Sluggish PC, could be due to malware... [Archive]

Marcus

2017-01-31, 19:50

Hello all, my PC performance has been unusually sluggish over the past week with programs that would otherwise run smoothly constantly crashing. I've also downloaded a fair amount of free software (not cracked but freeware) from possibly less than reputable sites so I'm concerned I might have picked up something nasty along the way. Any help would be much appreciated!

Here are my logs, thanks in advance!

FRST64:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Mark (administrator) on WIN-7Q0K2TFJBH6 (31-01-2017 18:28:45)
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark (Available Profiles: Mark)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Perforce Software Inc.) C:\Program Files\Perforce\Server\p4s.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Spotify Ltd) C:\Users\Mark\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Mark\AppData\Roaming\Spotify\Spotify.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Audient\USBAudioDriver\iD.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\Mark\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Mark\AppData\Roaming\Spotify\Spotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Spotify Ltd) C:\Users\Mark\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1464088 2016-12-19] (BullGuard Ltd.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-366135555-2470553269-3306163725-1000\...\Run: [Spotify Web Helper] => C:\Users\Mark\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-01-27] (Spotify Ltd)
HKU\S-1-5-21-366135555-2470553269-3306163725-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-366135555-2470553269-3306163725-1000\...\Run: [Spotify] => C:\Users\Mark\AppData\Roaming\Spotify\Spotify.exe [7163504 2017-01-27] (Spotify Ltd)
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-12-19] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-12-19] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-12-19] (BullGuard Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iD Autostart.lnk [2016-01-26]
ShortcutTarget: iD Autostart.lnk -> C:\Program Files\Audient\USBAudioDriver\iD.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2D3CB940-41CC-4E40-BB28-C51071C67116}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-366135555-2470553269-3306163725-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-366135555-2470553269-3306163725-1000 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.co.uk/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_uk_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_0_1201_1401_20160324_GB_ie_ds_&tag=bds-p10-serp-uk-ie-21&query={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation)

FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-366135555-2470553269-3306163725-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Mark\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-26] (Citrix Online)

Chrome:
=======
CHR HomePage: Default -> amazon.co.uk/gp/bit/amazonserp/?ie=UTF8__PARAM__
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default [2017-01-31]
CHR Extension: (Google Slides) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (Google Sheets) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31]
CHR Extension: (Color Change for Google™) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngnmbchfbnklgpmahdjjkfpklacgmcc [2016-12-12]
CHR Extension: (Emoji Input by EmojiStuff.com) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\immhpnclomdloikkpcefncmfgjbkojmh [2017-01-10]
CHR Extension: (Auto HD For YouTube™) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2016-10-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKU\S-1-5-21-366135555-2470553269-3306163725-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [meagncggdmaklghgpmpljnedbdoepioa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [460472 2016-12-12] (Amazon Inc.)
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1540376 2016-12-21] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [705304 2016-12-19] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [184600 2016-12-19] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [487704 2016-12-19] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [860952 2016-12-19] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [5660440 2016-12-19] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [652056 2016-12-19] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [317208 2016-12-19] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [409880 2016-12-19] (BullGuard Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-14] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 jswpbapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe [271840 2010-03-22] (Atheros Communications, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-25] (Electronic Arts)
R2 Perforce; C:\Program Files\Perforce\Server\p4s.exe [4824320 2015-07-17] (Perforce Software Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [316120 2014-03-19] ()

