-setup.exe
2016-12-12 19:15 - 2016-12-12 19:15 - 00020266 _____ C:\Users\Simon\Documents\cc_20161212_191536.reg
2016-12-12 18:57 - 2016-12-12 18:57 - 00000000 ____D C:\Users\Simon\AppData\Roaming\CleanMyPC
2016-12-12 18:00 - 2016-12-12 18:57 - 00000000 ____D C:\Program Files\CleanMyPC
2016-12-12 18:00 - 2016-12-12 18:00 - 00000000 ____D C:\ProgramData\MacPaw Inc
2016-12-12 17:59 - 2016-12-12 18:00 - 20648456 _____ (MacPaw, Inc. ) C:\Users\Simon\Downloads\CleanMyPC.exe
2016-12-11 22:05 - 2016-12-11 22:07 - 00000000 ____D C:\Program Files (x86)\PCPitstop
2016-12-11 22:05 - 2016-12-11 22:06 - 00000000 ____D C:\ProgramData\PCPitstop
2016-12-11 22:05 - 2016-12-11 22:05 - 00755368 _____ (PC Pitstop LLC ) C:\Users\Simon\Downloads\driveralert2-setup-0004.exe
2016-12-08 20:06 - 2016-12-08 20:06 - 00001740 _____ C:\Users\Simon\Downloads\nAThNxJd20161208150640.zip
2016-11-20 01:59 - 2016-11-20 01:59 - 00002132 _____ C:\Users\Simon\Downloads\qUm3VX9120161119205855.zip
2016-11-19 10:05 - 2016-11-19 10:05 - 00573373 _____ C:\Users\Simon\Downloads\DMR_Bet_Recorder.zip
2016-11-19 02:23 - 2016-11-19 02:23 - 00001861 _____ C:\Users\Simon\Downloads\yqmvHoDn20161118212231.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-16 16:50 - 2014-12-01 12:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-16 16:39 - 2015-12-31 16:46 - 01315180 _____ C:\Users\Simon\Documents\Bet Archive - 2016 onwards.xlsx
2016-12-16 16:17 - 2015-10-21 22:25 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1326312913-1543494360-2169407760-1001.job
2016-12-16 16:12 - 2014-09-16 12:11 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-12-16 16:08 - 2009-07-14 04:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-16 16:08 - 2009-07-14 04:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-16 16:07 - 2009-07-14 05:10 - 01619331 _____ C:\Windows\WindowsUpdate.log
2016-12-16 15:57 - 2014-09-16 12:11 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-12-16 15:57 - 2011-07-11 10:59 - 00000000 ____D C:\Users\Simon\AppData\Local\SoftThinks
2016-12-16 15:56 - 2013-07-25 14:59 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-16 15:56 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-16 12:05 - 2011-08-26 22:05 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Skype
2016-12-16 11:47 - 2015-02-03 14:28 - 00000388 _____ C:\Windows\Tasks\update-sys.job
2016-12-16 11:29 - 2015-10-21 22:25 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1326312913-1543494360-2169407760-1001.job
2016-12-16 10:51 - 2015-02-03 14:28 - 00000388 _____ C:\Windows\Tasks\update-S-1-5-21-1326312913-1543494360-2169407760-1001.job
2016-12-16 08:56 - 2015-12-01 14:41 - 00000000 ____D C:\Program Files (x86)\PokerStars.UK
2016-12-16 08:56 - 2011-07-11 15:54 - 00000000 ____D C:\Users\Simon\AppData\Local\PokerStars.UK
2016-12-16 01:14 - 2011-07-12 12:28 - 00000000 ____D C:\Users\Simon\AppData\Roaming\HoldemManager
2016-12-16 00:40 - 2015-12-29 20:34 - 00000000 ____D C:\Users\Simon\Documents\888poker
2016-12-15 00:20 - 2014-09-16 12:11 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-15 00:20 - 2014-09-16 12:11 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 22:13 - 2014-05-10 12:31 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-14 18:21 - 2009-07-14 05:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-13 16:50 - 2016-02-10 17:50 - 20364888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-12-13 16:50 - 2014-12-01 12:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-13 16:50 - 2014-09-10 17:12 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-13 16:50 - 2014-09-10 17:12 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-13 16:50 - 2014-09-10 17:12 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 16:50 - 2011-06-23 18:33 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-13 12:20 - 2016-09-16 21:11 - 00195112 _____ C:\Users\Simon\Documents\Betting Gods - Level stakes .xlsx
2016-12-12 19:37 - 2015-10-07 16:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2016-12-12 19:37 - 2013-11-19 22:08 - 00000000 ____D C:\Program Files (x86)\Auslogics
2016-12-12 19:36 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\security
2016-12-12 19:36 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Resources
2016-12-12 19:36 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2016-12-12 19:36 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Help
2016-12-12 19:35 - 2013-09-13 18:43 - 00000000 ____D C:\ProgramData\Auslogics
2016-12-12 19:02 - 2012-08-26 20:40 - 00000000 ____D C:\Users\Simon\AppData\Local\CrashDumps
2016-12-12 19:02 - 2011-08-27 00:12 - 00000000 ____D C:\Users\Simon\AppData\Roaming\TeamViewer
2016-12-11 22:14 - 2011-07-11 15:43 - 00000000 ____D C:\Users\postgres
2016-12-10 23:51 - 2015-11-03 19:53 - 00000000 ____D C:\Users\Simon\Desktop\pocarr
2016-12-10 19:22 - 2015-10-21 22:25 - 00003684 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1326312913-1543494360-2169407760-1001
2016-12-10 19:22 - 2015-10-21 22:25 - 00003588 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1326312913-1543494360-2169407760-1001
2016-12-09 17:19 - 2011-06-23 18:51 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-12-09 17:14 - 2016-10-21 18:24 - 00000000 ____D C:\Users\Simon\AppData\Roaming\PioneerLog
2016-12-08 15:35 - 2011-06-23 19:15 - 00000000 ____D C:\ProgramData\Sonic
2016-12-04 23:21 - 2011-08-27 00:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-04 23:20 - 2016-11-07 15:48 - 00000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-02 08:50 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-01 22:59 - 2013-12-28 22:48 - 00000391 _____ C:\Users\Simon\Desktop\New Text Document.txt
2016-11-19 21:58 - 2015-12-29 20:32 - 00000000 ____D C:\Program Files (x86)\PacificPoker
2016-11-18 09:07 - 2011-06-23 18:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

==================== Files in the root of some directories =======

2011-07-11 15:44 - 2011-07-11 15:44 - 0068597 _____ () C:\Program Files (x86)\hminstalllog.txt
2015-01-06 22:17 - 2016-10-28 19:47 - 0236356 _____ () C:\Users\Simon\AppData\Local\ars.cache
2015-01-06 22:17 - 2016-10-28 19:47 - 0679826 _____ () C:\Users\Simon\AppData\Local\census.cache
2012-07-29 14:22 - 2012-07-29 14:22 - 0003584 _____ () C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-06 22:05 - 2015-01-06 22:05 - 0000036 _____ () C:\Users\Simon\AppData\Local\housecall.guid.cache
2011-07-11 11:14 - 2011-07-11 11:14 - 0001544 _____ () C:\Users\Simon\AppData\Local\PDLSetup.20110711.121441.txt
2012-05-04 14:55 - 2012-05-04 14:55 - 0001567 _____ () C:\Users\Simon\AppData\Local\PDLSetup.20120504.155513.txt
2015-04-08 14:47 - 2015-04-08 14:47 - 0001567 _____ () C:\Users\Simon\AppData\Local\PDLSetup.20150408.154706.txt
2012-08-13 18:41 - 2012-08-13 18:43 - 0020453 _____ () C:\Users\Simon\AppData\Local\PushPot.xml
2012-08-13 18:41 - 2012-08-13 18:43 - 0000251 _____ () C:\Users\Simon\AppData\Local\PushPotConfig.xml
2013-02-26 14:16 - 2016-05-16 16:59 - 0007605 _____ () C:\Users\Simon\AppData\Local\Resmon.ResmonCfg
2015-01-06 22:10 - 2016-10-28 19:21 - 0000010 _____ () C:\Users\Simon\AppData\Local\sponge.last.runtime.cache
2015-11-03 19:42 - 2014-05-04 22:14 - 0185013 _____ () C:\Users\Simon\AppData\Local\Temppt4TempNonAsciiFile
2015-02-03 14:28 - 2015-02-03 14:28 - 0000003 _____ () C:\Users\Simon\AppData\Local\updater.log
2015-02-03 14:28 - 2015-05-01 19:13 - 0000059 _____ () C:\Users\Simon\AppData\Local\UserProducts.xml
2012-05-11 04:38 - 2012-05-11 04:38 - 0004906 _____ () C:\ProgramData\bltofzsb.qlf
2015-10-30 01:13 - 2015-10-30 01:13 - 0004967 _____ () C:\ProgramData\flwjycbm.bab
2016-09-17 17:42 - 2016-09-17 17:42 - 0004143 _____ () C:\ProgramData\kmytnfun.aqy
2015-10-30 01:13 - 2015-10-30 01:13 - 0000016 _____ () C:\ProgramData\mntemp

Some files in TEMP:
====================
C:\Users\Simon\AppData\Local\Temp\setup.exe
C:\Users\Simon\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-12-11 21:02

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Simon (2016-12-16 16:56:03)
Running from C:\Users\Simon\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-07-11 10:59:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1326312913-1543494360-2169407760-500 - Administrator - Disabled)
Guest (S-1-5-21-1326312913-1543494360-2169407760-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1326312913-1543494360-2169407760-1003 - Limited - Enabled)
postgres (S-1-5-21-1326312913-1543494360-2169407760-1005 - Limited - Enabled) => C:\Users\postgres
Simon (S-1-5-21-1326312913-1543494360-2169407760-1001 - Administrator - Enabled) => C:\Users\Simon

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

888poker (HKLM-x32\...\888poker) (Version: - )
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AmericasCardroom (HKLM-x32\...\296836EA-EF3A-4C36-8C13-3A6C1DB2D4BE) (Version: 16.6 - IGSoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics Disk Defrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 7.1.0.0 - Auslogics Labs Pty Ltd)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Betting Assistant (HKLM-x32\...\{E501A34E-2643-424E-B0D5-D74D5E8AE855}) (Version: 1.3.0.27 - Gruss Software Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CardRunnersEV3 (HKLM\...\{2B06C19C-FEE4-4495-A38D-CFD22C3CC06C}) (Version: 3.1.8 - CardRunnersEV)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{75FCE33E-4E0C-4CE1-ADF0-75F258DF27A0}) (Version: 1.0.445 - Citrix)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.0.1011 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.0.1011 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
f.lux (HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\Flux) (Version: - )
Flopzilla (HKLM-x32\...\{5ECA37FE-912C-4BA3-82F2-2A7D21E63BD9}) (Version: 1.8.3 - Flopzilla)
GoldWave v5.58 (HKLM-x32\...\GoldWave v5.58) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GoToMeeting 7.28.0.6039 (HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\GoToMeeting) (Version: 7.28.0.6039 - CitrixOnline)
Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Holdem Manager (HKLM-x32\...\HoldemManager) (Version: - )
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - )
HoldemResources Calculator (HKLM-x32\...\HoldemResources Calculator) (Version: release - HoldemResources)
Huawei modem (HKLM-x32\...\Huawei Modems) (Version: - )
ICM Trainer (HKLM-x32\...\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}) (Version: 1.0.0 - PokerStrategy)
ICM Trainer Light (HKLM-x32\...\{3C630BB8-692D-4495-A0BD-40336CD51F99}) (Version: 1.4 - PokerStrategy.com)
ICMIZER 2 (HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\2893028187.www.icmpoker.com) (Version: - www.icmpoker.com)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel(R) Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Keycraft (remove only) (HKLM-x32\...\Keycraft) (Version: - )
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 47.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-GB)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 285.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 285.77 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 285.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.77 - NVIDIA Corporation)
NVIDIA Graphics Driver 285.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.77 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7426.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
partypoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Pioneer MIX 64bit Driver (HKLM\...\Pioneer MIX) (Version: 4.2.4.0001 - Pioneer DJ Corporation.)
PKR (HKLM-x32\...\PKR) (Version: - PKR Ltd)
PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version: - PokerStars.uk)
PokerStove version 1.24 (HKLM-x32\...\{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1) (Version: - )
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
rekordbox 4.2.4 64bit (HKLM\...\Pioneer rekordbox 4.2.4) (Version: 4.2.4.0001 - Pioneer DJ)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
SitNGo Wizard (HKLM-x32\...\SitNGoWizard) (Version: - In The Money LLC)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spek (HKLM-x32\...\{4F8477EA-40EE-4ABD-B3DC-F95E1AF8DE31}) (Version: 0.7.0 - Spek Project)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.15.0 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.71503 - TeamViewer)
VirtualDJ Home FREE (HKLM-x32\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\Warcraft III) (Version: - )
William Hill Poker (HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\William Hill Poker) (Version: - )
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1326312913-1543494360-2169407760-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Simon\AppData\Local\Citrix\GoToMeeting\5636\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2B792C2C-7FC6-406F-BC0E-70D27AF80BDC} - System32\Tasks\{7F069289-353A-4906-A99D-2FE49BB9FCEA} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\setup.exe"
Task: {3B384386-4C95-4F57-9BF9-13F2594C3B26} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {4420C4E7-9B5E-44E8-853B-10B8D22538E2} - System32\Tasks\G2MUploadTask-S-1-5-21-1326312913-1543494360-2169407760-1001 => C:\Users\Simon\AppData\Local\Citrix\GoToMeeting\6039\g2mupload.exe [2016-12-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {46F582A8-FEEB-4D62-9283-7200D75B8E97} - System32\Tasks\{424290AE-17CB-4572-9BDA-D38EF864847D} => Chrome.exe http://ui.skype.com/ui/0/7.17.0.105/en/abandoninstall?page=tsProgressBar
Task: {4E8657EC-5A69-4DF7-90A5-1E7D76BBFA1B} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-09-18] (Microsoft Corporation)
Task: {4F9A7517-061B-46B5-B2B2-C029D7C7552E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {52D7FE9F-FB9A-477A-A778-02861430C04D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {5C48BD50-9AEB-4604-85D4-AFF3123343E9} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {70CE8F24-C686-4089-91BE-AE86FD3C643A} - System32\Tasks\{0F66C448-61EA-4C57-8101-4073C445FEBB} => Chrome.exe http://ui.skype.com/ui/0/7.17.0.105/en/abandoninstall?page=tsProgressBar
Task: {7217077E-F240-4E94-ADA1-58B6DD852CB8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-11-02] (Microsoft Corporation)
Task: {7FC75B4E-6631-4088-9161-C9315584E482} - System32\Tasks\{08210D85-FC14-4C6A-BAEA-256197AA8F87} => pcalua.exe -a C:\PROGRA~2\PACIFI~1\UNWISE.EXE -c C:\PROGRA~2\PACIFI~1\INSTALL.LOG
Task: {A1732BBE-D414-4D39-B2D4-91056677E03D} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {A4AF27A5-0B7D-47CE-BC26-2E9DF48F12A5} - System32\Tasks\{749E6CC3-9E7A-4CBD-9B7D-29E0FA517CE0} => pcalua.exe -a C:\Users\Simon\Downloads\setup.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {AB00BDE1-1ABF-404F-B073-E1788E789DDF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {B41733D9-5ECB-4481-9391-A3D64D7EF66F} - System32\Tasks\{8602CB30-006B-4FF7-A091-AF00C4B900B6} => Firefox.exe http://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsProgressBar
Task: {BD5F09CC-C18C-4905-816C-A43385E81D83} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {C3F32C1F-B497-4760-8DC5-98681D5DDD81} - System32\Tasks\G2MUpdateTask-S-1-5-21-1326312913-1543494360-2169407760-1001 => C:\Users\Simon\AppData\Local\Citrix\GoToMeeting\6039\g2mupdate.exe [2016-12-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {CA26FD5A-F8AF-407C-9D29-79CB552CB299} - System32\Tasks\{D67F7DB3-ADF2-4A86-B070-09D92C75AF68} => Chrome.exe http://ui.skype.com/ui/0/7.17.0.105/en/abandoninstall?page=tsProgressBar
Task: {CF3E35A0-BAF6-49EF-9352-FF628F166ECC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {D2D73ACE-9B0B-4B22-AE2C-5B4B89131E92} - System32\Tasks\update-S-1-5-21-1326312913-1543494360-2169407760-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {D8DE922A-9CEE-438C-B5CA-968098FB8436} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [2014-11-28] ()
Task: {E525C7FA-734D-4CC3-B8B8-107F789A4A55} - System32\Tasks\{F1938C88-FED4-42A4-B6B3-DBDDAAB9C442} => Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsPlugin
Task: {EA949030-8BA0-41F2-8595-0D584CB1D965} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {EB901CD3-31C7-4B92-B545-93A754F5664A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0915tb_DELETE.job => C:\ProgramData\Avg_Update_0915tb\AVG-Secure-Search-Update_0915tb.exe
Task: C:\Windows\Tasks\AVG_SYS_TASK_0915tb_VALID.job => C:\ProgramData\Avg_Update_0915tb\AVG-Secure-Search-Update_0915tb.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1326312913-1543494360-2169407760-1001.job => C:\Users\Simon\AppData\Local\Citrix\GoToMeeting\6039\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1326312913-1543494360-2169407760-1001.job => C:\Users\Simon\AppData\Local\Citrix\GoToMeeting\6039\g2mupload.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\update-S-1-5-21-1326312913-1543494360-2169407760-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Loaded Modules (Whitelisted) ==============

2016-03-14 19:59 - 2016-10-30 16:12 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 00781536 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2011-06-23 18:37 - 2010-12-17 15:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2010-11-17 15:35 - 2010-11-17 15:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-07-11 15:42 - 2011-01-28 05:15 - 00172032 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\LIBPQ.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 00056544 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 00113888 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 00126176 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2011-07-11 15:42 - 2009-02-12 19:01 - 00976384 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\libxml2.dll
2011-07-11 15:42 - 2005-07-20 10:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\zlib1.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 01121504 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 00077024 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 00232672 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 00072928 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 00109792 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 00119008 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2010-11-25 03:44 - 2010-11-25 03:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2016-12-15 00:20 - 2016-12-08 07:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-15 00:20 - 2016-12-08 07:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS:s8vj4g0sk4d1
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Simon\Application Data:lv93ja32540f
AlternateDataStreams: C:\Users\Simon\AppData\Roaming:lv93ja32540f

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\webcompanion.com -> hxxp://webcompanion.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{84594247-C18B-4E94-AEB8-5738B6464B34}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{9CCB839D-D6B3-4873-AF4B-172C514CB49C}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{6C496456-AE46-46AA-9A8E-9C68B5F8B3C6}] => (Allow) LPort=5432
FirewallRules: [{B5F09514-F2FE-4F19-8102-15A2AB631F51}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{ECDFEEE9-34EF-413F-9528-C4988FEB0A54}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{45670A18-F7EA-4159-A745-F35BA1B69C34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{590D7788-84C2-4723-87D9-6E2D2CF9F8F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{45480E3F-4FA2-417F-9D05-66B5EED599FB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{62CA1F57-FF4D-44F2-9F93-69792B7C5AFB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CCED35AA-5123-4BB1-815F-E81004647079}] => (Allow) C:\Program Files (x86)\Remote Mouse\server\server.exe
FirewallRules: [{59184FFD-B91C-4CC7-A23B-678538FB10BD}] => (Allow) C:\Program Files (x86)\Remote Mouse\server\server.exe
FirewallRules: [{E734AB67-5D81-4E48-967E-4B368D94274B}] => (Allow) LPort=5720
FirewallRules: [{656ECDFA-0118-4DFE-A413-7FA7762BBAD8}] => (Allow) LPort=5720
FirewallRules: [{3EA0FBE6-3F1E-44B7-879D-3A56F9FFC18D}] => (Allow) LPort=5055
FirewallRules: [TCP Query User{0B38FA46-17EB-4437-B20F-6B6132FD1F1F}C:\program files (x86)\starcraft ii\starcraft ii.exe] => (Allow) C:\program files (x86)\starcraft ii\starcraft ii.exe
FirewallRules: [UDP Query User{55973D8C-5A8D-43AE-B60C-FD2230231B3C}C:\program files (x86)\starcraft ii\starcraft ii.exe] => (Allow) C:\program files (x86)\starcraft ii\starcraft ii.exe
FirewallRules: [{A1662C13-B8A9-49EC-BB41-04522A9EAF33}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{6A6B8421-94D6-4E93-B191-5CC601B91F35}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [TCP Query User{C589E4D3-B23D-4563-A2A3-A045FC3D5E31}C:\program files (x86)\warcraft iii\war3.exe] => (Block) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{9081E871-634C-4390-B6BE-D0EC12C21CA8}C:\program files (x86)\warcraft iii\war3.exe] => (Block) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [TCP Query User{2DE52227-B17B-4C25-8838-DAB47AA075F3}C:\program files (x86)\warcraft iii\war3.exe] => (Block) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{17CD78A8-BEAF-496E-8DA7-E242FC359598}C:\program files (x86)\warcraft iii\war3.exe] => (Block) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{C2F023F2-B8ED-4066-9CFE-3A86747D81C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F0A8F262-C680-4852-B328-D8FAC1408DA4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2CD7CC9D-C752-4F94-99AB-F91973AA2CDB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E5062A2C-34E3-4B76-8B22-00223A2708BD}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{560129F0-9164-4E73-8E1C-F915CC85AA80}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26B28F5E-BF53-430B-B307-CAD86A26B437}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5F25C695-7885-44E4-A593-C2DCACAB99CE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2DF2897C-A32D-4EC1-B48E-65796AAF7EF4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2749BA37-9662-483F-B524-527E60924C2E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{70107AA9-7100-4BB7-AE38-73BBFEBA6D21}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{76C27897-AD9B-4CDF-B402-DB38C7CA00B8}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{86AC3725-4CBE-4942-95C6-C5A39D081A0E}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{BED24229-A8C0-435F-BB56-97E4ED4634AE}] => (Allow) C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe
FirewallRules: [{7BECF288-2AD1-4D47-961D-3032A85FAA31}] => (Allow) C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe
FirewallRules: [{2E620581-CEFA-4115-8896-DFB5AA1F46DB}] => (Allow) C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe
FirewallRules: [{E8EF39B1-E88C-474C-8A1D-504A7305C351}] => (Allow) C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe
FirewallRules: [{4F6984EF-F62B-48C2-8C0A-65833137DF95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{443E6C22-E3E7-493E-BA80-634B374D8C0A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3998D6BA-CC46-4157-A12B-BF69306C3FF7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{875B4CDB-575D-4D01-B6F6-BDD8FFB2B979}C:\users\simon\appdata\local\holdemresources\calculator\calculator.exe] => (Allow) C:\users\simon\appdata\local\holdemresources\calculator\calculator.exe
FirewallRules: [UDP Query User{AAFB7887-8528-4935-A0A5-7FD29EE5A530}C:\users\simon\appdata\local\holdemresources\calculator\calculator.exe] => (Allow) C:\users\simon\appdata\local\holdemresources\calculator\calculator.exe
FirewallRules: [TCP Query User{3FC5E85C-8F21-453A-9D3B-28DC21E4C9F2}C:\program files (x86)\pacificpoker\bin\poker.exe] => (Block) C:\program files (x86)\pacificpoker\bin\poker.exe
FirewallRules: [UDP Query User{1C570C6E-9F35-44A5-B7E5-39CD2ABE0ED9}C:\program files (x86)\pacificpoker\bin\poker.exe] => (Block) C:\program files (x86)\pacificpoker\bin\poker.exe
FirewallRules: [{7049B4C6-B8BA-4051-82C1-045CA1A5F84C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{AE7D3F42-E905-4E9D-980B-AACC05C53143}C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe
FirewallRules: [UDP Query User{26FADC0A-3AF8-493C-988C-7F63EF374815}C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe
FirewallRules: [{ADBCD34E-B84B-47E1-B69E-F615E9B1AD20}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B5A27DF7-8544-4275-BA63-CD928FB6BCE4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{35949EC4-42EC-486D-BDCB-0AFDE64570B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D2D96270-3A8A-43E6-A326-7602E856EA99}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8B702E21-5675-4485-A436-091A53FB6626}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D535D31A-F2DA-4B62-843E-A6F228402876}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7D1FEA67-5F9D-4B52-9A57-44A14532F755}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6886573D-82F6-4C17-B2E5-ED38283C9850}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{8D287470-1C7E-4ACB-A742-BF28D2EE2CBF}C:\program files\pioneer\rekordbox 4.2.4\psvnfsd.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.4\psvnfsd.exe
FirewallRules: [UDP Query User{2AB38118-5442-4B73-96F6-E14E53310C95}C:\program files\pioneer\rekordbox 4.2.4\psvnfsd.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.4\psvnfsd.exe
FirewallRules: [TCP Query User{A8A2A8EC-4B30-4DEA-8249-63380673911B}C:\program files\pioneer\rekordbox 4.2.4\psvlinksysmgr.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.4\psvlinksysmgr.exe
FirewallRules: [UDP Query User{F2AE6308-CC01-4117-830F-B23FD438C71F}C:\program files\pioneer\rekordbox 4.2.4\psvlinksysmgr.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.4\psvlinksysmgr.exe
FirewallRules: [TCP Query User{A0C1A946-3419-4C4C-8FF9-77B9A6CCA398}C:\program files\pioneer\rekordbox 4.2.4\rekordbox.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.4\rekordbox.exe
FirewallRules: [UDP Query User{BC45A7DF-8073-49DF-8DE2-9B3441F64372}C:\program files\pioneer\rekordbox 4.2.4\rekordbox.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.4\rekordbox.exe
FirewallRules: [{4077BB57-FB10-44A9-B45B-FB02DE824D06}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{63764F42-15F5-48E0-B9C8-1B1A4C64E71E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7B9DD262-7333-4A2A-B9AC-A13E630D3918}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6046C696-6762-4E58-8E77-8620C129008D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C1D04A7F-2EA4-47E3-B850-84522831036A}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{5BDB3F90-12B2-4233-8B1F-5A67153990F1}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{E6CD5EE0-39CC-4249-94C7-6F946A118331}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{1D7ED056-B25E-432C-9804-AC045F1365A2}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{9E9632DB-9ECF-4143-B403-DD42BD657005}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============

Name: Integrated Webcam
Description: Integrated Webcam
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Quanta Computer Inc.
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: StorLib bus (virtual storages support)
Description: StorLib bus (virtual storages support)
Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
Manufacturer: TunnelBear Provider V9
Service: cbfs3
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft Virtual WiFi Miniport Adapter #4
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/16/2016 03:57:13 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2016-12-16 15:57:13 GMTFATAL: the database system is starting up

Error: (12/16/2016 03:57:11 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2016-12-16 15:57:11 GMTFATAL: the database system is starting up

Error: (12/16/2016 03:57:10 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2016-12-16 15:57:10 GMTFATAL: the database system is starting up
 
Error: (12/15/2016 07:02:06 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2016-12-15 19:02:06 GMTERROR: prepared statement "insertplayer" already exists
2016-12-15 19:02:06 GMTSTATEMENT: PREPARE INSERTPLAYER (text,smallint,integer,integer,smallint) AS Insert into players (playername,pokersite_id,cashhands,tourneyhands,optimizationstatus) values ($1,$2,$3,$4,$5) RETURNING player_id;

PREPARE CSUpdate (integer,integer,smallint,smallint,smallint,integer,
integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer)
as
Update CompiledPlayerResults set totalhands = totalhands + $6
, TotalAmountWonincents = TotalAmountWonincents + $7
, TotalRakeincents = TotalRakeincents + $8
, TotalBBsWon = TotalBBsWon + $9
, VPIPHands = VPIPHands + $10
, PFRHands = PFRHands + $11
, CouldColdCall = CouldColdCall + $12
, DidColdCall = DidColdCall + $13
, CouldThreeBet = CouldThreeBet + $14
, DidThreeBet = DidThreeBet + $15
, CouldSqueeze = CouldSqueeze + $16
, DidSqueeze = DidSqueeze + $17
, FacingTwoPreflopRaisers = FacingTwoPreflopRaisers + $18
, CalledTwoPreflopRaisers = CalledTwoPreflopRaisers + $19
, RaisedTwoPreflopRaisers = RaisedTwoPreflopRaisers + $20
, SmallBlindStealAttempted = SmallBlindStealAttempted + $21
, SmallBlindStealDefended = SmallBlindStealDefended + $22
, SmallBlindStealReraised = SmallBlindStealReraised + $23
, BigBlindStealAttempted = BigBlindStealAttempted + $24
, BigBlindStealDefended = BigBlindStealDefended + $25
, BigBlindStealReraised = BigBlindStealReraised + $26
, SawNonSmallShowdown = SawNonSmallShowdown + $27
, WonNonSmallShowdown = WonNonSmallShowdown + $28
, SawLargeShowdown = SawLargeShowdown + $29
, WonLargeShowdown = WonLargeShowdown + $30
, SawNonSmallShowdownLimpedFlop = SawNonSmallShowdownLimpedFlop + $31
, WonNonSmallShowdownLimpedFlop = WonNonSmallShowdownLimpedFlop + $32
, SawLargeShowdownLimpedFlop = SawLargeShowdownLimpedFlop + $33
, WonLargeShowdownLimpedFlop = WonLargeShowdownLimpedFlop + $34
, WonHand = WonHand + $35
, WonHandWhenSawFlop = WonHandWhenSawFlop + $36
, WonHandWhenSawTurn = WonHandWhenSawTurn + $37
, WonHandWhenSawRiver = WonHandWhenSawRiver + $38
, FacedThreeBetPreflop = FacedThreeBetPreflop + $39
, FoldedToThreeBetPreflop = FoldedToThreeBetPreflop + $40
, CalledThreeBetPreflop = CalledThreeBetPreflop + $41
, RaisedThreeBetPreflop = RaisedThreeBetPreflop + $42
, FacedFourBetPreflop = FacedFourBetPreflop + $43
, FoldedToFourBetPreflop = FoldedToFourBetPreflop + $44
, CalledFourBetPreflop = CalledFourBetPreflop + $45
, RaisedFourBetPreflop = RaisedFourBetPreflop + $46
, TurnFoldIPPassOnFlopCB = TurnFoldIPPassOnFlopCB + $47
, TurnCallIPPassOnFlopCB = TurnCallIPPassOnFlopCB + $48
, TurnRaiseIPPassOnFlopCB = TurnRaiseIPPassOnFlopCB + $49
, RiverFoldIPPassOnTurnCB = RiverFoldIPPassOnTurnCB + $50
, RiverCallIPPassOnTurnCB = RiverCallIPPassOnTurnCB + $51
, RiverRaiseIPPassOnTurnCB = RiverRaiseIPPassOnTurnCB + $52
, SawFlop = SawFlop + $53
, SawShowdown = SawShowdown + $54
, WonShowdown = WonShowdown + $55
, TotalBets = TotalBets + $56
, TotalCalls = TotalCalls + $57
, FlopContinuationBetPossible = FlopContinuationBetPossible + $58
, FlopContinuationBetMade = FlopContinuationBetMade + $59
, TurnContinuationBetPossible = TurnContinuationBetPossible + $60
, TurnContinuationBetMade = TurnContinuationBetMade + $61
, RiverContinuationBetPossible = RiverContinuationBetPossible + $62
, RiverContinuationBetMade = RiverContinuationBetMade + $63
, FacingFlopContinuationBet = FacingFlopContinuationBet + $64
, FoldedToFlopContinuationBet = FoldedToFlopContinuationBet + $65
, CalledFlopContinuationBet = CalledFlopContinuationBet + $66
, RaisedFlopContinuationBet = RaisedFlopContinuationBet + $67
, FacingTurnContinuationBet = FacingTurnContinuationBet + $68
, FoldedToTurnContinuationBet = FoldedToTurnContinuationBet + $69
, CalledTurnContinuationBet = CalledTurnContinuationBet + $70
, RaisedTurnContinuationBet = RaisedTurnContinuationBet + $71
, FacingRiverContinuationBet = FacingRiverContinuationBet + $72
, FoldedToRiverContinuationBet = FoldedToRiverContinuationBet + $73
, CalledRiverContinuationBet = CalledRiverContinuationBet + $74
, RaisedRiverContinuationBet = RaisedRiverContinuationBet + $75
, TotalPostFlopStreetsSeen = TotalPostFlopStreetsSeen + $76
, totalaggressivepostflopstreetsseen = totalaggressivepostflopstreetsseen + $77
where compiledplayerresults_id = (select compiledplayerresults_id from compiledplayerresults where player_id = $1
and playedyearandmonth = $2
and numberofplayers = $3
and gametype_id = $4
and bbgroup_id = $5 limit 1);

Error: (12/15/2016 07:01:40 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2016-12-15 19:01:40 GMTERROR: prepared statement "insertplayer" already exists
2016-12-15 19:01:40 GMTSTATEMENT: PREPARE INSERTPLAYER (text,smallint,integer,integer,smallint) AS Insert into players (playername,pokersite_id,cashhands,tourneyhands,optimizationstatus) values ($1,$2,$3,$4,$5) RETURNING player_id;

PREPARE CSUpdate (integer,integer,smallint,smallint,smallint,integer,
integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer)
as
Update CompiledPlayerResults set totalhands = totalhands + $6
, TotalAmountWonincents = TotalAmountWonincents + $7
, TotalRakeincents = TotalRakeincents + $8
, TotalBBsWon = TotalBBsWon + $9
, VPIPHands = VPIPHands + $10
, PFRHands = PFRHands + $11
, CouldColdCall = CouldColdCall + $12
, DidColdCall = DidColdCall + $13
, CouldThreeBet = CouldThreeBet + $14
, DidThreeBet = DidThreeBet + $15
, CouldSqueeze = CouldSqueeze + $16
, DidSqueeze = DidSqueeze + $17
, FacingTwoPreflopRaisers = FacingTwoPreflopRaisers + $18
, CalledTwoPreflopRaisers = CalledTwoPreflopRaisers + $19
, RaisedTwoPreflopRaisers = RaisedTwoPreflopRaisers + $20
, SmallBlindStealAttempted = SmallBlindStealAttempted + $21
, SmallBlindStealDefended = SmallBlindStealDefended + $22
, SmallBlindStealReraised = SmallBlindStealReraised + $23
, BigBlindStealAttempted = BigBlindStealAttempted + $24
, BigBlindStealDefended = BigBlindStealDefended + $25
, BigBlindStealReraised = BigBlindStealReraised + $26
, SawNonSmallShowdown = SawNonSmallShowdown + $27
, WonNonSmallShowdown = WonNonSmallShowdown + $28
, SawLargeShowdown = SawLargeShowdown + $29
, WonLargeShowdown = WonLargeShowdown + $30
, SawNonSmallShowdownLimpedFlop = SawNonSmallShowdownLimpedFlop + $31
, WonNonSmallShowdownLimpedFlop = WonNonSmallShowdownLimpedFlop + $32
, SawLargeShowdownLimpedFlop = SawLargeShowdownLimpedFlop + $33
, WonLargeShowdownLimpedFlop = WonLargeShowdownLimpedFlop + $34
, WonHand = WonHand + $35
, WonHandWhenSawFlop = WonHandWhenSawFlop + $36
, WonHandWhenSawTurn = WonHandWhenSawTurn + $37
, WonHandWhenSawRiver = WonHandWhenSawRiver + $38
, FacedThreeBetPreflop = FacedThreeBetPreflop + $39
, FoldedToThreeBetPreflop = FoldedToThreeBetPreflop + $40
, CalledThreeBetPreflop = CalledThreeBetPreflop + $41
, RaisedThreeBetPreflop = RaisedThreeBetPreflop + $42
, FacedFourBetPreflop = FacedFourBetPreflop + $43
, FoldedToFourBetPreflop = FoldedToFourBetPreflop + $44
, CalledFourBetPreflop = CalledFourBetPreflop + $45
, RaisedFourBetPreflop = RaisedFourBetPreflop + $46
, TurnFoldIPPassOnFlopCB = TurnFoldIPPassOnFlopCB + $47
, TurnCallIPPassOnFlopCB = TurnCallIPPassOnFlopCB + $48
, TurnRaiseIPPassOnFlopCB = TurnRaiseIPPassOnFlopCB + $49
, RiverFoldIPPassOnTurnCB = RiverFoldIPPassOnTurnCB + $50
, RiverCallIPPassOnTurnCB = RiverCallIPPassOnTurnCB + $51
, RiverRaiseIPPassOnTurnCB = RiverRaiseIPPassOnTurnCB + $52
, SawFlop = SawFlop + $53
, SawShowdown = SawShowdown + $54
, WonShowdown = WonShowdown + $55
, TotalBets = TotalBets + $56
, TotalCalls = TotalCalls + $57
, FlopContinuationBetPossible = FlopContinuationBetPossible + $58
, FlopContinuationBetMade = FlopContinuationBetMade + $59
, TurnContinuationBetPossible = TurnContinuationBetPossible + $60
, TurnContinuationBetMade = TurnContinuationBetMade + $61
, RiverContinuationBetPossible = RiverContinuationBetPossible + $62
, RiverContinuationBetMade = RiverContinuationBetMade + $63
, FacingFlopContinuationBet = FacingFlopContinuationBet + $64
, FoldedToFlopContinuationBet = FoldedToFlopContinuationBet + $65
, CalledFlopContinuationBet = CalledFlopContinuationBet + $66
, RaisedFlopContinuationBet = RaisedFlopContinuationBet + $67
, FacingTurnContinuationBet = FacingTurnContinuationBet + $68
, FoldedToTurnContinuationBet = FoldedToTurnContinuationBet + $69
, CalledTurnContinuationBet = CalledTurnContinuationBet + $70
, RaisedTurnContinuationBet = RaisedTurnContinuationBet + $71
, FacingRiverContinuationBet = FacingRiverContinuationBet + $72
, FoldedToRiverContinuationBet = FoldedToRiverContinuationBet + $73
, CalledRiverContinuationBet = CalledRiverContinuationBet + $74
, RaisedRiverContinuationBet = RaisedRiverContinuationBet + $75
, TotalPostFlopStreetsSeen = TotalPostFlopStreetsSeen + $76
, totalaggressivepostflopstreetsseen = totalaggressivepostflopstreetsseen + $77
where compiledplayerresults_id = (select compiledplayerresults_id from compiledplayerresults where player_id = $1
and playedyearandmonth = $2
and numberofplayers = $3
and gametype_id = $4
and bbgroup_id = $5 limit 1);