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFW; C:\windows\System32\DRIVERS\afw.sys [52912 2015-06-17] (Agnitum Ltd.)
R3 afwcore; C:\windows\System32\DRIVERS\afwcore.sys [465072 2015-06-17] (Agnitum Ltd.)
R3 audientusbaudio; C:\windows\System32\DRIVERS\audientusbaudio_x64.sys [269312 2015-09-03] ()
R3 audientusbaudioks; C:\windows\System32\DRIVERS\audientusbaudioks_x64.sys [50688 2015-09-03] ()
R1 BdAgent; C:\windows\System32\DRIVERS\BdAgent.sys [174744 2016-09-20] (BullGuard Ltd.)
R3 BdNet; C:\windows\System32\DRIVERS\BdNet.sys [33968 2015-10-09] (BullGuard Ltd.)
R1 BdSpy; C:\windows\System32\drivers\BdSpy.sys [76728 2015-10-09] (BullGuard Ltd.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NIWinCDEmu; C:\windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2016-09-07] ()
R1 NovaShieldFilterDriver; C:\windows\System32\DRIVERS\NSKernel.sys [325752 2016-07-27] (BullGuard Ltd.)
R1 NovaShieldTDIDriver; C:\windows\System32\DRIVERS\NSNetmon.sys [26504 2016-07-27] (BullGuard Ltd.)
R2 npf; C:\windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\windows\System32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
R3 Trufos; C:\windows\System32\DRIVERS\Trufos.sys [485512 2016-04-14] (BitDefender S.R.L.)
R3 VUSB3HUB; C:\windows\System32\DRIVERS\ViaHub3.sys [233160 2013-01-03] (VIA Technologies, Inc.)
R3 xhcdrv; C:\windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-31 18:28 - 2017-01-31 18:30 - 00020036 _____ C:\Users\Mark\Desktop\FRST.txt
2017-01-31 18:28 - 2017-01-31 18:28 - 00000000 ____D C:\FRST
2017-01-31 18:14 - 2017-01-31 18:14 - 05198336 _____ (AVAST Software) C:\Users\Mark\Desktop\aswMBR.exe
2017-01-31 18:13 - 2017-01-31 18:28 - 02420736 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2017-01-30 17:43 - 2017-01-30 17:44 - 47168360 ____T C:\Users\Mark\Desktop\Drums with Real Toms.wav
2017-01-30 15:23 - 2017-01-30 15:23 - 47168360 ____T C:\Users\Mark\Desktop\Specimen Yarp Drums with Tempo Changes.wav
2017-01-30 15:22 - 2017-01-30 15:22 - 47168360 ____T C:\Users\Mark\Desktop\Specimen Yarp Drums with Demo Guitars.wav
2017-01-30 15:05 - 2017-01-30 15:05 - 47872292 ____T C:\Users\Mark\Desktop\Specimen Yarp Drums 130bpm.wav
2017-01-30 00:08 - 2017-01-30 00:08 - 00000000 ____D C:\Users\Mark\AppData\Local\id Software
2017-01-29 15:18 - 2017-01-29 15:18 - 00007297 _____ C:\Users\Mark\Downloads\Bass MIDI SUFFERCATIONCHAMBER.mid
2017-01-28 22:17 - 2017-01-29 21:49 - 00000222 _____ C:\Users\Mark\Desktop\DOOM.url
2017-01-28 15:50 - 2017-01-28 15:50 - 31449644 ____T C:\Users\Mark\Desktop\Alien Conflict Demo.wav
2017-01-28 14:41 - 2017-01-28 14:41 - 62125288 ____T C:\Users\Mark\Desktop\River of Souls ROUGH DEMO.wav
2017-01-28 14:30 - 2017-01-28 14:30 - 40103784 ____T C:\Users\Mark\Desktop\Perfect Dark Credits Demo.wav
2017-01-24 16:37 - 2017-01-24 16:37 - 34385732 _____ C:\Users\Mark\Downloads\Beryl.wav
2017-01-24 16:31 - 2017-01-24 16:31 - 00180495 _____ C:\Users\Mark\Downloads\Beryl.als
2017-01-23 22:02 - 2017-01-23 22:02 - 01251683 _____ C:\Users\Mark\Downloads\illformed_old_vst_plugins.zip
2017-01-20 14:40 - 2017-01-29 23:55 - 00000000 ____D C:\Users\Mark\Desktop\UBTW - Ableton
2017-01-12 16:25 - 2017-01-12 16:25 - 00000045 _____ C:\Users\Mark\Documents\Ryan Dorset Yahoo Details.txt
2017-01-11 16:46 - 2017-01-05 18:55 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-01-11 16:46 - 2017-01-05 18:55 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-01-11 16:46 - 2017-01-05 18:52 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-01-11 16:46 - 2017-01-05 17:42 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-01-11 16:46 - 2017-01-05 17:32 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-01-11 16:46 - 2017-01-05 17:25 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-01-11 16:46 - 2017-01-05 17:24 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-01-11 16:46 - 2017-01-05 17:24 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-01-11 16:46 - 2017-01-05 17:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-01-11 16:46 - 2017-01-05 17:23 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-01-11 16:46 - 2017-01-05 17:19 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-01-10 10:34 - 2017-01-10 10:52 - 2709453677 _____ C:\Users\Mark\Downloads\soundiron_olympus_elements_player_edition_1.5.zip
2017-01-09 23:19 - 2017-01-09 23:19 - 00000000 ____D C:\Users\Mark\Downloads\HK Balafon
2017-01-09 22:48 - 2017-01-09 22:48 - 20056454 _____ C:\Users\Mark\Downloads\HK Balafon.zip
2017-01-09 22:43 - 2017-01-09 22:43 - 83939872 _____ C:\Users\Mark\Downloads\Shadowcaste Updated W_Drums.wav
2017-01-09 22:04 - 2017-01-09 22:04 - 00000000 ____D C:\Users\Public\Documents\NI Resources
2017-01-09 22:02 - 2017-01-09 22:02 - 00000000 __HDC C:\ProgramData\{5D37AF22-489A-46B2-9972-806CEC1EDFE2}
2017-01-09 21:58 - 2017-01-09 21:58 - 652066816 _____ C:\Users\Mark\Downloads\Kontakt_Factory_Selection.iso
2017-01-09 21:53 - 2016-09-07 13:26 - 00112408 _____ C:\windows\system32\Drivers\NIWinCDEmu.sys
2017-01-09 21:51 - 2017-01-09 21:51 - 05621520 _____ (Native Instruments GmbH) C:\Users\Mark\Downloads\Kontakt_Factory_Selection_Downloader.exe
2017-01-09 21:18 - 2017-01-09 21:18 - 00000980 _____ C:\Users\Mark\Documents\Kontakt 5.lnk
2017-01-09 21:10 - 2017-01-09 21:10 - 00114900 _____ C:\Users\Mark\Documents\cc_20170109_211008.reg
2017-01-09 20:59 - 2017-01-09 20:59 - 00000000 __HDC C:\ProgramData\{9179C0A4-3D98-4B5D-B8BD-BD155B46E0DD}
2017-01-09 20:56 - 2017-01-09 21:18 - 00000000 __HDC C:\ProgramData\{72F2A743-44A4-4035-BE3B-80C2E67B0CEB}
2017-01-09 20:54 - 2017-01-09 20:54 - 00000000 ____D C:\Users\Mark\Downloads\Kontakt_5_565_PC
2017-01-09 20:49 - 2017-01-09 20:51 - 524116068 _____ C:\Users\Mark\Downloads\Kontakt_5_565_PC.zip
2017-01-09 20:43 - 2017-01-09 20:43 - 00000000 ____D C:\Users\Mark\Downloads\KontaktPlayer4_411_Win
2017-01-09 20:41 - 2017-01-09 20:43 - 379581473 _____ C:\Users\Mark\Downloads\KontaktPlayer4_411_Win.zip
2017-01-09 16:08 - 2017-01-09 16:08 - 00000000 ____D C:\ProgramData\Yellow Tools
2017-01-09 15:28 - 2017-01-09 15:28 - 00000000 ____D C:\Users\Mark\Documents\Best Service
2017-01-09 15:28 - 2017-01-09 15:28 - 00000000 ____D C:\Users\Mark\AppData\Local\Best Service
2017-01-09 15:28 - 2017-01-09 15:28 - 00000000 ____D C:\ProgramData\MAGIX
2017-01-09 15:27 - 2017-01-09 15:27 - 00000984 _____ C:\Users\Mark\Documents\Engine 2.lnk
2017-01-09 15:27 - 2017-01-09 15:27 - 00000000 __HDC C:\ProgramData\{CA777780-A077-49F1-ABDE-9094A2FF0C0A}
2017-01-09 15:27 - 2017-01-09 15:27 - 00000000 __HDC C:\ProgramData\{3937F241-9144-4823-AFFB-BEAF082E554C}
2017-01-09 15:27 - 2017-01-09 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Engine 2
2017-01-09 15:27 - 2017-01-09 15:27 - 00000000 ____D C:\ProgramData\Best Service
2017-01-09 15:27 - 2017-01-09 15:27 - 00000000 ____D C:\Program Files\Best Service
2017-01-09 15:25 - 2017-01-09 15:25 - 00000000 ____D C:\Users\Mark\AppData\Local\PackageAware
2017-01-09 15:15 - 2017-01-09 15:18 - 135332865 _____ C:\Users\Mark\Downloads\Engine_2.5.0.73_win.zip
2017-01-09 15:13 - 2017-01-09 15:55 - 00000000 ____D C:\Users\Mark\Desktop\Forest Kingdom II
2017-01-09 15:11 - 2017-01-09 15:11 - 02163868 _____ C:\Users\Mark\Downloads\Engine_library_installation.zip
2017-01-03 15:32 - 2017-01-03 15:33 - 65017156 _____ C:\Users\Mark\Downloads\Shadowcaste Drums Only.wav