Error: (12/15/2016 07:01:30 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2016-12-15 19:01:30 GMTERROR: prepared statement "insertplayer" already exists
2016-12-15 19:01:30 GMTSTATEMENT: PREPARE INSERTPLAYER (text,smallint,integer,integer,smallint) AS Insert into players (playername,pokersite_id,cashhands,tourneyhands,optimizationstatus) values ($1,$2,$3,$4,$5) RETURNING player_id;

PREPARE CSUpdate (integer,integer,smallint,smallint,smallint,integer,
integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer)
as
Update CompiledPlayerResults set totalhands = totalhands + $6
, TotalAmountWonincents = TotalAmountWonincents + $7
, TotalRakeincents = TotalRakeincents + $8
, TotalBBsWon = TotalBBsWon + $9
, VPIPHands = VPIPHands + $10
, PFRHands = PFRHands + $11
, CouldColdCall = CouldColdCall + $12
, DidColdCall = DidColdCall + $13
, CouldThreeBet = CouldThreeBet + $14
, DidThreeBet = DidThreeBet + $15
, CouldSqueeze = CouldSqueeze + $16
, DidSqueeze = DidSqueeze + $17
, FacingTwoPreflopRaisers = FacingTwoPreflopRaisers + $18
, CalledTwoPreflopRaisers = CalledTwoPreflopRaisers + $19
, RaisedTwoPreflopRaisers = RaisedTwoPreflopRaisers + $20
, SmallBlindStealAttempted = SmallBlindStealAttempted + $21
, SmallBlindStealDefended = SmallBlindStealDefended + $22
, SmallBlindStealReraised = SmallBlindStealReraised + $23
, BigBlindStealAttempted = BigBlindStealAttempted + $24
, BigBlindStealDefended = BigBlindStealDefended + $25
, BigBlindStealReraised = BigBlindStealReraised + $26
, SawNonSmallShowdown = SawNonSmallShowdown + $27
, WonNonSmallShowdown = WonNonSmallShowdown + $28
, SawLargeShowdown = SawLargeShowdown + $29
, WonLargeShowdown = WonLargeShowdown + $30
, SawNonSmallShowdownLimpedFlop = SawNonSmallShowdownLimpedFlop + $31
, WonNonSmallShowdownLimpedFlop = WonNonSmallShowdownLimpedFlop + $32
, SawLargeShowdownLimpedFlop = SawLargeShowdownLimpedFlop + $33
, WonLargeShowdownLimpedFlop = WonLargeShowdownLimpedFlop + $34
, WonHand = WonHand + $35
, WonHandWhenSawFlop = WonHandWhenSawFlop + $36
, WonHandWhenSawTurn = WonHandWhenSawTurn + $37
, WonHandWhenSawRiver = WonHandWhenSawRiver + $38
, FacedThreeBetPreflop = FacedThreeBetPreflop + $39
, FoldedToThreeBetPreflop = FoldedToThreeBetPreflop + $40
, CalledThreeBetPreflop = CalledThreeBetPreflop + $41
, RaisedThreeBetPreflop = RaisedThreeBetPreflop + $42
, FacedFourBetPreflop = FacedFourBetPreflop + $43
, FoldedToFourBetPreflop = FoldedToFourBetPreflop + $44
, CalledFourBetPreflop = CalledFourBetPreflop + $45
, RaisedFourBetPreflop = RaisedFourBetPreflop + $46
, TurnFoldIPPassOnFlopCB = TurnFoldIPPassOnFlopCB + $47
, TurnCallIPPassOnFlopCB = TurnCallIPPassOnFlopCB + $48
, TurnRaiseIPPassOnFlopCB = TurnRaiseIPPassOnFlopCB + $49
, RiverFoldIPPassOnTurnCB = RiverFoldIPPassOnTurnCB + $50
, RiverCallIPPassOnTurnCB = RiverCallIPPassOnTurnCB + $51
, RiverRaiseIPPassOnTurnCB = RiverRaiseIPPassOnTurnCB + $52
, SawFlop = SawFlop + $53
, SawShowdown = SawShowdown + $54
, WonShowdown = WonShowdown + $55
, TotalBets = TotalBets + $56
, TotalCalls = TotalCalls + $57
, FlopContinuationBetPossible = FlopContinuationBetPossible + $58
, FlopContinuationBetMade = FlopContinuationBetMade + $59
, TurnContinuationBetPossible = TurnContinuationBetPossible + $60
, TurnContinuationBetMade = TurnContinuationBetMade + $61
, RiverContinuationBetPossible = RiverContinuationBetPossible + $62
, RiverContinuationBetMade = RiverContinuationBetMade + $63
, FacingFlopContinuationBet = FacingFlopContinuationBet + $64
, FoldedToFlopContinuationBet = FoldedToFlopContinuationBet + $65
, CalledFlopContinuationBet = CalledFlopContinuationBet + $66
, RaisedFlopContinuationBet = RaisedFlopContinuationBet + $67
, FacingTurnContinuationBet = FacingTurnContinuationBet + $68
, FoldedToTurnContinuationBet = FoldedToTurnContinuationBet + $69
, CalledTurnContinuationBet = CalledTurnContinuationBet + $70
, RaisedTurnContinuationBet = RaisedTurnContinuationBet + $71
, FacingRiverContinuationBet = FacingRiverContinuationBet + $72
, FoldedToRiverContinuationBet = FoldedToRiverContinuationBet + $73
, CalledRiverContinuationBet = CalledRiverContinuationBet + $74
, RaisedRiverContinuationBet = RaisedRiverContinuationBet + $75
, TotalPostFlopStreetsSeen = TotalPostFlopStreetsSeen + $76
, totalaggressivepostflopstreetsseen = totalaggressivepostflopstreetsseen + $77
where compiledplayerresults_id = (select compiledplayerresults_id from compiledplayerresults where player_id = $1
and playedyearandmonth = $2
and numberofplayers = $3
and gametype_id = $4
and bbgroup_id = $5 limit 1);

Error: (12/15/2016 07:01:05 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2016-12-15 19:01:05 GMTERROR: prepared statement "insertplayer" already exists
2016-12-15 19:01:05 GMTSTATEMENT: PREPARE INSERTPLAYER (text,smallint,integer,integer,smallint) AS Insert into players (playername,pokersite_id,cashhands,tourneyhands,optimizationstatus) values ($1,$2,$3,$4,$5) RETURNING player_id;

PREPARE CSUpdate (integer,integer,smallint,smallint,smallint,integer,
integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer)
as
Update CompiledPlayerResults set totalhands = totalhands + $6
, TotalAmountWonincents = TotalAmountWonincents + $7
, TotalRakeincents = TotalRakeincents + $8
, TotalBBsWon = TotalBBsWon + $9
, VPIPHands = VPIPHands + $10
, PFRHands = PFRHands + $11
, CouldColdCall = CouldColdCall + $12
, DidColdCall = DidColdCall + $13
, CouldThreeBet = CouldThreeBet + $14
, DidThreeBet = DidThreeBet + $15
, CouldSqueeze = CouldSqueeze + $16
, DidSqueeze = DidSqueeze + $17
, FacingTwoPreflopRaisers = FacingTwoPreflopRaisers + $18
, CalledTwoPreflopRaisers = CalledTwoPreflopRaisers + $19
, RaisedTwoPreflopRaisers = RaisedTwoPreflopRaisers + $20
, SmallBlindStealAttempted = SmallBlindStealAttempted + $21
, SmallBlindStealDefended = SmallBlindStealDefended + $22
, SmallBlindStealReraised = SmallBlindStealReraised + $23
, BigBlindStealAttempted = BigBlindStealAttempted + $24
, BigBlindStealDefended = BigBlindStealDefended + $25
, BigBlindStealReraised = BigBlindStealReraised + $26
, SawNonSmallShowdown = SawNonSmallShowdown + $27
, WonNonSmallShowdown = WonNonSmallShowdown + $28
, SawLargeShowdown = SawLargeShowdown + $29
, WonLargeShowdown = WonLargeShowdown + $30
, SawNonSmallShowdownLimpedFlop = SawNonSmallShowdownLimpedFlop + $31
, WonNonSmallShowdownLimpedFlop = WonNonSmallShowdownLimpedFlop + $32
, SawLargeShowdownLimpedFlop = SawLargeShowdownLimpedFlop + $33
, WonLargeShowdownLimpedFlop = WonLargeShowdownLimpedFlop + $34
, WonHand = WonHand + $35
, WonHandWhenSawFlop = WonHandWhenSawFlop + $36
, WonHandWhenSawTurn = WonHandWhenSawTurn + $37
, WonHandWhenSawRiver = WonHandWhenSawRiver + $38
, FacedThreeBetPreflop = FacedThreeBetPreflop + $39
, FoldedToThreeBetPreflop = FoldedToThreeBetPreflop + $40
, CalledThreeBetPreflop = CalledThreeBetPreflop + $41
, RaisedThreeBetPreflop = RaisedThreeBetPreflop + $42
, FacedFourBetPreflop = FacedFourBetPreflop + $43
, FoldedToFourBetPreflop = FoldedToFourBetPreflop + $44
, CalledFourBetPreflop = CalledFourBetPreflop + $45
, RaisedFourBetPreflop = RaisedFourBetPreflop + $46
, TurnFoldIPPassOnFlopCB = TurnFoldIPPassOnFlopCB + $47
, TurnCallIPPassOnFlopCB = TurnCallIPPassOnFlopCB + $48
, TurnRaiseIPPassOnFlopCB = TurnRaiseIPPassOnFlopCB + $49
, RiverFoldIPPassOnTurnCB = RiverFoldIPPassOnTurnCB + $50
, RiverCallIPPassOnTurnCB = RiverCallIPPassOnTurnCB + $51
, RiverRaiseIPPassOnTurnCB = RiverRaiseIPPassOnTurnCB + $52
, SawFlop = SawFlop + $53
, SawShowdown = SawShowdown + $54
, WonShowdown = WonShowdown + $55
, TotalBets = TotalBets + $56
, TotalCalls = TotalCalls + $57
, FlopContinuationBetPossible = FlopContinuationBetPossible + $58
, FlopContinuationBetMade = FlopContinuationBetMade + $59
, TurnContinuationBetPossible = TurnContinuationBetPossible + $60
, TurnContinuationBetMade = TurnContinuationBetMade + $61
, RiverContinuationBetPossible = RiverContinuationBetPossible + $62
, RiverContinuationBetMade = RiverContinuationBetMade + $63
, FacingFlopContinuationBet = FacingFlopContinuationBet + $64
, FoldedToFlopContinuationBet = FoldedToFlopContinuationBet + $65
, CalledFlopContinuationBet = CalledFlopContinuationBet + $66
, RaisedFlopContinuationBet = RaisedFlopContinuationBet + $67
, FacingTurnContinuationBet = FacingTurnContinuationBet + $68
, FoldedToTurnContinuationBet = FoldedToTurnContinuationBet + $69
, CalledTurnContinuationBet = CalledTurnContinuationBet + $70
, RaisedTurnContinuationBet = RaisedTurnContinuationBet + $71
, FacingRiverContinuationBet = FacingRiverContinuationBet + $72
, FoldedToRiverContinuationBet = FoldedToRiverContinuationBet + $73
, CalledRiverContinuationBet = CalledRiverContinuationBet + $74
, RaisedRiverContinuationBet = RaisedRiverContinuationBet + $75
, TotalPostFlopStreetsSeen = TotalPostFlopStreetsSeen + $76
, totalaggressivepostflopstreetsseen = totalaggressivepostflopstreetsseen + $77
where compiledplayerresults_id = (select compiledplayerresults_id from compiledplayerresults where player_id = $1
and playedyearandmonth = $2
and numberofplayers = $3
and gametype_id = $4
and bbgroup_id = $5 limit 1);

Error: (12/15/2016 07:00:45 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2016-12-15 19:00:45 GMTERROR: prepared statement "insertplayer" already exists
2016-12-15 19:00:45 GMTSTATEMENT: PREPARE INSERTPLAYER (text,smallint,integer,integer,smallint) AS Insert into players (playername,pokersite_id,cashhands,tourneyhands,optimizationstatus) values ($1,$2,$3,$4,$5) RETURNING player_id;

PREPARE CSUpdate (integer,integer,smallint,smallint,smallint,integer,
integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer)
as
Update CompiledPlayerResults set totalhands = totalhands + $6
, TotalAmountWonincents = TotalAmountWonincents + $7
, TotalRakeincents = TotalRakeincents + $8
, TotalBBsWon = TotalBBsWon + $9
, VPIPHands = VPIPHands + $10
, PFRHands = PFRHands + $11
, CouldColdCall = CouldColdCall + $12
, DidColdCall = DidColdCall + $13
, CouldThreeBet = CouldThreeBet + $14
, DidThreeBet = DidThreeBet + $15
, CouldSqueeze = CouldSqueeze + $16
, DidSqueeze = DidSqueeze + $17
, FacingTwoPreflopRaisers = FacingTwoPreflopRaisers + $18
, CalledTwoPreflopRaisers = CalledTwoPreflopRaisers + $19
, RaisedTwoPreflopRaisers = RaisedTwoPreflopRaisers + $20
, SmallBlindStealAttempted = SmallBlindStealAttempted + $21
, SmallBlindStealDefended = SmallBlindStealDefended + $22
, SmallBlindStealReraised = SmallBlindStealReraised + $23
, BigBlindStealAttempted = BigBlindStealAttempted + $24
, BigBlindStealDefended = BigBlindStealDefended + $25
, BigBlindStealReraised = BigBlindStealReraised + $26
, SawNonSmallShowdown = SawNonSmallShowdown + $27
, WonNonSmallShowdown = WonNonSmallShowdown + $28
, SawLargeShowdown = SawLargeShowdown + $29
, WonLargeShowdown = WonLargeShowdown + $30
, SawNonSmallShowdownLimpedFlop = SawNonSmallShowdownLimpedFlop + $31
, WonNonSmallShowdownLimpedFlop = WonNonSmallShowdownLimpedFlop + $32
, SawLargeShowdownLimpedFlop = SawLargeShowdownLimpedFlop + $33
, WonLargeShowdownLimpedFlop = WonLargeShowdownLimpedFlop + $34
, WonHand = WonHand + $35
, WonHandWhenSawFlop = WonHandWhenSawFlop + $36
, WonHandWhenSawTurn = WonHandWhenSawTurn + $37
, WonHandWhenSawRiver = WonHandWhenSawRiver + $38
, FacedThreeBetPreflop = FacedThreeBetPreflop + $39
, FoldedToThreeBetPreflop = FoldedToThreeBetPreflop + $40
, CalledThreeBetPreflop = CalledThreeBetPreflop + $41
, RaisedThreeBetPreflop = RaisedThreeBetPreflop + $42
, FacedFourBetPreflop = FacedFourBetPreflop + $43
, FoldedToFourBetPreflop = FoldedToFourBetPreflop + $44
, CalledFourBetPreflop = CalledFourBetPreflop + $45
, RaisedFourBetPreflop = RaisedFourBetPreflop + $46
, TurnFoldIPPassOnFlopCB = TurnFoldIPPassOnFlopCB + $47
, TurnCallIPPassOnFlopCB = TurnCallIPPassOnFlopCB + $48
, TurnRaiseIPPassOnFlopCB = TurnRaiseIPPassOnFlopCB + $49
, RiverFoldIPPassOnTurnCB = RiverFoldIPPassOnTurnCB + $50
, RiverCallIPPassOnTurnCB = RiverCallIPPassOnTurnCB + $51
, RiverRaiseIPPassOnTurnCB = RiverRaiseIPPassOnTurnCB + $52
, SawFlop = SawFlop + $53
, SawShowdown = SawShowdown + $54
, WonShowdown = WonShowdown + $55
, TotalBets = TotalBets + $56
, TotalCalls = TotalCalls + $57
, FlopContinuationBetPossible = FlopContinuationBetPossible + $58
, FlopContinuationBetMade = FlopContinuationBetMade + $59
, TurnContinuationBetPossible = TurnContinuationBetPossible + $60
, TurnContinuationBetMade = TurnContinuationBetMade + $61
, RiverContinuationBetPossible = RiverContinuationBetPossible + $62
, RiverContinuationBetMade = RiverContinuationBetMade + $63
, FacingFlopContinuationBet = FacingFlopContinuationBet + $64
, FoldedToFlopContinuationBet = FoldedToFlopContinuationBet + $65
, CalledFlopContinuationBet = CalledFlopContinuationBet + $66
, RaisedFlopContinuationBet = RaisedFlopContinuationBet + $67
, FacingTurnContinuationBet = FacingTurnContinuationBet + $68
, FoldedToTurnContinuationBet = FoldedToTurnContinuationBet + $69
, CalledTurnContinuationBet = CalledTurnContinuationBet + $70
, RaisedTurnContinuationBet = RaisedTurnContinuationBet + $71
, FacingRiverContinuationBet = FacingRiverContinuationBet + $72
, FoldedToRiverContinuationBet = FoldedToRiverContinuationBet + $73
, CalledRiverContinuationBet = CalledRiverContinuationBet + $74
, RaisedRiverContinuationBet = RaisedRiverContinuationBet + $75
, TotalPostFlopStreetsSeen = TotalPostFlopStreetsSeen + $76
, totalaggressivepostflopstreetsseen = totalaggressivepostflopstreetsseen + $77
where compiledplayerresults_id = (select compiledplayerresults_id from compiledplayerresults where player_id = $1
and playedyearandmonth = $2
and numberofplayers = $3
and gametype_id = $4
and bbgroup_id = $5 limit 1);

Error: (12/15/2016 07:00:30 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2016-12-15 19:00:30 GMTERROR: prepared statement "insertplayer" already exists
2016-12-15 19:00:30 GMTSTATEMENT: PREPARE INSERTPLAYER (text,smallint,integer,integer,smallint) AS Insert into players (playername,pokersite_id,cashhands,tourneyhands,optimizationstatus) values ($1,$2,$3,$4,$5) RETURNING player_id;