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-31 18:30 - 2014-11-15 11:50 - 00000000 ____D C:\ProgramData\BullGuard
2017-01-31 18:15 - 2015-01-18 16:47 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-01-31 15:48 - 2014-11-15 16:20 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Spotify
2017-01-31 13:42 - 2009-07-14 04:45 - 00028720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-31 13:42 - 2009-07-14 04:45 - 00028720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-31 13:34 - 2014-11-15 16:26 - 00000000 ____D C:\Users\Mark\AppData\Local\Spotify
2017-01-31 13:30 - 2014-11-15 13:13 - 00000312 _____ C:\windows\system32\config\afw_hm.conf
2017-01-31 13:30 - 2014-11-15 13:13 - 00000004 _____ C:\windows\system32\config\afw_db.conf
2017-01-31 13:30 - 2009-07-14 05:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-01-31 13:29 - 2014-11-11 13:40 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-30 17:25 - 2016-07-26 13:27 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Drumatom
2017-01-30 16:19 - 2015-11-12 22:26 - 00000000 ____D C:\Users\Mark\AvidLogFiles
2017-01-30 11:58 - 2009-07-14 03:20 - 00000000 ____D C:\windows\inf
2017-01-30 00:25 - 2014-11-15 13:43 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-27 16:50 - 2009-07-14 05:13 - 00006214 _____ C:\windows\system32\PerfStringBackup.INI
2017-01-26 17:13 - 2015-10-21 15:51 - 00000000 ____D C:\Users\Mark\Documents\Pro Tools
2017-01-23 17:20 - 2015-02-01 22:07 - 00000000 ____D C:\Users\Mark\Documents\Ableton
2017-01-19 20:01 - 2015-09-28 22:15 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-15 16:05 - 2014-11-15 16:45 - 00000000 ____D C:\Users\Mark\Desktop\Games
2017-01-15 00:32 - 2015-01-16 20:16 - 00000000 ____D C:\Users\Mark\AppData\Roaming\vlc
2017-01-14 22:20 - 2014-12-06 18:25 - 00000000 ____D C:\Users\Mark\AppData\Roaming\dvdcss
2017-01-14 19:48 - 2014-11-15 11:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-12 20:18 - 2015-09-28 22:16 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-12 13:01 - 2016-03-24 13:15 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-01-10 22:15 - 2015-01-18 16:47 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 22:15 - 2015-01-18 16:47 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 22:15 - 2015-01-18 16:47 - 00000000 ____D C:\windows\system32\Macromed
2017-01-10 22:15 - 2015-01-01 13:51 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 22:15 - 2015-01-01 13:51 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-01-09 22:04 - 2015-02-13 14:46 - 00000000 ____D C:\Users\Mark\Documents\Native Instruments
2017-01-09 22:02 - 2015-02-13 14:45 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2017-01-09 21:53 - 2015-09-26 22:10 - 00000000 ____D C:\Program Files (x86)\Native Instruments
2017-01-09 21:16 - 2015-02-13 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2017-01-09 21:16 - 2015-02-13 14:45 - 00000000 ____D C:\Program Files\Native Instruments
2017-01-09 21:16 - 2014-12-26 18:50 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2017-01-09 20:47 - 2015-02-13 14:46 - 00000000 ____D C:\Users\Mark\AppData\Local\Native Instruments
2017-01-03 23:19 - 2014-12-06 18:33 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Audacity