PREPARE CSUpdate (integer,integer,smallint,smallint,smallint,integer,
integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer)
as
Update CompiledPlayerResults set totalhands = totalhands + $6
, TotalAmountWonincents = TotalAmountWonincents + $7
, TotalRakeincents = TotalRakeincents + $8
, TotalBBsWon = TotalBBsWon + $9
, VPIPHands = VPIPHands + $10
, PFRHands = PFRHands + $11
, CouldColdCall = CouldColdCall + $12
, DidColdCall = DidColdCall + $13
, CouldThreeBet = CouldThreeBet + $14
, DidThreeBet = DidThreeBet + $15
, CouldSqueeze = CouldSqueeze + $16
, DidSqueeze = DidSqueeze + $17
, FacingTwoPreflopRaisers = FacingTwoPreflopRaisers + $18
, CalledTwoPreflopRaisers = CalledTwoPreflopRaisers + $19
, RaisedTwoPreflopRaisers = RaisedTwoPreflopRaisers + $20
, SmallBlindStealAttempted = SmallBlindStealAttempted + $21
, SmallBlindStealDefended = SmallBlindStealDefended + $22
, SmallBlindStealReraised = SmallBlindStealReraised + $23
, BigBlindStealAttempted = BigBlindStealAttempted + $24
, BigBlindStealDefended = BigBlindStealDefended + $25
, BigBlindStealReraised = BigBlindStealReraised + $26
, SawNonSmallShowdown = SawNonSmallShowdown + $27
, WonNonSmallShowdown = WonNonSmallShowdown + $28
, SawLargeShowdown = SawLargeShowdown + $29
, WonLargeShowdown = WonLargeShowdown + $30
, SawNonSmallShowdownLimpedFlop = SawNonSmallShowdownLimpedFlop + $31
, WonNonSmallShowdownLimpedFlop = WonNonSmallShowdownLimpedFlop + $32
, SawLargeShowdownLimpedFlop = SawLargeShowdownLimpedFlop + $33
, WonLargeShowdownLimpedFlop = WonLargeShowdownLimpedFlop + $34
, WonHand = WonHand + $35
, WonHandWhenSawFlop = WonHandWhenSawFlop + $36
, WonHandWhenSawTurn = WonHandWhenSawTurn + $37
, WonHandWhenSawRiver = WonHandWhenSawRiver + $38
, FacedThreeBetPreflop = FacedThreeBetPreflop + $39
, FoldedToThreeBetPreflop = FoldedToThreeBetPreflop + $40
, CalledThreeBetPreflop = CalledThreeBetPreflop + $41
, RaisedThreeBetPreflop = RaisedThreeBetPreflop + $42
, FacedFourBetPreflop = FacedFourBetPreflop + $43
, FoldedToFourBetPreflop = FoldedToFourBetPreflop + $44
, CalledFourBetPreflop = CalledFourBetPreflop + $45
, RaisedFourBetPreflop = RaisedFourBetPreflop + $46
, TurnFoldIPPassOnFlopCB = TurnFoldIPPassOnFlopCB + $47
, TurnCallIPPassOnFlopCB = TurnCallIPPassOnFlopCB + $48
, TurnRaiseIPPassOnFlopCB = TurnRaiseIPPassOnFlopCB + $49
, RiverFoldIPPassOnTurnCB = RiverFoldIPPassOnTurnCB + $50
, RiverCallIPPassOnTurnCB = RiverCallIPPassOnTurnCB + $51
, RiverRaiseIPPassOnTurnCB = RiverRaiseIPPassOnTurnCB + $52
, SawFlop = SawFlop + $53
, SawShowdown = SawShowdown + $54
, WonShowdown = WonShowdown + $55
, TotalBets = TotalBets + $56
, TotalCalls = TotalCalls + $57
, FlopContinuationBetPossible = FlopContinuationBetPossible + $58
, FlopContinuationBetMade = FlopContinuationBetMade + $59
, TurnContinuationBetPossible = TurnContinuationBetPossible + $60
, TurnContinuationBetMade = TurnContinuationBetMade + $61
, RiverContinuationBetPossible = RiverContinuationBetPossible + $62
, RiverContinuationBetMade = RiverContinuationBetMade + $63
, FacingFlopContinuationBet = FacingFlopContinuationBet + $64
, FoldedToFlopContinuationBet = FoldedToFlopContinuationBet + $65
, CalledFlopContinuationBet = CalledFlopContinuationBet + $66
, RaisedFlopContinuationBet = RaisedFlopContinuationBet + $67
, FacingTurnContinuationBet = FacingTurnContinuationBet + $68
, FoldedToTurnContinuationBet = FoldedToTurnContinuationBet + $69
, CalledTurnContinuationBet = CalledTurnContinuationBet + $70
, RaisedTurnContinuationBet = RaisedTurnContinuationBet + $71
, FacingRiverContinuationBet = FacingRiverContinuationBet + $72
, FoldedToRiverContinuationBet = FoldedToRiverContinuationBet + $73
, CalledRiverContinuationBet = CalledRiverContinuationBet + $74
, RaisedRiverContinuationBet = RaisedRiverContinuationBet + $75
, TotalPostFlopStreetsSeen = TotalPostFlopStreetsSeen + $76
, totalaggressivepostflopstreetsseen = totalaggressivepostflopstreetsseen + $77
where compiledplayerresults_id = (select compiledplayerresults_id from compiledplayerresults where player_id = $1
and playedyearandmonth = $2
and numberofplayers = $3
and gametype_id = $4
and bbgroup_id = $5 limit 1);

Error: (12/15/2016 07:00:15 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2016-12-15 19:00:15 GMTERROR: prepared statement "insertplayer" already exists
2016-12-15 19:00:15 GMTSTATEMENT: PREPARE INSERTPLAYER (text,smallint,integer,integer,smallint) AS Insert into players (playername,pokersite_id,cashhands,tourneyhands,optimizationstatus) values ($1,$2,$3,$4,$5) RETURNING player_id;

PREPARE CSUpdate (integer,integer,smallint,smallint,smallint,integer,
integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer,integer,integer,integer,
integer,integer)
as
Update CompiledPlayerResults set totalhands = totalhands + $6
, TotalAmountWonincents = TotalAmountWonincents + $7
, TotalRakeincents = TotalRakeincents + $8
, TotalBBsWon = TotalBBsWon + $9
, VPIPHands = VPIPHands + $10
, PFRHands = PFRHands + $11
, CouldColdCall = CouldColdCall + $12
, DidColdCall = DidColdCall + $13
, CouldThreeBet = CouldThreeBet + $14
, DidThreeBet = DidThreeBet + $15
, CouldSqueeze = CouldSqueeze + $16
, DidSqueeze = DidSqueeze + $17
, FacingTwoPreflopRaisers = FacingTwoPreflopRaisers + $18
, CalledTwoPreflopRaisers = CalledTwoPreflopRaisers + $19
, RaisedTwoPreflopRaisers = RaisedTwoPreflopRaisers + $20
, SmallBlindStealAttempted = SmallBlindStealAttempted + $21
, SmallBlindStealDefended = SmallBlindStealDefended + $22
, SmallBlindStealReraised = SmallBlindStealReraised + $23
, BigBlindStealAttempted = BigBlindStealAttempted + $24
, BigBlindStealDefended = BigBlindStealDefended + $25
, BigBlindStealReraised = BigBlindStealReraised + $26
, SawNonSmallShowdown = SawNonSmallShowdown + $27
, WonNonSmallShowdown = WonNonSmallShowdown + $28
, SawLargeShowdown = SawLargeShowdown + $29
, WonLargeShowdown = WonLargeShowdown + $30
, SawNonSmallShowdownLimpedFlop = SawNonSmallShowdownLimpedFlop + $31
, WonNonSmallShowdownLimpedFlop = WonNonSmallShowdownLimpedFlop + $32
, SawLargeShowdownLimpedFlop = SawLargeShowdownLimpedFlop + $33
, WonLargeShowdownLimpedFlop = WonLargeShowdownLimpedFlop + $34
, WonHand = WonHand + $35
, WonHandWhenSawFlop = WonHandWhenSawFlop + $36
, WonHandWhenSawTurn = WonHandWhenSawTurn + $37
, WonHandWhenSawRiver = WonHandWhenSawRiver + $38
, FacedThreeBetPreflop = FacedThreeBetPreflop + $39
, FoldedToThreeBetPreflop = FoldedToThreeBetPreflop + $40
, CalledThreeBetPreflop = CalledThreeBetPreflop + $41
, RaisedThreeBetPreflop = RaisedThreeBetPreflop + $42
, FacedFourBetPreflop = FacedFourBetPreflop + $43
, FoldedToFourBetPreflop = FoldedToFourBetPreflop + $44
, CalledFourBetPreflop = CalledFourBetPreflop + $45
, RaisedFourBetPreflop = RaisedFourBetPreflop + $46
, TurnFoldIPPassOnFlopCB = TurnFoldIPPassOnFlopCB + $47
, TurnCallIPPassOnFlopCB = TurnCallIPPassOnFlopCB + $48
, TurnRaiseIPPassOnFlopCB = TurnRaiseIPPassOnFlopCB + $49
, RiverFoldIPPassOnTurnCB = RiverFoldIPPassOnTurnCB + $50
, RiverCallIPPassOnTurnCB = RiverCallIPPassOnTurnCB + $51
, RiverRaiseIPPassOnTurnCB = RiverRaiseIPPassOnTurnCB + $52
, SawFlop = SawFlop + $53
, SawShowdown = SawShowdown + $54
, WonShowdown = WonShowdown + $55
, TotalBets = TotalBets + $56
, TotalCalls = TotalCalls + $57
, FlopContinuationBetPossible = FlopContinuationBetPossible + $58
, FlopContinuationBetMade = FlopContinuationBetMade + $59
, TurnContinuationBetPossible = TurnContinuationBetPossible + $60
, TurnContinuationBetMade = TurnContinuationBetMade + $61
, RiverContinuationBetPossible = RiverContinuationBetPossible + $62
, RiverContinuationBetMade = RiverContinuationBetMade + $63
, FacingFlopContinuationBet = FacingFlopContinuationBet + $64
, FoldedToFlopContinuationBet = FoldedToFlopContinuationBet + $65
, CalledFlopContinuationBet = CalledFlopContinuationBet + $66
, RaisedFlopContinuationBet = RaisedFlopContinuationBet + $67
, FacingTurnContinuationBet = FacingTurnContinuationBet + $68
, FoldedToTurnContinuationBet = FoldedToTurnContinuationBet + $69
, CalledTurnContinuationBet = CalledTurnContinuationBet + $70
, RaisedTurnContinuationBet = RaisedTurnContinuationBet + $71
, FacingRiverContinuationBet = FacingRiverContinuationBet + $72
, FoldedToRiverContinuationBet = FoldedToRiverContinuationBet + $73
, CalledRiverContinuationBet = CalledRiverContinuationBet + $74
, RaisedRiverContinuationBet = RaisedRiverContinuationBet + $75
, TotalPostFlopStreetsSeen = TotalPostFlopStreetsSeen + $76
, totalaggressivepostflopstreetsseen = totalaggressivepostflopstreetsseen + $77
where compiledplayerresults_id = (select compiledplayerresults_id from compiledplayerresults where player_id = $1
and playedyearandmonth = $2
and numberofplayers = $3
and gametype_id = $4
and bbgroup_id = $5 limit 1);


System errors:
=============
Error: (12/16/2016 04:01:52 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%834

Error Code: 0x80004005

Error description: Unspecified error

Reason: %%838

Error: (12/16/2016 03:57:16 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (12/16/2016 12:18:42 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (12/15/2016 05:13:29 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (12/15/2016 12:20:09 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (12/14/2016 06:14:08 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (12/14/2016 12:59:45 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (12/14/2016 12:59:42 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (12/14/2016 12:55:22 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (12/13/2016 11:41:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL


CodeIntegrity:
===================================
Date: 2015-07-11 15:36:15.664
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-07-11 15:36:15.452
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-07-11 15:36:15.220
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-07-11 15:36:14.982
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-07-11 15:35:40.815
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-07-11 15:35:40.565
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-07-11 15:35:40.191
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-07-11 15:35:39.879
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 48%
Total physical RAM: 8172.17 MB
Available physical RAM: 4197.93 MB
Total Virtual: 16342.55 MB
Available Virtual: 11517.87 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:435.08 GB) (Free:200.39 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:464.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=361 MB) - (Type=DE)
Partition 2: (Active) - (Size=30.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=435.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C648A420)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=======================================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.

redtarget.gif
Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

Already installed:
2.0 Threat Scan
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select [URL='https://www.techspot.com/guides/1718-run-as-administrator-explained/]Run As Administrator[/URL]
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.

-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.


redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
RogueKiller V12.8.5.0 (x64) [Dec 12 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/download/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Simon [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 12/16/2016 17:52:48 (Duration : 02:54:11)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 19 ¤¤¤
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\AVG Nation toolbar -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\AVG Security Toolbar -> Deleted
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\PIP -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-1326312913-1543494360-2169407760-1001\Software\APN PIP -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-1326312913-1543494360-2169407760-1001\Software\AVG Nation toolbar -> Deleted
[PUP] (X64) HKEY_USERS\S-1-5-21-1326312913-1543494360-2169407760-1001\Software\YahooPartnerToolbar -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-1326312913-1543494360-2169407760-1001\Software\APN PIP -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-1326312913-1543494360-2169407760-1001\Software\AVG Nation toolbar -> Deleted
[PUP] (X86) HKEY_USERS\S-1-5-21-1326312913-1543494360-2169407760-1001\Software\YahooPartnerToolbar -> Deleted
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Deleted
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : -> Deleted
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1326312913-1543494360-2169407760-1005\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bigseekpro.com/solidyoutube/{60D694DF-65F2-4A39-85E3-67EE94669878} -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1326312913-1543494360-2169407760-1005\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.bigseekpro.com/solidyoutube/{60D694DF-65F2-4A39-85E3-67EE94669878} -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1326312913-1543494360-2169407760-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1326312913-1543494360-2169407760-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1326312913-1543494360-2169407760-1005\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1326312913-1543494360-2169407760-1005\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen -> Replaced (http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome)
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{84203CBC-4261-4B96-82B3-A76FD9C27360} | DhcpNameServer : 172.20.10.1 ([]) -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{84203CBC-4261-4B96-82B3-A76FD9C27360} | DhcpNameServer : 172.20.10.1 ([]) -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 8 ¤¤¤
[PUP][Folder] C:\ProgramData\AVG Security Toolbar -> Deleted
[PUP][File] C:\ProgramData\AVG Security Toolbar\TBCampaign2013.txt -> Deleted
[PUP][File] C:\ProgramData\AVG Security Toolbar\TBCampaignINSP.txt -> Deleted
[PUP][Folder] C:\ProgramData\SecTaskMan -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_00004109D60090400100000000F01FEC -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_00004109D60090400100000000F01FEC.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_00004159070000000000000000F01FEC -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_00004159070000000000000000F01FEC.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_01D9B1F32F0DCF44CBE64E62ACD1C05D -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_01D9B1F32F0DCF44CBE64E62ACD1C05D.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_06AEBDCF0F97EAF4BB8A552AC606A994 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_06AEBDCF0F97EAF4BB8A552AC606A994.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_07E577C8197A8AD4CB3CA67B31F64448 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_07E577C8197A8AD4CB3CA67B31F64448.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_09699DDB14539164D9A2C3DD3B1EF5E9 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_09699DDB14539164D9A2C3DD3B1EF5E9.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_0A80D0F932656FE45A310440E8024C0E -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_0A80D0F932656FE45A310440E8024C0E.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_0AB19942EE0FDA44C98CE55CA0CE6F7B -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_0AB19942EE0FDA44C98CE55CA0CE6F7B.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_0C7EC0FA4E3A37D489B82B1978CEE6A9 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_0C7EC0FA4E3A37D489B82B1978CEE6A9.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_0D756077321A70C3E844C138CE981581 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_0D756077321A70C3E844C138CE981581.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_105C39EC33C8F0F45909C000F6308C32 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_105C39EC33C8F0F45909C000F6308C32.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_12342rg -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_12346db -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_12350vi2 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_15CA50CA56E5C8445B55FC5976867BC6 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_15CA50CA56E5C8445B55FC5976867BC6.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_19DBBBA25E197DA429A9EF511DCD5067 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_19DBBBA25E197DA429A9EF511DCD5067.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_1C79E9FA1347D6248A5DBA4E90590C1B -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_1C79E9FA1347D6248A5DBA4E90590C1B.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_1D5E3C0FEDA1E123187686FED06E995A -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_1D5E3C0FEDA1E123187686FED06E995A.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_26E909AD54B31AB4B885CFEAABB4EC9C -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_26E909AD54B31AB4B885CFEAABB4EC9C.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_28E5334E3B71F064E907939DCB62D93B -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_28E5334E3B71F064E907939DCB62D93B.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_2B0163E6D0340BE4183EB2758E9BEDD8 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_2B0163E6D0340BE4183EB2758E9BEDD8.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_2BD4D0924B1FE8B419D87DE12FA900B1 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_2BD4D0924B1FE8B419D87DE12FA900B1.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_34FBB18171ACA1E47AD8186EA7758B4A -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_34FBB18171ACA1E47AD8186EA7758B4A.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_36464AF4C966BDD44B44CD9BC9E0C4AF -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_36464AF4C966BDD44B44CD9BC9E0C4AF.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_389F20921C4BAB448BD5C5D6252E4C14 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_389F20921C4BAB448BD5C5D6252E4C14.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_43688B8A09F7F2046BA6682479556F5A -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_43688B8A09F7F2046BA6682479556F5A.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_438E4D7EBE39F1538BBF28DCEA260330 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_438E4D7EBE39F1538BBF28DCEA260330.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_4EA42A62D9304AC4784BF238120751FF -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_4EA42A62D9304AC4784BF238120751FF.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_4EA42A62D9304AC4784BF2381208130F -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_4EA42A62D9304AC4784BF2381208130F.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_4EA42A62D9304AC4784BF268140632FF -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_4EA42A62D9304AC4784BF268140632FF.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_51C8C8364FF73CB47B2A55693BAF9352 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_51C8C8364FF73CB47B2A55693BAF9352.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_56A9756CEAC913B4B8B633600E36A066 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_56A9756CEAC913B4B8B633600E36A066.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_59A66CE7D2CA721449B040545A62BAF2 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_59A66CE7D2CA721449B040545A62BAF2.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_5C13C3F8A3C98AA4E8AF1792A0A75D33 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_5C13C3F8A3C98AA4E8AF1792A0A75D33.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_5E1F9BD7BCA9D0147ACDA7D320C30E54 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_5E1F9BD7BCA9D0147ACDA7D320C30E54.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_60668EEB5BFE3534F943920E5CC9CDAF -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_60668EEB5BFE3534F943920E5CC9CDAF.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_60BF2DF45ABFCE748AB34C3667955C6C -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_60BF2DF45ABFCE748AB34C3667955C6C.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_64DDD1E5FA5A60A40BCFC9E315B07E24 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_64DDD1E5FA5A60A40BCFC9E315B07E24.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_65282BE266D11F94FA6696B19F2AC797 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_65282BE266D11F94FA6696B19F2AC797.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_67D6ECF5CD5FBA732B8B22BAC8DE1B4D -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_67D6ECF5CD5FBA732B8B22BAC8DE1B4D.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_68AB67CA7DA7FFFFB744AA0000000010 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_68AB67CA7DA7FFFFB744AA0000000010.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_6BBFDF96D153C8B4988D68D79C0D2A4A -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_6BBFDF96D153C8B4988D68D79C0D2A4A.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_6D331B1297950F74EBC16F6A3B4096F3 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_6D331B1297950F74EBC16F6A3B4096F3.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_6DAFD6D95E90E5444A5B3A88EFBE9DD0 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_6DAFD6D95E90E5444A5B3A88EFBE9DD0.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_6E815EB96CCE9A53884E7857C57002F0 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_6E815EB96CCE9A53884E7857C57002F0.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_6E8A266FCD4F2A1409E1C8110F44DBCE -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_6E8A266FCD4F2A1409E1C8110F44DBCE.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_7C43C21609E58D74B9C5F017D78D7262 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_7C43C21609E58D74B9C5F017D78D7262.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_84F90D68BADCC4B488606F1CF67139A5 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_84F90D68BADCC4B488606F1CF67139A5.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_852DA6D3AE165F5318C27B0A122599E6 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_852DA6D3AE165F5318C27B0A122599E6.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_88105C9D5D21E3D4F8008632642CAAF5 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_88105C9D5D21E3D4F8008632642CAAF5.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_8BB036C3D29659440ADB0433C65DF199 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_8BB036C3D29659440ADB0433C65DF199.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_93BAD29AC2E44034A96BCB446EB8552E -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_93BAD29AC2E44034A96BCB446EB8552E.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_97EB8EC73CBAC2B4593482DEB2A0E98A -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_97EB8EC73CBAC2B4593482DEB2A0E98A.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_9A9450A669B1C894CACB933400F1BE91 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_9A9450A669B1C894CACB933400F1BE91.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_9C8928403D4AB094F99FBA20A329833F -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_9C8928403D4AB094F99FBA20A329833F.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_9CA6158A1FAA9F747966302E4DDCCB8F -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_9CA6158A1FAA9F747966302E4DDCCB8F.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_9F2FDFE0D6387BE43AD230B83D1FBFA2 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_9F2FDFE0D6387BE43AD230B83D1FBFA2.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_A089CE062ADB6BC44A720BA745894BAC -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_A089CE062ADB6BC44A720BA745894BAC.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_A32460A5C012BF9459E0BCE08B5CEC7C -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_A32460A5C012BF9459E0BCE08B5CEC7C.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_A91FFE89BA03B4E49B340FB6C136BE8F -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_A91FFE89BA03B4E49B340FB6C136BE8F.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_A97E0ECDCA9BCA14891CE70F35B8ACF7 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_A97E0ECDCA9BCA14891CE70F35B8ACF7.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_AAFB6477D5B2DFF40A8E54854F661850 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_AAFB6477D5B2DFF40A8E54854F661850.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_AE48807DEC2E935419BD7466CCE1F5F5 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_AE48807DEC2E935419BD7466CCE1F5F5.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_AE7748F4EE04DBA43BCD9FE5A18FED13 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_AE7748F4EE04DBA43BCD9FE5A18FED13.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_B0AFE77B3DB92214F9A9519A365BAE42 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_B0AFE77B3DB92214F9A9519A365BAE42.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_BD528ECCA74340041A68F5A4F6DD5874 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_BD528ECCA74340041A68F5A4F6DD5874.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_BE4EBED704B66673BB53C5BB3C58AD73 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_BE4EBED704B66673BB53C5BB3C58AD73.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_C062052359A7236498B39856E75B45B5 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_C062052359A7236498B39856E75B45B5.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_c1c4f01781cc94c4c8fb1542c0981a2a -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_c1c4f01781cc94c4c8fb1542c0981a2a.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_C28643E881181F13CBC489DC69571E2C -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_C28643E881181F13CBC489DC69571E2C.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_C4477B9D93C18B94683B9F0336B1F42E -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_C4477B9D93C18B94683B9F0336B1F42E.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_C4C5B60FE2D842B4D934A754EE6C8C87 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_C4C5B60FE2D842B4D934A754EE6C8C87.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_C78A0900E0E34D34AA177AB16065A3A4 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_C78A0900E0E34D34AA177AB16065A3A4.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_CFD2C1F142D260E3CB8B271543DA9F98 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_CFD2C1F142D260E3CB8B271543DA9F98.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_D20352A90C039D93DBF6126ECE614057 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_D20352A90C039D93DBF6126ECE614057.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_D269515B979CCA4499217FBB94B9B4C2 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_D269515B979CCA4499217FBB94B9B4C2.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_D62D6F5E081E74548A5665E5BA1600C0 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_D62D6F5E081E74548A5665E5BA1600C0.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_D7314F9862C648A4DB8BE2A5B47BE100 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_D7314F9862C648A4DB8BE2A5B47BE100.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_DA67D5E0BF3A5D84480098301B30713D -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_DA67D5E0BF3A5D84480098301B30713D.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_DDA39468D428E8B4DB27C8D5DC5CA217 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_DDA39468D428E8B4DB27C8D5DC5CA217.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_DE60948F45BB98841B13EF9D9C50F68C -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_DE60948F45BB98841B13EF9D9C50F68C.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_DFC90B5F2B0FFA63D84FD16F6BF37C4B -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_DFC90B5F2B0FFA63D84FD16F6BF37C4B.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_E4CE00A91E724C2489DD66F223CA8807 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_E4CE00A91E724C2489DD66F223CA8807.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_E757FC781F1C22D468C5006C59B02585 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_E757FC781F1C22D468C5006C59B02585.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_E7FF67E4ABEA78C47B88DC745E24B5D9 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_E7FF67E4ABEA78C47B88DC745E24B5D9.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_E85265FE62305C848AC6B3CA62CF51FD -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_E85265FE62305C848AC6B3CA62CF51FD.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_EAABCF9D27BDB884690DA03A8C290C6D -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_EAABCF9D27BDB884690DA03A8C290C6D.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_EACB9EE39A9E5E54B9C1384A3D750EC5 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_EACB9EE39A9E5E54B9C1384A3D750EC5.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_ED0FAC38B3D873C46A13B2F861CE0313 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_ED0FAC38B3D873C46A13B2F861CE0313.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_EDEE121AF86CD16419AA4DB82A62FAC1 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_EDEE121AF86CD16419AA4DB82A62FAC1.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_EFEE0228DC83E77358593193D847A0EC -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_EFEE0228DC83E77358593193D847A0EC.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_F5132B06F0863BE48BDDCCCD687ACCBA -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_F5132B06F0863BE48BDDCCCD687ACCBA.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_F6071111A6667304777712318267D401 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_F6071111A6667304777712318267D401.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_F60730A4A66673047777F5728467D401 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_F60730A4A66673047777F5728467D401.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_F7AC5766B15EA6F4994D8F0F21C4E6AA -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_F7AC5766B15EA6F4994D8F0F21C4E6AA.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_F996CA6A5138AC04F8079E71949487BA -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_F996CA6A5138AC04F8079E71949487BA.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_FAEC7109A5EB37F4A8E08CE76279E155 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_FAEC7109A5EB37F4A8E08CE76279E155.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_FDA1A8E3C27BEF74586F7F7AC384F7C6 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_FDA1A8E3C27BEF74586F7F7AC384F7C6.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_FDD4AE7499DF3B6448C6F9F3132586DA -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\icm_FDD4AE7499DF3B6448C6F9F3132586DA.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\_ WmiPrvSE - Services - Access is denied - Click on Show Details for All Processes in menu View! A9920 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\_entreelist.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\_enviewlist.dll -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\_KinoniSvc53291408 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\_nvinit13DEF06A -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\_nvSCPAPISvr5814D545 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\_postgres339C4045 -> Deleted
[PUP][File] C:\ProgramData\SecTaskMan\_ssv1FAD7AF -> Deleted
[Hidden.ADS][Stream] C:\WINDOWS:s8vj4g0sk4d1 -> Deleted
[Hidden.ADS][Stream] C:\Users\Simon\AppData\Roaming:lv93ja32540f -> Deleted
[Hj.Shortcut][File] C:\Users\Simon\AppData\Local\Temp\$$$6040.lnk [LNK@] C:\PROGRA~2\Google\Chrome\APPLIC~1\chrome.exe "http://www.auslogics.com/go/diskdef..._medium=auslogics&utm_campaign=diskdefragfree" -> Shortcut cleaned
[PUP][Folder] C:\ProgramData\AVG Security Toolbar -> ERROR [3]
[PUP][Folder] C:\ProgramData\SecTaskMan -> ERROR [3]
[PUP][File] C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\wtu-secure-search.xml -> Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [https://www.bettinggods.com/blog-2/] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 6d40f859d40be43d83364fa4d9e665f4
[BSP] 0d9bdc844c4d286fe0b40717de6e9b3f : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 360 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 739328 | Size: 31059 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 64348160 | Size: 445517 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: ST9500420AS ATA Device +++++
--- User ---
[MBR] 47f02b1610bfe3ac5729cd1557c59c3f
[BSP] ee38b7bbfa1faabf982525f16b08c8ad : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
Since that last scan computer seems to be very slow and keeps freezing. CPU usage is pretty erratic right now . Maybe I removed something I shouldn't have perhaps? I uninstalled an older version of MB I had before installing the new version listed in thread.

I installed MB and restarted computer. I just tried to start scan but after 1 sec it just cancels the scan? It also won't allow me to turn on 'malware protection'


Log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/16/16
Scan Time: 10:05 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.4.1269
Components Version:
Update Package Version:
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Simon-PC\Simon

-Scan Summary-
Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 0
(No malicious items detected)
Time Elapsed: 0 min, 1 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)


(end)
 
Scan #1 - Software crashed during removal period towards the end. There was no log for this as I ended the task.



# AdwCleaner v6.041 - Logfile created 17/12/2016 at 18:05:28
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-17.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Simon - SIMON-PC
# Running from : C:\Users\Simon\Downloads\adwcleaner_6.041.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found: C:\ProgramData\Avg_Update_0915tb
Folder Found: C:\Users\Simon\AppData\LocalLow\Toolbar4
Folder Found: C:\ProgramData\Auslogics
Folder Found: C:\ProgramData\Application Data\Auslogics
Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
Folder Found: C:\Program Files (x86)\Auslogics
Folder Found: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\AVG Secure Search
Folder Found: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\avg web tuneup


***** [ Files ] *****

File Found: C:\Windows\SysNative\LavasoftTcpService64.dll
File Found: C:\Windows\SysNative\LavasoftTcpServiceOff.ini
File Found: C:\Windows\SysWOW64\lavasofttcpservice.dll
File Found: C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C}
Key Found: HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
Key Found: HKU\.DEFAULT\Software\Auslogics
Key Found: HKU\S-1-5-18\Software\Auslogics
Key Found: HKLM\SOFTWARE\Auslogics
Key Found: HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Web data] - uk.ask.com
Chrome pref Found: [C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Web data] - search provided by yahoo.com
Chrome pref Found: [C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - hxxps://uk.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wny_pltk_15_07&param1=1&param2=f%253D7%

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [3118 Bytes] - [17/12/2016 17:45:26]
C:\AdwCleaner\AdwCleaner[S1].txt - [3034 Bytes] - [17/12/2016 18:05:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3107 Bytes] ##########



Scan #2


# AdwCleaner v6.041 - Logfile created 17/12/2016 at 18:11:19
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-17.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Simon - SIMON-PC
# Running from : C:\Users\Simon\Downloads\adwcleaner_6.041.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

File Found: C:\Windows\SysNative\LavasoftTcpService64.dll
File Found: C:\Windows\SysWOW64\lavasofttcpservice.dll


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [3118 Bytes] - [17/12/2016 17:45:26]
C:\AdwCleaner\AdwCleaner[S1].txt - [3190 Bytes] - [17/12/2016 18:05:28]
C:\AdwCleaner\AdwCleaner[S2].txt - [1248 Bytes] - [17/12/2016 18:11:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1321 Bytes] ##########




# AdwCleaner v6.041 - Logfile created 17/12/2016 at 18:11:33
# Updated on 16/12/2016 by Malwarebytes
# Database : 2016-12-17.2 [Local]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Simon - SIMON-PC
# Running from : C:\Users\Simon\Downloads\adwcleaner_6.041.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****

[#] File deleted: C:\Windows\SysNative\LavasoftTcpService64.dll
[#] File deleted: C:\Windows\SysWOW64\lavasofttcpservice.dll


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [899 Bytes] - [17/12/2016 18:11:33]
C:\AdwCleaner\AdwCleaner[S0].txt - [3118 Bytes] - [17/12/2016 17:45:26]
C:\AdwCleaner\AdwCleaner[S1].txt - [3190 Bytes] - [17/12/2016 18:05:28]
C:\AdwCleaner\AdwCleaner[S2].txt - [1400 Bytes] - [17/12/2016 18:11:19]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1190 Bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64
Ran by Simon (Administrator) on 17/12/2016 at 18:44:36.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 35

Successfully deleted: C:\ProgramData\cngijofimaelgigkibgffjdjhaglooao (Folder)
Successfully deleted: C:\ProgramData\mntemp (File)
Successfully deleted: C:\Users\Simon\AppData\Local\{20E50765-C9D4-4E12-9C00-B373DFFE6D1A} (Empty Folder)
Successfully deleted: C:\Users\Simon\AppData\Local\{7088FB81-7365-4483-B91E-2CABA573F9EB} (Empty Folder)
Successfully deleted: C:\Users\Simon\AppData\Local\{795D486A-EBC3-48FE-BBA7-324484EFC2CD} (Empty Folder)
Successfully deleted: C:\Users\Simon\AppData\Local\{96DA9DF1-44AC-490A-AB9C-1DCC4512F5EC} (Empty Folder)
Successfully deleted: C:\Users\Simon\AppData\Local\{B1AA287D-3CD4-44C2-8E31-DD06CD010F9F} (Empty Folder)
Successfully deleted: C:\Users\Simon\AppData\Local\{C1E3DCB4-CCEF-4688-91F2-9AA33E030FA0} (Empty Folder)
Successfully deleted: C:\Users\Simon\AppData\Local\crashrpt (Folder)
Successfully deleted: C:\Windows\system32\Tasks\update-S-1-5-21-1326312913-1543494360-2169407760-1001 (Task)
Successfully deleted: C:\Windows\system32\Tasks\update-sys (Task)
Successfully deleted: C:\Windows\Tasks\update-S-1-5-21-1326312913-1543494360-2169407760-1001.job (Task)
Successfully deleted: C:\Windows\Tasks\update-sys.job (Task)
Successfully deleted: C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3W0JZKH2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5MGGYLJC (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRMJDDNA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C13H4BB8 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVENIE1Q (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHAVLE64 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Simon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z10MSGKJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3W0JZKH2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5MGGYLJC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRMJDDNA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C13H4BB8 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVENIE1Q (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WHAVLE64 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z10MSGKJ (Temporary Internet Files Folder)



Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E2FB2571-A71F-4BEE-B559-8F5C2AC618FA} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/12/2016 at 18:48:42.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Rebooted computer again after latest scan. Still get the freezing at start. Also just tried to re-run MB and it again stops before any items are scanned. Strange as older version I had prior to this was working fine
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Windows Vista, 7 or 8 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Ok good news and bad news. The good news is that my computer is running better than ever and it didn't freeze at start. The bad news is that it has deleted a bunch of my photos/videos/music.. I don't have all of those backed up :/ Would it be possible to restore before Combofix scan, backup the files and re-run the scan? What is the best way of restoring? Via windows system restore or?
 
Ah just seen where quarantined files are kept. I guess if I add them back and problem re-occurs I know they are part of it
 