==================== Files in the root of some directories =======

2013-10-14 02:44 - 2013-10-14 02:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2015-10-21 15:35 - 2015-10-21 15:35 - 2126240 _____ () C:\Users\Mark\AppData\Roaming\AvidApplicationManager_Install.log
2015-11-12 22:18 - 2015-11-12 22:18 - 0522328 _____ () C:\Users\Mark\AppData\Roaming\AvidCoreRuntime_Install.log
2015-11-12 22:22 - 2015-11-12 22:22 - 0595694 _____ () C:\Users\Mark\AppData\Roaming\AvidDIORuntime_Install.log
2015-11-12 22:21 - 2015-11-12 22:22 - 0182304 _____ () C:\Users\Mark\AppData\Roaming\FlamethrowerDriver_Install.log
2016-08-08 23:22 - 2016-08-08 23:22 - 0002005 _____ () C:\Users\Mark\AppData\Local\recently-used.xbel
2014-11-15 14:08 - 2012-09-06 16:06 - 0126976 _____ (Thesycon GmbH) C:\ProgramData\CNEEB29.tmp

Files to move or delete:
====================
C:\Users\Mark\keFIR_v1.64.dll
C:\Users\Mark\keFIR_v1_2ch.64.dll
C:\Users\Mark\OMB2.64.dll
C:\Users\Mark\WOW2.64.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-11 21:19

==================== End of FRST.txt ============================

Addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Mark (31-01-2017 18:30:45)
Running from C:\Users\Mark\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-11-15 11:45:01)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

248DF0F1DAF442E19D43 (S-1-5-21-366135555-2470553269-3306163725-1003 - Limited - Enabled)
Administrator (S-1-5-21-366135555-2470553269-3306163725-500 - Administrator - Disabled)
Guest (S-1-5-21-366135555-2470553269-3306163725-501 - Limited - Disabled)
Mark (S-1-5-21-366135555-2470553269-3306163725-1000 - Administrator - Enabled) => C:\Users\Mark