ComboFix 16-12-15.01 - Simon 17/12/2016 20:21:21.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8172.5854 [GMT 0:00]
Running from: c:\users\Simon\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Spyware Cease
c:\program files (x86)\Spyware Cease\md5.dll
c:\program files (x86)\Spyware Cease\mtools.dll
c:\program files (x86)\Spyware Cease\networkdll.dll
c:\program files (x86)\Spyware Cease\opfile.dll
c:\program files (x86)\Spyware Cease\QAreaDLL.dll
c:\program files (x86)\Spyware Cease\RkHitApi.dll
c:\program files (x86)\Spyware Cease\sctdll.dll
c:\program files (x86)\Spyware Cease\spkdll.dll
c:\program files (x86)\Spyware Cease\SpywareCease.exe
c:\program files (x86)\Spyware Cease\udefend.dll
c:\program files (x86)\Spyware Cease\ussafe.dll
c:\program files (x86)\Spyware Cease\zlib1.dll
c:\media\mystuff\1.mp3
c:\media\mystuff\2.mp3
c:\media\mystuff\3.mp3
c:\media\mystuff\4.mp3
c:\media\mystuff\5.mp3
c:\media\mystuff\6.mp3
c:\media\mystuff\7.mp3
c:\media\mystuff\img_067
c:\media\mystuff\img_068
c:\media\mystuff\img_069
c:\media\mystuff\img_070
c:\media\mystuff\img_071
c:\media\mystuff\img_072
c:\media\mystuff\img_073
c:\media\mystuff\img_074
c:\media\mystuff\img_075
c:\media\mystuff\img_076
c:\media\mystuff\img_077
c:\media\mystuff\img_078
c:\media\mystuff\img_079
c:\media\mystuff\noisia_1
c:\media\mystuff\noisia_2
c:\media\mystuff\noisia_3
c:\media\mystuff\noisia_4
c:\media\mystuff\noisia_5
c:\media\mystuff\noisia_6
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2016-11-17 to 2016-12-17 )))))))))))))))))))))))))))))))
.
.
2016-12-17 17:41 . 2016-12-17 18:11 -------- d-----w- C:\AdwCleaner
2016-12-16 21:18 . 2016-12-17 18:57 176064 ----a-w- c:\windows\system32\drivers\MBAMChameleon.sys
2016-12-16 21:16 . 2016-12-17 18:57 102856 ----a-w- c:\windows\system32\drivers\farflt.sys
2016-12-16 21:16 . 2016-12-17 18:56 81696 ----a-w- c:\windows\system32\drivers\mwac.sys
2016-12-16 21:16 . 2016-12-17 18:56 43968 ----a-w- c:\windows\system32\drivers\mbam.sys
2016-12-16 21:15 . 2016-12-17 18:56 250816 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2016-12-16 21:15 . 2016-11-29 06:27 77408 ----a-w- c:\windows\system32\drivers\mbae64.sys
2016-12-16 21:15 . 2016-12-16 21:15 -------- d-----w- c:\program files\Malwarebytes
2016-12-16 17:52 . 2016-12-16 17:52 28272 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2016-12-16 17:51 . 2016-12-16 17:52 -------- d-----w- c:\program files\RogueKiller
2016-12-16 17:51 . 2016-12-16 21:08 -------- d-----w- c:\programdata\RogueKiller
2016-12-16 16:54 . 2016-12-16 16:57 -------- d-----w- C:\FRST
2016-12-12 18:57 . 2016-12-12 18:57 -------- d-----w- c:\users\Simon\AppData\Roaming\CleanMyPC
2016-12-12 18:00 . 2016-12-12 18:00 -------- d-----w- c:\programdata\MacPaw Inc
2016-12-12 18:00 . 2016-12-12 18:57 -------- d-----w- c:\program files\CleanMyPC
2016-12-11 22:05 . 2016-12-11 22:06 -------- d-----w- c:\programdata\PCPitstop
2016-12-11 22:05 . 2016-12-11 22:07 -------- d-----w- c:\program files (x86)\PCPitstop
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-12-17 18:37 . 2016-12-17 18:37 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20AE9E02-54AC-4F38-859C-D358E70744A1}\offreg.1012.dll
2016-12-17 17:41 . 2016-12-17 17:41 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20AE9E02-54AC-4F38-859C-D358E70744A1}\offreg.312.dll
2016-12-16 21:15 . 2016-12-16 21:15 1192400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{DAD5128E-86C2-45CC-A9C1-BD9B427FEEC5}-{E06CD0BA-C86E-1F27-A247-3EECF12D8B7C}-mb3-setup-consumer-3.0.4.1269.tmp
2016-12-16 21:15 . 2016-12-16 21:15 1192400 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\LocalCopy\{6F3397CF-4397-9D41-9240-875023C92A07}-{E06CD0BA-C86E-1F27-A247-3EECF12D8B7C}-mb3-setup-consumer-3.0.4.1269.tmp
2016-12-13 16:50 . 2014-09-10 17:12 802904 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-12-13 16:50 . 2014-09-10 17:12 144472 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-12-13 16:50 . 2016-02-10 17:50 20364888 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2016-11-10 07:44 . 2016-12-14 19:14 11781064 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20AE9E02-54AC-4F38-859C-D358E70744A1}\mpengine.dll
2016-11-10 07:44 . 2016-12-07 18:44 11781064 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2016-10-30 19:48 . 2016-02-20 17:15 2946752 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2016-10-28 01:22 . 2014-09-22 16:52 485032 ------w- c:\windows\system32\MpSigStub.exe
2016-10-07 21:52 . 2016-10-07 21:52 89328 ----a-w- c:\windows\system32\vcruntime140.dll
2016-10-07 21:52 . 2016-10-07 21:52 85744 ----a-w- c:\windows\SysWow64\vcruntime140.dll
2016-10-07 21:52 . 2016-10-07 21:52 443632 ----a-w- c:\windows\SysWow64\msvcp140.dll
2016-10-07 21:52 . 2016-10-07 21:52 394496 ----a-w- c:\windows\system32\vccorlib140.dll
2016-10-07 21:52 . 2016-10-07 21:52 334608 ----a-w- c:\windows\system32\concrt140.dll
2016-10-07 21:49 . 2016-10-07 21:49 639728 ----a-w- c:\windows\system32\msvcp140.dll
2016-10-07 21:49 . 2016-10-07 21:49 244504 ----a-w- c:\windows\SysWow64\concrt140.dll
2016-10-07 21:45 . 2016-10-07 21:45 271112 ----a-w- c:\windows\SysWow64\vccorlib140.dll
2016-09-29 01:15 . 2016-09-29 01:15 171008 ----a-w- c:\windows\system32\Pioneer_MIX_ASIO_x64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"="c:\users\Simon\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-11 163040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R1 SASDIFSV;SASDIFSV;c:\users\Simon\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS;c:\users\Simon\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Simon\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS;c:\users\Simon\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
R3 cpuz137;cpuz137;c:\users\Simon\AppData\Local\Temp\cpuz137\cpuz137_x64.sys;c:\users\Simon\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
R3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys;c:\windows\SYSNATIVE\DRIVERS\jumi.sys [x]
R3 KINONI_Wave;Kinoni Audio Source;c:\windows\system32\drivers\kinonivad.sys;c:\windows\SYSNATIVE\drivers\kinonivad.sys [x]
R3 kinonivd;Kinoni Video Source;c:\windows\system32\DRIVERS\kinonivd.sys;c:\windows\SYSNATIVE\DRIVERS\kinonivd.sys [x]
R3 MBAMProtection;MBAMProtection;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys;c:\windows\SYSNATIVE\DRIVERS\qicflt.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 tap-tb-0901;TunnelBear Adapter V9;c:\windows\system32\DRIVERS\tap-tb-0901.sys;c:\windows\SYSNATIVE\DRIVERS\tap-tb-0901.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Simon\AppData\Local\Temp\Rar$EX05.784\WinRing0x64.sys;c:\users\Simon\AppData\Local\Temp\Rar$EX05.784\WinRing0x64.sys [x]
R4 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 ClickToRunSvc;Microsoft Office Click-to-Run Service;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe;c:\program files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys;c:\windows\SYSNATIVE\DRIVERS\Accelern.sys [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys;c:\windows\SYSNATIVE\DRIVERS\nvstusb.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-12-15 00:18 1384792 ----a-w- c:\program files (x86)\Google\Chrome\Application\55.0.2883.87\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2016-12-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10 16:50]
.
2016-12-17 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-1326312913-1543494360-2169407760-1001.job
- c:\users\Simon\AppData\Local\Citrix\GoToMeeting\6039\g2mupdate.exe [2016-12-10 19:22]
.
2016-12-17 c:\windows\Tasks\G2MUploadTask-S-1-5-21-1326312913-1543494360-2169407760-1001.job
- c:\users\Simon\AppData\Local\Citrix\GoToMeeting\6039\g2mupload.exe [2016-12-10 19:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2016-10-30 16:12 2850608 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2016-10-30 16:12 2850608 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2016-10-30 16:12 2850608 ----a-w- c:\program files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-02-18 6611048]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-12 418840]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-11-04 540992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-12 391704]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2013-07-31 3091224]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://search.yahoo.com/?fr=vmn&type=auslog_yaapp1_hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
Trusted Zone: dell.com
Trusted Zone: localhost
TCP: DhcpNameServer = 192.168.0.1
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - c:\program files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
FF - ProfilePath - c:\users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\58ps9lyh.default-1407246833247\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://search.yahoo.com/?fr=vmn&type=auslog_yaapp1_hp
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKU-Default-Run-HanaConnect - c:\program files (x86)\HanaMobile\HanaConnect\StarterApp.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_186_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_24_0_0_186_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_24_0_0_186_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.24"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_24_0_0_186.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2016-12-17 20:49:26 - machine was rebooted
ComboFix-quarantined-files.txt 2016-12-17 20:49
.
Pre-Run: 214,092,804,096 bytes free
Post-Run: 213,567,328,256 bytes free
.
- - End Of File - - E7AD18F5ED0CCF7DBD10BDD8A705B722
A36C5E4F47E84449FF07ED3517B43A31
 
Yes that's correct. I have since restored the files from mystuff folder and restarted computer. Everything seems great still. Should I re-run Combofix to double check?
 
In that case no.

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Simon (administrator) on SIMON-PC (17-12-2016 22:26:08)
Running from C:\Users\Simon\Downloads
Loaded Profiles: Simon & postgres (Available Profiles: Simon & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvvsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Flux Software LLC) C:\Users\Simon\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\WINDOWS\System32\taskmgr.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2370856 2010-09-24] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6611048 2011-02-18] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-26] (Dell, Inc.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [163040 2010-08-11] (Softthinks)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\Run: [F.lux] => C:\Users\Simon\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-15] (Flux Software LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4B1662B1-8625-4BAE-86F6-94EBD87CD8A5}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.yahoo.com/?fr=vmn&type=auslog_yaapp1_hp
HKU\S-1-5-21-1326312913-1543494360-2169407760-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
URLSearchHook: [S-1-5-21-1326312913-1543494360-2169407760-1005] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKLM -> DefaultScope {419EDEF7-92C6-48D5-895D-9F83F128870D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {419EDEF7-92C6-48D5-895D-9F83F128870D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {E2FB2571-A71F-4BEE-B559-8F5C2AC618FA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {E2FB2571-A71F-4BEE-B559-8F5C2AC618FA} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1326312913-1543494360-2169407760-1001 -> DefaultScope {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp1_ch&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1326312913-1543494360-2169407760-1001 -> ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKU\S-1-5-21-1326312913-1543494360-2169407760-1001 -> {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp1_ch&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1326312913-1543494360-2169407760-1001 -> {85A60A59-D3D8-468F-B598-FB4393789EF4} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1326312913-1543494360-2169407760-1005 -> DefaultScope {E2FB2571-A71F-4BEE-B559-8F5C2AC618FA} URL =
SearchScopes: HKU\S-1-5-21-1326312913-1543494360-2169407760-1005 -> {E2FB2571-A71F-4BEE-B559-8F5C2AC618FA} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-30] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-10-30] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-30] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-10-30] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-30] (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\58ps9lyh.default-1407246833247
FF NewTab: hxxp://google.com/
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxps://search.yahoo.com/?fr=vmn&type=auslog_yaapp1_hp
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-13] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2011-11-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2011-11-03] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-1326312913-1543494360-2169407760-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Simon\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-21] (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF SearchPlugin: C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\58ps9lyh.default-1407246833247\searchplugins\google-lavasoft.xml [2015-10-07]
FF Extension: Adblock Plus - C:\Users\Simon\AppData\Roaming\Mozilla\Firefox\Profiles\58ps9lyh.default-1407246833247\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-02]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-09-16]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-05]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.bettinggods.com/blog-2/
CHR Profile: C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-02]
CHR Extension: (Google Docs Offline) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (AdBlock) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-06-07]
CHR Extension: (Auto Refresh) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifooldnmmcmlbdennkpdnlnbgbmfalko [2015-04-24]
CHR Extension: (Chrome Media Router) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-03]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]
S3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3294912 2016-10-30] (Microsoft Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272688 2012-06-25] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S4 PinnacleUpdateSvc; C:\Program Files (x86)\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC) [File not signed]
R2 postgresql-8.4; C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe [66048 2011-01-28] (PostgreSQL Global Development Group) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10216688 2016-11-28] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3325232 2012-06-25] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [24240 2015-09-11] (Dell Computer Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 jumi; C:\Windows\System32\DRIVERS\jumi.sys [15160 2010-06-03] (Windows (R) Codename Longhorn DDK provider)
S3 kinonivd; C:\Windows\System32\DRIVERS\kinonivd.sys [2782848 2013-02-26] (Windows (R) Win 7 DDK provider)
S3 KINONI_Wave; C:\Windows\System32\drivers\kinonivad.sys [23040 2013-02-26] (Windows (R) Win 7 DDK provider)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-17] (Malwarebytes)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 tap-tb-0901; C:\Windows\System32\DRIVERS\tap-tb-0901.sys [38656 2014-10-14] (The OpenVPN Project)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz137; \??\C:\Users\Simon\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S4 nvpciflt; \SystemRoot\system32\DRIVERS\nvpciflt.sys [X]
S1 SASDIFSV; \??\C:\Users\Simon\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Users\Simon\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [X]
S3 WinRing0_1_2_0; \??\C:\Users\Simon\AppData\Local\Temp\Rar$EX05.784\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-17 20:49 - 2016-12-17 20:49 - 00179813 _____ C:\ComboFix.txt
2016-12-17 20:19 - 2011-06-26 06:45 - 00256000 _____ C:\Windows\PEV.exe
2016-12-17 20:19 - 2010-11-07 17:20 - 00208896 _____ C:\Windows\MBR.exe
2016-12-17 20:19 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-12-17 20:19 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-12-17 20:19 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-12-17 20:19 - 2000-08-31 00:00 - 00098816 _____ C:\Windows\sed.exe
2016-12-17 20:19 - 2000-08-31 00:00 - 00080412 _____ C:\Windows\grep.exe
2016-12-17 20:19 - 2000-08-31 00:00 - 00068096 _____ C:\Windows\zip.exe
2016-12-17 20:18 - 2016-12-17 20:49 - 00000000 ____D C:\Qoobox
2016-12-17 20:17 - 2016-12-17 20:47 - 00000000 ____D C:\Windows\erdnt
2016-12-17 20:16 - 2016-12-17 20:16 - 05659917 ____R (Swearware) C:\Users\Simon\Desktop\ComboFix.exe
2016-12-17 18:48 - 2016-12-17 18:48 - 00005758 _____ C:\Users\Simon\Desktop\JRT.txt
2016-12-17 18:31 - 2016-12-17 18:36 - 01663040 _____ (Malwarebytes) C:\Users\Simon\Downloads\JRT.exe
2016-12-17 17:41 - 2016-12-17 18:11 - 00000000 ____D C:\AdwCleaner
2016-12-17 17:41 - 2016-12-17 17:42 - 03977168 _____ C:\Users\Simon\Downloads\adwcleaner_6.041.exe
2016-12-16 21:20 - 2016-12-17 20:40 - 00002224 _____ C:\Windows\PFRO.log
2016-12-16 21:18 - 2016-12-17 18:57 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2016-12-16 21:16 - 2016-12-17 18:57 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2016-12-16 21:16 - 2016-12-17 18:56 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2016-12-16 21:16 - 2016-12-17 18:56 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-12-16 21:15 - 2016-12-17 18:56 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-16 21:15 - 2016-12-16 21:15 - 00001829 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-16 21:15 - 2016-12-16 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-16 21:15 - 2016-12-16 21:15 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-16 21:15 - 2016-11-29 06:27 - 00077408 _____ C:\Windows\system32\Drivers\mbae64.sys
2016-12-16 21:08 - 2016-12-16 21:09 - 51969976 _____ (Malwarebytes ) C:\Users\Simon\Downloads\mb3-setup-consumer-3.0.4.1269.exe
2016-12-16 17:52 - 2016-12-16 17:52 - 00028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2016-12-16 17:52 - 2016-12-16 17:52 - 00000820 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-12-16 17:52 - 2016-12-16 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-12-16 17:51 - 2016-12-16 21:08 - 00000000 ____D C:\ProgramData\RogueKiller
2016-12-16 17:51 - 2016-12-16 17:52 - 00000000 ____D C:\Program Files\RogueKiller
2016-12-16 17:49 - 2016-12-16 17:50 - 34211496 _____ (Adlice Software ) C:\Users\Simon\Downloads\setup.exe
2016-12-16 16:56 - 2016-12-16 16:57 - 00082430 _____ C:\Users\Simon\Downloads\Addition.txt
2016-12-16 16:54 - 2016-12-17 22:26 - 00020504 _____ C:\Users\Simon\Downloads\FRST.txt
2016-12-16 16:54 - 2016-12-17 22:26 - 00000000 ____D C:\FRST
2016-12-16 16:52 - 2016-12-16 16:53 - 02193920 _____ (Farbar) C:\Users\Simon\Downloads\FRST64.exe
2016-12-14 19:37 - 2016-12-14 19:37 - 00000000 ____D C:\Users\Simon\Desktop\ECP APPEAL
2016-12-14 18:12 - 2016-12-14 18:12 - 00003536 ____N C:\bootsqm.dat
2016-12-14 14:47 - 2016-12-14 14:47 - 00001144 _____ C:\Users\Simon\Downloads\DyK5prvU20161214094654.zip
2016-12-12 23:21 - 2016-12-12 23:21 - 01058214 _____ C:\Users\Simon\Downloads\WakeupOnStandBy (1).zip
2016-12-12 23:08 - 2016-12-17 21:41 - 00000728 _____ C:\Windows\setupact.log
2016-12-12 23:08 - 2016-12-12 23:08 - 00000000 _____ C:\Windows\setuperr.log
2016-12-12 19:29 - 2016-12-12 19:30 - 08409136 _____ (Auslogics Labs Pty Ltd ) C:\Users\Simon\Downloads\disk-defrag-setup.exe
2016-12-12 19:15 - 2016-12-12 19:15 - 00020266 _____ C:\Users\Simon\Documents\cc_20161212_191536.reg
2016-12-12 18:57 - 2016-12-12 18:57 - 00000000 ____D C:\Users\Simon\AppData\Roaming\CleanMyPC
2016-12-12 18:00 - 2016-12-12 18:57 - 00000000 ____D C:\Program Files\CleanMyPC
2016-12-12 18:00 - 2016-12-12 18:00 - 00000000 ____D C:\ProgramData\MacPaw Inc
2016-12-12 17:59 - 2016-12-12 18:00 - 20648456 _____ (MacPaw, Inc. ) C:\Users\Simon\Downloads\CleanMyPC.exe
2016-12-11 22:05 - 2016-12-11 22:07 - 00000000 ____D C:\Program Files (x86)\PCPitstop
2016-12-11 22:05 - 2016-12-11 22:06 - 00000000 ____D C:\ProgramData\PCPitstop
2016-12-11 22:05 - 2016-12-11 22:05 - 00755368 _____ (PC Pitstop LLC ) C:\Users\Simon\Downloads\driveralert2-setup-0004.exe
2016-12-08 20:06 - 2016-12-08 20:06 - 00001740 _____ C:\Users\Simon\Downloads\nAThNxJd20161208150640.zip
2016-11-20 01:59 - 2016-11-20 01:59 - 00002132 _____ C:\Users\Simon\Downloads\qUm3VX9120161119205855.zip
2016-11-19 10:05 - 2016-11-19 10:05 - 00573373 _____ C:\Users\Simon\Downloads\DMR_Bet_Recorder.zip
2016-11-19 02:23 - 2016-11-19 02:23 - 00001861 _____ C:\Users\Simon\Downloads\yqmvHoDn20161118212231.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-17 22:17 - 2015-10-21 22:25 - 00000562 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1326312913-1543494360-2169407760-1001.job
2016-12-17 21:58 - 2015-12-01 14:41 - 00000000 ____D C:\Program Files (x86)\PokerStars.UK
2016-12-17 21:58 - 2011-07-11 15:54 - 00000000 ____D C:\Users\Simon\AppData\Local\PokerStars.UK
2016-12-17 21:51 - 2009-07-14 05:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-17 21:50 - 2014-12-01 12:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-12-17 21:50 - 2009-07-14 04:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-12-17 21:50 - 2009-07-14 04:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-12-17 21:48 - 2011-06-23 18:51 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2016-12-17 21:48 - 2009-07-14 05:10 - 01705122 _____ C:\Windows\WindowsUpdate.log
2016-12-17 21:42 - 2011-07-11 10:59 - 00000000 ____D C:\Users\Simon\AppData\Local\SoftThinks
2016-12-17 21:41 - 2013-07-25 14:59 - 00000000 ____D C:\ProgramData\NVIDIA
2016-12-17 21:41 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-12-17 21:29 - 2015-10-21 22:25 - 00000658 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1326312913-1543494360-2169407760-1001.job
2016-12-17 20:49 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Default
2016-12-17 20:41 - 2009-07-14 02:34 - 00000215 _____ C:\Windows\system.ini
2016-12-17 20:40 - 2009-07-14 02:34 - 99614720 _____ C:\Windows\system32\config\SOFTWARE.bak
2016-12-17 20:40 - 2009-07-14 02:34 - 28311552 _____ C:\Windows\system32\config\SYSTEM.bak
2016-12-17 20:40 - 2009-07-14 02:34 - 01310720 _____ C:\Windows\system32\config\DEFAULT.bak
2016-12-17 20:40 - 2009-07-14 02:34 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak
2016-12-17 20:40 - 2009-07-14 02:34 - 00262144 _____ C:\Windows\system32\config\SAM.bak
2016-12-17 20:39 - 2009-07-14 02:34 - 47710208 _____ C:\Windows\system32\config\components.bak
2016-12-17 17:42 - 2011-08-26 22:05 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Skype
2016-12-17 17:40 - 2015-12-31 16:46 - 01317030 _____ C:\Users\Simon\Documents\Bet Archive - 2016 onwards.xlsx
2016-12-17 14:22 - 2012-08-26 20:40 - 00000000 ____D C:\Users\Simon\AppData\Local\CrashDumps
2016-12-16 22:11 - 2013-02-26 14:16 - 00007605 _____ C:\Users\Simon\AppData\Local\Resmon.ResmonCfg
2016-12-16 21:41 - 2013-05-05 20:26 - 00000000 ____D C:\Users\Simon\Desktop\Poker
2016-12-16 21:19 - 2014-09-16 12:11 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 21:19 - 2014-09-16 12:11 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 21:15 - 2014-05-10 12:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-16 01:14 - 2011-07-12 12:28 - 00000000 ____D C:\Users\Simon\AppData\Roaming\HoldemManager
2016-12-16 00:40 - 2015-12-29 20:34 - 00000000 ____D C:\Users\Simon\Documents\888poker
2016-12-15 00:20 - 2014-09-16 12:11 - 00002197 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-15 00:20 - 2014-09-16 12:11 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-13 16:50 - 2016-02-10 17:50 - 20364888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-12-13 16:50 - 2014-12-01 12:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-12-13 16:50 - 2014-09-10 17:12 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-12-13 16:50 - 2014-09-10 17:12 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-13 16:50 - 2014-09-10 17:12 - 00000000 ____D C:\Windows\system32\Macromed
2016-12-13 16:50 - 2011-06-23 18:33 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-12-13 12:20 - 2016-09-16 21:11 - 00195112 _____ C:\Users\Simon\Documents\Betting Gods - Level stakes .xlsx
2016-12-12 19:36 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\security
2016-12-12 19:36 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Resources
2016-12-12 19:36 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2016-12-12 19:36 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Help
2016-12-12 19:02 - 2011-08-27 00:12 - 00000000 ____D C:\Users\Simon\AppData\Roaming\TeamViewer
2016-12-11 22:14 - 2011-07-11 15:43 - 00000000 ____D C:\Users\postgres
2016-12-10 23:51 - 2015-11-03 19:53 - 00000000 ____D C:\Users\Simon\Desktop\pocarr
2016-12-10 19:22 - 2015-10-21 22:25 - 00003684 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1326312913-1543494360-2169407760-1001
2016-12-10 19:22 - 2015-10-21 22:25 - 00003588 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1326312913-1543494360-2169407760-1001
2016-12-09 17:14 - 2016-10-21 18:24 - 00000000 ____D C:\Users\Simon\AppData\Roaming\PioneerLog
2016-12-08 15:35 - 2011-06-23 19:15 - 00000000 ____D C:\ProgramData\Sonic
2016-12-04 23:21 - 2011-08-27 00:11 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-12-04 23:20 - 2016-11-07 15:48 - 00000973 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk
2016-12-02 08:50 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-01 22:59 - 2013-12-28 22:48 - 00000391 _____ C:\Users\Simon\Desktop\New Text Document.txt
2016-11-19 21:58 - 2015-12-29 20:32 - 00000000 ____D C:\Program Files (x86)\PacificPoker
2016-11-18 09:07 - 2011-06-23 18:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

==================== Files in the root of some directories =======

2011-07-11 15:44 - 2011-07-11 15:44 - 0068597 _____ () C:\Program Files (x86)\hminstalllog.txt
2015-01-06 22:17 - 2016-10-28 19:47 - 0236356 _____ () C:\Users\Simon\AppData\Local\ars.cache
2015-01-06 22:17 - 2016-10-28 19:47 - 0679826 _____ () C:\Users\Simon\AppData\Local\census.cache
2012-07-29 14:22 - 2012-07-29 14:22 - 0003584 _____ () C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-06 22:05 - 2015-01-06 22:05 - 0000036 _____ () C:\Users\Simon\AppData\Local\housecall.guid.cache
2011-07-11 11:14 - 2011-07-11 11:14 - 0001544 _____ () C:\Users\Simon\AppData\Local\PDLSetup.20110711.121441.txt
2012-05-04 14:55 - 2012-05-04 14:55 - 0001567 _____ () C:\Users\Simon\AppData\Local\PDLSetup.20120504.155513.txt
2015-04-08 14:47 - 2015-04-08 14:47 - 0001567 _____ () C:\Users\Simon\AppData\Local\PDLSetup.20150408.154706.txt
2012-08-13 18:41 - 2012-08-13 18:43 - 0020453 _____ () C:\Users\Simon\AppData\Local\PushPot.xml
2012-08-13 18:41 - 2012-08-13 18:43 - 0000251 _____ () C:\Users\Simon\AppData\Local\PushPotConfig.xml
2013-02-26 14:16 - 2016-12-16 22:11 - 0007605 _____ () C:\Users\Simon\AppData\Local\Resmon.ResmonCfg
2015-01-06 22:10 - 2016-10-28 19:21 - 0000010 _____ () C:\Users\Simon\AppData\Local\sponge.last.runtime.cache
2015-11-03 19:42 - 2014-05-04 22:14 - 0185013 _____ () C:\Users\Simon\AppData\Local\Temppt4TempNonAsciiFile
2015-02-03 14:28 - 2015-02-03 14:28 - 0000003 _____ () C:\Users\Simon\AppData\Local\updater.log
2015-02-03 14:28 - 2015-05-01 19:13 - 0000059 _____ () C:\Users\Simon\AppData\Local\UserProducts.xml
2012-05-11 04:38 - 2012-05-11 04:38 - 0004906 _____ () C:\ProgramData\bltofzsb.qlf
2015-10-30 01:13 - 2015-10-30 01:13 - 0004967 _____ () C:\ProgramData\flwjycbm.bab
2016-09-17 17:42 - 2016-09-17 17:42 - 0004143 _____ () C:\ProgramData\kmytnfun.aqy

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-12-11 21:02

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Simon (2016-12-17 22:26:48)
Running from C:\Users\Simon\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-07-11 10:59:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1326312913-1543494360-2169407760-500 - Administrator - Disabled)
Guest (S-1-5-21-1326312913-1543494360-2169407760-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1326312913-1543494360-2169407760-1003 - Limited - Enabled)
postgres (S-1-5-21-1326312913-1543494360-2169407760-1005 - Limited - Enabled) => C:\Users\postgres
Simon (S-1-5-21-1326312913-1543494360-2169407760-1001 - Administrator - Enabled) => C:\Users\Simon

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

888poker (HKLM-x32\...\888poker) (Version: - )
AccelerometerP11 (HKLM-x32\...\{87434D51-51DB-4109-B68F-A829ECDCF380}) (Version: 2.00.11.22 - STMicroelectronics)
Adobe Flash Player 24 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AmericasCardroom (HKLM-x32\...\296836EA-EF3A-4C36-8C13-3A6C1DB2D4BE) (Version: 16.6 - IGSoft)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Betting Assistant (HKLM-x32\...\{E501A34E-2643-424E-B0D5-D74D5E8AE855}) (Version: 1.3.0.27 - Gruss Software Ltd)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CardRunnersEV3 (HKLM\...\{2B06C19C-FEE4-4495-A38D-CFD22C3CC06C}) (Version: 3.1.8 - CardRunnersEV)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{75FCE33E-4E0C-4CE1-ADF0-75F258DF27A0}) (Version: 1.0.445 - Citrix)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.4.47 - Dell)
Dell DataSafe Online (HKLM-x32\...\{7EC66A95-AC2D-4127-940B-0445A526AB2F}) (Version: 2.1.19634 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.1.0.1011 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.1.0.1011 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.35 - Creative Technology Ltd)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
f.lux (HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\Flux) (Version: - )
Flopzilla (HKLM-x32\...\{5ECA37FE-912C-4BA3-82F2-2A7D21E63BD9}) (Version: 1.8.3 - Flopzilla)
GoldWave v5.58 (HKLM-x32\...\GoldWave v5.58) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 7.28.0.6039 (HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\GoToMeeting) (Version: 7.28.0.6039 - CitrixOnline)
Gyazo 3.2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Holdem Manager (HKLM-x32\...\HoldemManager) (Version: - )
Holdem Manager 2 (HKLM-x32\...\HoldemManager2) (Version: - )
HoldemResources Calculator (HKLM-x32\...\HoldemResources Calculator) (Version: release - HoldemResources)
Huawei modem (HKLM-x32\...\Huawei Modems) (Version: - )
ICM Trainer (HKLM-x32\...\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}) (Version: 1.0.0 - PokerStrategy)
ICM Trainer Light (HKLM-x32\...\{3C630BB8-692D-4495-A0BD-40336CD51F99}) (Version: 1.4 - PokerStrategy.com)
ICMIZER 2 (HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\2893028187.www.icmpoker.com) (Version: - www.icmpoker.com)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2321 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}) (Version: 15.2.0.0284 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.1.23.0 - Intel)
Intel(R) Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}) (Version: 15.02.0000.1258 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Keycraft (remove only) (HKLM-x32\...\Keycraft) (Version: - )
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Logitech Unifying Software 2.50 (HKLM\...\Logitech Unifying) (Version: 2.50.25 - Logitech)
Malwarebytes version 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7466.2038 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mozilla Firefox 47.0.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-GB)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1.6018 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 285.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 285.77 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 285.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 285.77 - NVIDIA Corporation)
NVIDIA Graphics Driver 285.77 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 285.77 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.2.24.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.24.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7426.1015 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7466.2038 - Microsoft Corporation) Hidden
partypoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Pioneer MIX 64bit Driver (HKLM\...\Pioneer MIX) (Version: 4.2.4.0001 - Pioneer DJ Corporation.)
PKR (HKLM-x32\...\PKR) (Version: - PKR Ltd)
PokerStars.uk (HKLM-x32\...\PokerStars.uk) (Version: - PokerStars.uk)
PokerStove version 1.24 (HKLM-x32\...\{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1) (Version: - )
PokerStrategy.com Equilab (HKLM-x32\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PostgreSQL 8.4 (HKLM-x32\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.0.10 - Dell Inc.)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6312 - Realtek Semiconductor Corp.)
rekordbox 4.2.4 64bit (HKLM\...\Pioneer rekordbox 4.2.4) (Version: 4.2.4.0001 - Pioneer DJ)
RogueKiller version 12.8.5.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.8.5.0 - Adlice Software)
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Security Task Manager 1.8g (HKLM-x32\...\Security Task Manager) (Version: 1.8g - Neuber Software)
SitNGo Wizard (HKLM-x32\...\SitNGoWizard) (Version: - In The Money LLC)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spek (HKLM-x32\...\{4F8477EA-40EE-4ABD-B3DC-F95E1AF8DE31}) (Version: 0.7.0 - Spek Project)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.15.0 - Synaptics Incorporated)
System Requirements Lab (HKLM-x32\...\SystemRequirementsLab) (Version: - )
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.71503 - TeamViewer)
VirtualDJ Home FREE (HKLM-x32\...\{A6AC699F-8315-40CA-8F70-E917494978AB}) (Version: 7.4 - Atomix Productions)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\Warcraft III) (Version: - )
William Hill Poker (HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\William Hill Poker) (Version: - )
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1326312913-1543494360-2169407760-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Simon\AppData\Local\Citrix\GoToMeeting\5636\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points =========================

17-12-2016 18:44:40 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2016-12-17 20:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2B792C2C-7FC6-406F-BC0E-70D27AF80BDC} - System32\Tasks\{7F069289-353A-4906-A99D-2FE49BB9FCEA} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}\setup.exe"
Task: {38C65D6B-A55E-49EE-A4D6-2859BA831C68} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {4420C4E7-9B5E-44E8-853B-10B8D22538E2} - System32\Tasks\G2MUploadTask-S-1-5-21-1326312913-1543494360-2169407760-1001 => C:\Users\Simon\AppData\Local\Citrix\GoToMeeting\6039\g2mupload.exe [2016-12-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {46F582A8-FEEB-4D62-9283-7200D75B8E97} - System32\Tasks\{424290AE-17CB-4572-9BDA-D38EF864847D} => Chrome.exe http://ui.skype.com/ui/0/7.17.0.105/en/abandoninstall?page=tsProgressBar
Task: {4E8657EC-5A69-4DF7-90A5-1E7D76BBFA1B} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\Windows\system32\compattelrunner.exe [2015-09-18] (Microsoft Corporation)
Task: {4F9A7517-061B-46B5-B2B2-C029D7C7552E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {52D7FE9F-FB9A-477A-A778-02861430C04D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {5C48BD50-9AEB-4604-85D4-AFF3123343E9} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {70CE8F24-C686-4089-91BE-AE86FD3C643A} - System32\Tasks\{0F66C448-61EA-4C57-8101-4073C445FEBB} => Chrome.exe http://ui.skype.com/ui/0/7.17.0.105/en/abandoninstall?page=tsProgressBar
Task: {7217077E-F240-4E94-ADA1-58B6DD852CB8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-11-02] (Microsoft Corporation)
Task: {7FC75B4E-6631-4088-9161-C9315584E482} - System32\Tasks\{08210D85-FC14-4C6A-BAEA-256197AA8F87} => pcalua.exe -a C:\PROGRA~2\PACIFI~1\UNWISE.EXE -c C:\PROGRA~2\PACIFI~1\INSTALL.LOG
Task: {A1732BBE-D414-4D39-B2D4-91056677E03D} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2016-06-02] ()
Task: {A4AF27A5-0B7D-47CE-BC26-2E9DF48F12A5} - System32\Tasks\{749E6CC3-9E7A-4CBD-9B7D-29E0FA517CE0} => pcalua.exe -a C:\Users\Simon\Downloads\setup.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {B41733D9-5ECB-4481-9391-A3D64D7EF66F} - System32\Tasks\{8602CB30-006B-4FF7-A091-AF00C4B900B6} => Firefox.exe http://ui.skype.com/ui/0/7.0.0.102/en/abandoninstall?page=tsProgressBar
Task: {BD5F09CC-C18C-4905-816C-A43385E81D83} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-30] (Microsoft Corporation)
Task: {C3F32C1F-B497-4760-8DC5-98681D5DDD81} - System32\Tasks\G2MUpdateTask-S-1-5-21-1326312913-1543494360-2169407760-1001 => C:\Users\Simon\AppData\Local\Citrix\GoToMeeting\6039\g2mupdate.exe [2016-12-10] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {CA26FD5A-F8AF-407C-9D29-79CB552CB299} - System32\Tasks\{D67F7DB3-ADF2-4A86-B070-09D92C75AF68} => Chrome.exe http://ui.skype.com/ui/0/7.17.0.105/en/abandoninstall?page=tsProgressBar
Task: {CF3E35A0-BAF6-49EF-9352-FF628F166ECC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {D1D235D5-5E65-4601-AFE4-8A9C69C814C8} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => C:\Windows\system32\GWX\GWXUXWorker.exe [2015-12-05] (Microsoft Corporation)
Task: {E525C7FA-734D-4CC3-B8B8-107F789A4A55} - System32\Tasks\{F1938C88-FED4-42A4-B6B3-DBDDAAB9C442} => Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsPlugin
Task: {EA949030-8BA0-41F2-8595-0D584CB1D965} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-13] (Adobe Systems Incorporated)
Task: {EB901CD3-31C7-4B92-B545-93A754F5664A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1326312913-1543494360-2169407760-1001.job => C:\Users\Simon\AppData\Local\Citrix\GoToMeeting\6039\g2mupdate.exe
Task: C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1326312913-1543494360-2169407760-1001.job => C:\Users\Simon\AppData\Local\Citrix\GoToMeeting\6039\g2mupload.exe

==================== Loaded Modules (Whitelisted) ==============

2016-03-14 19:59 - 2016-10-30 16:12 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2011-07-13 15:30 - 2011-05-28 21:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 00781536 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
2011-06-23 18:37 - 2010-12-17 15:25 - 00686704 _____ () C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
2010-11-17 15:35 - 2010-11-17 15:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-07-11 15:42 - 2011-01-28 05:15 - 00172032 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\LIBPQ.dll
2011-07-11 15:42 - 2009-02-12 19:01 - 00976384 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\libxml2.dll
2011-07-11 15:42 - 2005-07-20 10:48 - 00059904 _____ () C:\Program Files (x86)\PostgreSQL\8.4\bin\zlib1.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 00056544 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STCoreXml.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 00113888 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 00126176 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 01121504 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 00077024 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 00232672 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 00072928 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 00109792 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2011-06-23 18:51 - 2010-08-11 23:19 - 00119008 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2010-11-25 03:44 - 2010-11-25 03:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2016-11-09 18:11 - 2016-12-14 12:56 - 10648576 _____ () C:\Program Files (x86)\PokerStars.UK\libcocos2d.dll
2016-11-09 18:11 - 2016-11-09 18:11 - 00149504 _____ () C:\Program Files (x86)\PokerStars.UK\libmpg123.dll
2016-11-09 18:11 - 2016-11-09 18:11 - 00029696 _____ () C:\Program Files (x86)\PokerStars.UK\libvorbisfile.dll
2016-11-09 18:11 - 2016-11-09 18:11 - 00017920 _____ () C:\Program Files (x86)\PokerStars.UK\libogg.dll
2016-11-09 18:11 - 2016-11-09 18:11 - 00666624 _____ () C:\Program Files (x86)\PokerStars.UK\libvorbis.dll
2016-11-09 18:11 - 2016-11-09 18:11 - 00358400 _____ () C:\Program Files (x86)\PokerStars.UK\OpenAL32.dll
2016-11-09 18:11 - 2016-11-09 18:10 - 00389120 _____ () C:\Program Files (x86)\PokerStars.UK\glew32.dll
2016-11-09 18:11 - 2016-11-09 18:11 - 00077824 _____ () C:\Program Files (x86)\PokerStars.UK\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\...\localhost -> localhost


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BTMTrayAgent => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{84594247-C18B-4E94-AEB8-5738B6464B34}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{9CCB839D-D6B3-4873-AF4B-172C514CB49C}] => (Allow) c:\Program Files (x86)\Dell\VideoStage\VideoStage.exe
FirewallRules: [{6C496456-AE46-46AA-9A8E-9C68B5F8B3C6}] => (Allow) LPort=5432
FirewallRules: [{B5F09514-F2FE-4F19-8102-15A2AB631F51}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{ECDFEEE9-34EF-413F-9528-C4988FEB0A54}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{45670A18-F7EA-4159-A745-F35BA1B69C34}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{590D7788-84C2-4723-87D9-6E2D2CF9F8F0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{45480E3F-4FA2-417F-9D05-66B5EED599FB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{62CA1F57-FF4D-44F2-9F93-69792B7C5AFB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CCED35AA-5123-4BB1-815F-E81004647079}] => (Allow) C:\Program Files (x86)\Remote Mouse\server\server.exe
FirewallRules: [{59184FFD-B91C-4CC7-A23B-678538FB10BD}] => (Allow) C:\Program Files (x86)\Remote Mouse\server\server.exe
FirewallRules: [{E734AB67-5D81-4E48-967E-4B368D94274B}] => (Allow) LPort=5720
FirewallRules: [{656ECDFA-0118-4DFE-A413-7FA7762BBAD8}] => (Allow) LPort=5720
FirewallRules: [{3EA0FBE6-3F1E-44B7-879D-3A56F9FFC18D}] => (Allow) LPort=5055
FirewallRules: [TCP Query User{0B38FA46-17EB-4437-B20F-6B6132FD1F1F}C:\program files (x86)\starcraft ii\starcraft ii.exe] => (Allow) C:\program files (x86)\starcraft ii\starcraft ii.exe
FirewallRules: [UDP Query User{55973D8C-5A8D-43AE-B60C-FD2230231B3C}C:\program files (x86)\starcraft ii\starcraft ii.exe] => (Allow) C:\program files (x86)\starcraft ii\starcraft ii.exe
FirewallRules: [{A1662C13-B8A9-49EC-BB41-04522A9EAF33}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [{6A6B8421-94D6-4E93-B191-5CC601B91F35}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II Public Test.exe
FirewallRules: [TCP Query User{C589E4D3-B23D-4563-A2A3-A045FC3D5E31}C:\program files (x86)\warcraft iii\war3.exe] => (Block) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{9081E871-634C-4390-B6BE-D0EC12C21CA8}C:\program files (x86)\warcraft iii\war3.exe] => (Block) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [TCP Query User{2DE52227-B17B-4C25-8838-DAB47AA075F3}C:\program files (x86)\warcraft iii\war3.exe] => (Block) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [UDP Query User{17CD78A8-BEAF-496E-8DA7-E242FC359598}C:\program files (x86)\warcraft iii\war3.exe] => (Block) C:\program files (x86)\warcraft iii\war3.exe
FirewallRules: [{C2F023F2-B8ED-4066-9CFE-3A86747D81C1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F0A8F262-C680-4852-B328-D8FAC1408DA4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2CD7CC9D-C752-4F94-99AB-F91973AA2CDB}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{E5062A2C-34E3-4B76-8B22-00223A2708BD}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{560129F0-9164-4E73-8E1C-F915CC85AA80}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26B28F5E-BF53-430B-B307-CAD86A26B437}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5F25C695-7885-44E4-A593-C2DCACAB99CE}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{2DF2897C-A32D-4EC1-B48E-65796AAF7EF4}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{2749BA37-9662-483F-B524-527E60924C2E}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{70107AA9-7100-4BB7-AE38-73BBFEBA6D21}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{76C27897-AD9B-4CDF-B402-DB38C7CA00B8}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{86AC3725-4CBE-4942-95C6-C5A39D081A0E}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{BED24229-A8C0-435F-BB56-97E4ED4634AE}] => (Allow) C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe
FirewallRules: [{7BECF288-2AD1-4D47-961D-3032A85FAA31}] => (Allow) C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe
FirewallRules: [{2E620581-CEFA-4115-8896-DFB5AA1F46DB}] => (Allow) C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe
FirewallRules: [{E8EF39B1-E88C-474C-8A1D-504A7305C351}] => (Allow) C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe
FirewallRules: [{4F6984EF-F62B-48C2-8C0A-65833137DF95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{443E6C22-E3E7-493E-BA80-634B374D8C0A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3998D6BA-CC46-4157-A12B-BF69306C3FF7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{875B4CDB-575D-4D01-B6F6-BDD8FFB2B979}C:\users\simon\appdata\local\holdemresources\calculator\calculator.exe] => (Allow) C:\users\simon\appdata\local\holdemresources\calculator\calculator.exe
FirewallRules: [UDP Query User{AAFB7887-8528-4935-A0A5-7FD29EE5A530}C:\users\simon\appdata\local\holdemresources\calculator\calculator.exe] => (Allow) C:\users\simon\appdata\local\holdemresources\calculator\calculator.exe
FirewallRules: [TCP Query User{3FC5E85C-8F21-453A-9D3B-28DC21E4C9F2}C:\program files (x86)\pacificpoker\bin\poker.exe] => (Block) C:\program files (x86)\pacificpoker\bin\poker.exe
FirewallRules: [UDP Query User{1C570C6E-9F35-44A5-B7E5-39CD2ABE0ED9}C:\program files (x86)\pacificpoker\bin\poker.exe] => (Block) C:\program files (x86)\pacificpoker\bin\poker.exe
FirewallRules: [{7049B4C6-B8BA-4051-82C1-045CA1A5F84C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [TCP Query User{AE7D3F42-E905-4E9D-980B-AACC05C53143}C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe
FirewallRules: [UDP Query User{26FADC0A-3AF8-493C-988C-7F63EF374815}C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base42253\sc2_x64.exe
FirewallRules: [{ADBCD34E-B84B-47E1-B69E-F615E9B1AD20}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{B5A27DF7-8544-4275-BA63-CD928FB6BCE4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{35949EC4-42EC-486D-BDCB-0AFDE64570B1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{D2D96270-3A8A-43E6-A326-7602E856EA99}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\dota 2 beta\game\bin\win64\dota2.exe
FirewallRules: [{8B702E21-5675-4485-A436-091A53FB6626}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D535D31A-F2DA-4B62-843E-A6F228402876}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7D1FEA67-5F9D-4B52-9A57-44A14532F755}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6886573D-82F6-4C17-B2E5-ED38283C9850}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{8D287470-1C7E-4ACB-A742-BF28D2EE2CBF}C:\program files\pioneer\rekordbox 4.2.4\psvnfsd.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.4\psvnfsd.exe
FirewallRules: [UDP Query User{2AB38118-5442-4B73-96F6-E14E53310C95}C:\program files\pioneer\rekordbox 4.2.4\psvnfsd.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.4\psvnfsd.exe
FirewallRules: [TCP Query User{A8A2A8EC-4B30-4DEA-8249-63380673911B}C:\program files\pioneer\rekordbox 4.2.4\psvlinksysmgr.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.4\psvlinksysmgr.exe
FirewallRules: [UDP Query User{F2AE6308-CC01-4117-830F-B23FD438C71F}C:\program files\pioneer\rekordbox 4.2.4\psvlinksysmgr.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.4\psvlinksysmgr.exe
FirewallRules: [TCP Query User{A0C1A946-3419-4C4C-8FF9-77B9A6CCA398}C:\program files\pioneer\rekordbox 4.2.4\rekordbox.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.4\rekordbox.exe
FirewallRules: [UDP Query User{BC45A7DF-8073-49DF-8DE2-9B3441F64372}C:\program files\pioneer\rekordbox 4.2.4\rekordbox.exe] => (Allow) C:\program files\pioneer\rekordbox 4.2.4\rekordbox.exe
FirewallRules: [{4077BB57-FB10-44A9-B45B-FB02DE824D06}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{63764F42-15F5-48E0-B9C8-1B1A4C64E71E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7B9DD262-7333-4A2A-B9AC-A13E630D3918}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{6046C696-6762-4E58-8E77-8620C129008D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C1D04A7F-2EA4-47E3-B850-84522831036A}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{5BDB3F90-12B2-4233-8B1F-5A67153990F1}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{E6CD5EE0-39CC-4249-94C7-6F946A118331}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{1D7ED056-B25E-432C-9804-AC045F1365A2}] => (Allow) C:\Program Files\Microsoft Security Client\msseces.exe
FirewallRules: [{9E9632DB-9ECF-4143-B403-DD42BD657005}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7BCF81C2-8F12-4633-879C-70E122DA5980}] => (Allow) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
FirewallRules: [{36FF7C33-1FBD-4D1D-A49C-0D210CD10E8C}] => (Allow) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
FirewallRules: [{A3C330A4-9673-438E-9F25-3C28F3D22699}] => (Allow) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
FirewallRules: [{5228D5A8-3BEA-4D0B-954D-2DF3259C5BD8}] => (Allow) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

==================== Faulty Device Manager Devices =============

Name: Integrated Webcam
Description: Integrated Webcam
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Quanta Computer Inc.
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASDIFSV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: StorLib bus (virtual storages support)
Description: StorLib bus (virtual storages support)
Class Guid: {1378e71b-ab4d-4348-af26-cba56b12969e}
Manufacturer: TunnelBear Provider V9
Service: cbfs3
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SASKUTIL
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft Virtual WiFi Miniport Adapter #4
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/17/2016 10:25:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 4.10.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1bc8

Start Time: 01d258b45d0580fe

Termination Time: 31

Application Path: C:\Users\Simon\Downloads\FRST64.exe

Report Id:

Error: (12/17/2016 09:42:06 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2016-12-17 21:42:06 GMTFATAL: the database system is starting up

Error: (12/17/2016 08:41:12 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2016-12-17 20:41:12 GMTFATAL: the database system is starting up

Error: (12/17/2016 06:51:33 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2016-12-17 18:51:33 GMTFATAL: the database system is starting up

Error: (12/17/2016 06:13:32 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2016-12-17 18:13:32 GMTFATAL: the database system is starting up

Error: (12/17/2016 06:09:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program adwcleaner_6.041.exe version 6.0.4.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 19a4

Start Time: 01d2588fd8ec7e61

Termination Time: 0

Application Path: C:\Users\Simon\Downloads\adwcleaner_6.041.exe

Report Id: bd47e94c-c483-11e6-92e3-14feb5ab73c2

Error: (12/17/2016 05:52:35 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2016-12-17 17:52:35 GMTFATAL: the database system is starting up

Error: (12/17/2016 02:22:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PokerStars.exe, version: 15.7.1.9, time stamp: 0x584f1719
Faulting module name: ntdll.dll, version: 6.1.7601.19045, time stamp: 0x56258e62
Exception code: 0xc0000005
Fault offset: 0x0003d968
Faulting process id: 0x1474
Faulting application start time: 0xPokerStars.exe0
Faulting application path: PokerStars.exe1
Faulting module path: PokerStars.exe2
Report Id: PokerStars.exe3

Error: (12/16/2016 09:51:49 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2016-12-16 21:51:49 GMTFATAL: the database system is starting up

Error: (12/16/2016 09:22:03 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2016-12-16 21:22:03 GMTFATAL: the database system is starting up


System errors:
=============
Error: (12/17/2016 09:47:50 PM) (Source: Application Popup) (EventID: 56) (User: )
Description: Driver USB returned invalid ID for a child device (NA02BQF4).

Error: (12/17/2016 09:42:14 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (12/17/2016 09:39:19 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (12/17/2016 08:41:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
SASDIFSV
SASKUTIL

Error: (12/17/2016 08:39:28 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/17/2016 08:39:20 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/17/2016 08:36:04 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (12/17/2016 08:31:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (12/17/2016 08:18:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bluetooth Device Monitor service terminated unexpectedly. It has done this 1 time(s).

Error: (12/17/2016 07:06:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMProtection service failed to start due to the following error:
%%2


CodeIntegrity:
===================================
Date: 2016-12-17 20:36:04.841
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-12-17 20:36:04.795
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-07-11 15:36:15.664
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-07-11 15:36:15.452
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-07-11 15:36:15.220
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-07-11 15:36:14.982
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-07-11 15:35:40.815
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-07-11 15:35:40.565
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpa.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-07-11 15:35:40.191
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.

Date: 2015-07-11 15:35:39.879
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG PC TuneUp\avgdumpx.exe because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz
Percentage of memory in use: 32%
Total physical RAM: 8172.17 MB
Available physical RAM: 5488.51 MB
Total Virtual: 16342.55 MB
Available Virtual: 13220.62 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:435.08 GB) (Free:199.44 GB) NTFS
Drive d: () (Fixed) (Total:465.76 GB) (Free:438.76 GB) NTFS
Drive f: (JAYDRIVE) (Fixed) (Total:232.83 GB) (Free:29.1 GB) FAT32
Drive y: (RECOVERY) (Fixed) (Total:30.33 GB) (Free:17.56 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=361 MB) - (Type=DE)
Partition 2: (Active) - (Size=30.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=435.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C648A420)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 232.9 GB) (Disk ID: 7C7B1FF7)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=0C)

==================== End of Addition.txt ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    3.5 KB · Views: 2
Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Simon (2016-12-18 00:10:13) Run:1
Running from C:\Users\Simon\Downloads\frst
Loaded Profiles: Simon & postgres (Available Profiles: Simon & postgres)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-1326312913-1543494360-2169407760-1005] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-1326312913-1543494360-2169407760-1005 -> DefaultScope {E2FB2571-A71F-4BEE-B559-8F5C2AC618FA} URL =
SearchScopes: HKU\S-1-5-21-1326312913-1543494360-2169407760-1005 -> {E2FB2571-A71F-4BEE-B559-8F5C2AC618FA} URL =
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [No File]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz137; \??\C:\Users\Simon\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
S4 nvpciflt; \SystemRoot\system32\DRIVERS\nvpciflt.sys [X]
S1 SASDIFSV; \??\C:\Users\Simon\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [X]
S1 SASKUTIL; \??\C:\Users\Simon\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [X]
S3 WinRing0_1_2_0; \??\C:\Users\Simon\AppData\Local\Temp\Rar$EX05.784\WinRing0x64.sys [X]
2011-07-11 15:44 - 2011-07-11 15:44 - 0068597 _____ () C:\Program Files (x86)\hminstalllog.txt
2015-01-06 22:17 - 2016-10-28 19:47 - 0236356 _____ () C:\Users\Simon\AppData\Local\ars.cache
2015-01-06 22:17 - 2016-10-28 19:47 - 0679826 _____ () C:\Users\Simon\AppData\Local\census.cache
2012-07-29 14:22 - 2012-07-29 14:22 - 0003584 _____ () C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-06 22:05 - 2015-01-06 22:05 - 0000036 _____ () C:\Users\Simon\AppData\Local\housecall.guid.cache
2011-07-11 11:14 - 2011-07-11 11:14 - 0001544 _____ () C:\Users\Simon\AppData\Local\PDLSetup.20110711.121441.txt
2012-05-04 14:55 - 2012-05-04 14:55 - 0001567 _____ () C:\Users\Simon\AppData\Local\PDLSetup.20120504.155513.txt
2015-04-08 14:47 - 2015-04-08 14:47 - 0001567 _____ () C:\Users\Simon\AppData\Local\PDLSetup.20150408.154706.txt
2012-08-13 18:41 - 2012-08-13 18:43 - 0020453 _____ () C:\Users\Simon\AppData\Local\PushPot.xml
2012-08-13 18:41 - 2012-08-13 18:43 - 0000251 _____ () C:\Users\Simon\AppData\Local\PushPotConfig.xml
2013-02-26 14:16 - 2016-12-16 22:11 - 0007605 _____ () C:\Users\Simon\AppData\Local\Resmon.ResmonCfg
2015-01-06 22:10 - 2016-10-28 19:21 - 0000010 _____ () C:\Users\Simon\AppData\Local\sponge.last.runtime.cache
2015-11-03 19:42 - 2014-05-04 22:14 - 0185013 _____ () C:\Users\Simon\AppData\Local\Temppt4TempNonAsciiFile
2015-02-03 14:28 - 2015-02-03 14:28 - 0000003 _____ () C:\Users\Simon\AppData\Local\updater.log
2015-02-03 14:28 - 2015-05-01 19:13 - 0000059 _____ () C:\Users\Simon\AppData\Local\UserProducts.xml
2012-05-11 04:38 - 2012-05-11 04:38 - 0004906 _____ () C:\ProgramData\bltofzsb.qlf
2015-10-30 01:13 - 2015-10-30 01:13 - 0004967 _____ () C:\ProgramData\flwjycbm.bab
2016-09-17 17:42 - 2016-09-17 17:42 - 0004143 _____ () C:\ProgramData\kmytnfun.aqy
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1326312913-1543494360-2169407760-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
Could not restore Default URLSearchHook.
HKU\S-1-5-21-1326312913-1543494360-2169407760-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1326312913-1543494360-2169407760-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E2FB2571-A71F-4BEE-B559-8F5C2AC618FA}" => key removed successfully
HKCR\CLSID\{E2FB2571-A71F-4BEE-B559-8F5C2AC618FA} => key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513" => key removed successfully
catchme => service removed successfully
cpuz137 => service removed successfully
nvpciflt => service removed successfully
SASDIFSV => service removed successfully
SASKUTIL => service removed successfully
WinRing0_1_2_0 => service removed successfully
C:\Program Files (x86)\hminstalllog.txt => moved successfully
C:\Users\Simon\AppData\Local\ars.cache => moved successfully
C:\Users\Simon\AppData\Local\census.cache => moved successfully
C:\Users\Simon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Simon\AppData\Local\housecall.guid.cache => moved successfully
C:\Users\Simon\AppData\Local\PDLSetup.20110711.121441.txt => moved successfully
C:\Users\Simon\AppData\Local\PDLSetup.20120504.155513.txt => moved successfully
C:\Users\Simon\AppData\Local\PDLSetup.20150408.154706.txt => moved successfully
C:\Users\Simon\AppData\Local\PushPot.xml => moved successfully
C:\Users\Simon\AppData\Local\PushPotConfig.xml => moved successfully
C:\Users\Simon\AppData\Local\Resmon.ResmonCfg => moved successfully
C:\Users\Simon\AppData\Local\sponge.last.runtime.cache => moved successfully
C:\Users\Simon\AppData\Local\Temppt4TempNonAsciiFile => moved successfully
C:\Users\Simon\AppData\Local\updater.log => moved successfully
C:\Users\Simon\AppData\Local\UserProducts.xml => moved successfully
C:\ProgramData\bltofzsb.qlf => moved successfully
C:\ProgramData\flwjycbm.bab => moved successfully
C:\ProgramData\kmytnfun.aqy => moved successfully
"C:\Windows\SysWOW64\zlib.dll" => ":DocumentSummaryInformation" ADS not found.
"C:\Windows\SysWOW64\zlib.dll" => ":SummaryInformation" ADS not found.
C:\Windows\SysWOW64\zlib.dll => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.

==== End of Fixlog 00:10:13 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
Results of screen317's Security Check version 1.014 --- 12/23/15
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 31
Java version 32-bit out of Date!
Adobe Flash Player 24.0.0.186
Mozilla Firefox (47.0.1)
Google Chrome (55.0.2883.87)
Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
Back