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: BullGuard Antivirus (Enabled - Up to date) {EDBB5818-2352-E06B-028A-4E6873B92CC5}
AS: BullGuard Antispyware (Enabled - Up to date) {56DAB9FC-0568-EFE5-383A-751A083E6678}
FW: BullGuard Firewall (Disabled) {D580D93D-693D-E133-29D5-E75D8D6A6BBE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ableton Live 9 Suite (HKLM\...\{A7C273D4-3F82-4A08-94DC-7492FC151F15}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Age of Empires® III: Complete Collection (HKLM\...\Steam App 105450) (Version: - Ensemble Studios)
Amnesia: A Machine for Pigs (HKLM-x32\...\Steam App 239200) (Version: - The Chinese Room)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Audient USB Audio Driver v3.20.0 (HKLM-x32\...\Software_Audient_audientusbaudio_Setup) (Version: 3.20.0 - Audient)
Avid Core Runtime (HKLM-x32\...\{29E44AFF-790B-46B8-8CA6-A0EE6EFC9D7A}) (Version: 6.1.0 - Avid Technology, Inc.)
Avid DIO Runtime (HKLM-x32\...\{15E44F0D-2B0E-4F2E-B931-920F4D8D2DCA}) (Version: 6.1.0 - Avid Technology, Inc.)
Avid Effects (HKLM-x32\...\{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}) (Version: 10.3.7 - Avid Technology, Inc.)
Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 10.3.7 - Avid Technology, Inc.)
Avid HEAT (HKLM-x32\...\{82C04FF2-7662-4F8E-B6BE-85B40520AE6A}) (Version: 10.2.0 - Avid Technology, Inc.)
Avid Pro Tools (HKLM-x32\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3.7 - Avid Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BullGuard Internet Security (HKLM\...\BullGuard) (Version: 16.0 - BullGuard Ltd.)
Bully: Scholarship Edition (HKLM-x32\...\Steam App 12200) (Version: - Rockstar New England)
Call of Duty: Black Ops - Multiplayer (HKLM\...\Steam App 42710) (Version: - Treyarch)
Call of Duty: Black Ops (HKLM\...\Steam App 42700) (Version: - Treyarch)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Commandos Ammo Pack (HKLM-x32\...\GOGPACKCOMMANDOS1_is1) (Version: 2.0.0.19 - GOG.com)
Crazy Taxi (HKLM-x32\...\Steam App 71230) (Version: - SEGA)
Custom Shop version 1.6.1 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.6.1 - IK Multimedia)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deus Ex - Invisible War (HKLM-x32\...\GOGPACKDEUSEX2_is1) (Version: 2.0.0.8 - GOG.com)
Deus Ex GOTY (HKLM-x32\...\GOGPACKDEUSEX_is1) (Version: 2.0.0.11 - GOG.com)
Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version: - Ion Storm)
Deus Ex: Revision (HKLM-x32\...\Steam App 397550) (Version: - Caustic Creative)
DOOM (HKLM\...\Steam App 379720) (Version: - id Software)
Door Kickers (HKLM-x32\...\Steam App 248610) (Version: - KillHouse Games)
Downfall Redux (HKLM-x32\...\1455298654_is1) (Version: 2.0.0.2 - GOG.com)
Duke Nukem - Manhattan Project (HKLM-x32\...\GOGPACKDUKEMANHATAN_is1) (Version: 2.0.0.12 - GOG.com)
Duke Nukem 3D (HKLM-x32\...\GOGPACKDUKE3D_is1) (Version: 2.0.0.85 - GOG.com)
Duke3D (HKLM\...\{b5f456c9-720b-410c-8b24-59e92772053b}.sdb) (Version: - )
Dungeon Siege 2 (HKLM-x32\...\Steam App 39200) (Version: - Gas Powered Games)
E-License Manager (HKLM-x32\...\E-License Manager) (Version: 1.4.0.0 - Best Service)
E-License Manager (Version: 1.4.0.0 - Magix) Hidden
Engine 2 (HKLM-x32\...\Engine 2) (Version: 2.5.0.73 - Best Service)
Engine 2 (Version: 2.5.0.73 - Best Service) Hidden
Epic Games Launcher (HKLM-x32\...\{A1C97AE7-FB6B-425F-B75B-7A16E1E5639D}) (Version: 1.1.52.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version: - Mode 7)
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Helix Versioning Engine (HKLM\...\{F8466CD6-8BBA-4AF6-B03C-47D66288D5A1}) (Version: 151.120.4891 - Perforce Software)
Hitman - Contracts (HKLM-x32\...\GOGPACKHITMAN3_is1) (Version: 2.0.0.11 - GOG.com)
Hitman Codename 47 (HKLM-x32\...\GOGPACKANHITMAN1_is1) (Version: 2.0.0.13 - GOG.com)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive)
IK Multimedia Authorization Manager version 1.0.14 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.14 - IK Multimedia)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JBridge (HKLM-x32\...\JBridge) (Version: - JBridge)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Leisure Suit Larry - Magna Cum Laude (HKLM-x32\...\{A31289C6-04EF-4437-A35B-7CC96167145C}) (Version: 1.00.0001 - )
Leisure Suit Larry - Reloaded (HKLM-x32\...\1207659243_is1) (Version: 2.1.0.11 - GOG.com)
Leisure Suit Larry- Magna Cum Laude (HKLM-x32\...\GOGPACKLARRYMCL_is1) (Version: 2.0.0.3 - GOG.com)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version: - NetherRealm Studios)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MusicLab RealEight (32-bit) (x32 Version: 1.0.0.7183 - MusicLab, Inc.) Hidden
MusicLab RealEight (64-bit) (Version: 1.0.0.7183 - MusicLab, Inc.) Hidden
MusicLab RealEight (HKLM-x32\...\{550309f3-2bc9-43a7-8091-faaf92edb69f}) (Version: 1.0.0.7183 - MusicLab, Inc.)
MusicLab RealEight Sound Bank (x32 Version: 1.0.0.7183 - MusicLab, Inc.) Hidden
Narcissu 1st & 2nd (HKLM-x32\...\Steam App 264380) (Version: - stage-nana)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (HKLM-x32\...\Native Instruments Guitar Rig Mobile I/O) (Version: - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.6.5.13 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.0.4 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
NETGEAR WNA1100 wireless USB 2.0 driver (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.2.0.2 - NETGEAR)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.1 - Black Tree Gaming)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version: - No More Room in Hell Team)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.11.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.11.45 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
ORION: Prelude (HKLM\...\Steam App 104900) (Version: - Trek Industries, Inc)
Overgrowth (HKLM-x32\...\Steam App 25000) (Version: - Wolfire)
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.0.0.0256 - PACE Anti-Piracy, Inc.)
Postal 2 (HKLM-x32\...\1207658755_is1) (Version: 2.1.0.10 - GOG.com)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.4 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
Room EQ Wizard 5.14 (HKLM-x32\...\4549-9647-2313-4375) (Version: 5.14 - John Mulcahy)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition)
SampleTank 3 version 3.6.0 (HKLM\...\{4A5CE684-33A5-4EE6-AB22-4B92D92D37D8}_is1) (Version: 3.6.0 - IK Multimedia)
SampleTank FREE (HKLM-x32\...\{6559654F-2F38-491F-8411-211517C3E635}) (Version: 2.5.5 - IK Multimedia)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - )
Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version: - Croteam)
Shadow Man (HKLM-x32\...\1207659713_is1) (Version: 2.1.0.5 - GOG.com)
Shadow Warrior (HKLM-x32\...\Steam App 233130) (Version: - Flying Wild Hog)
ShadowMan (HKLM-x32\...\ShadowMan) (Version: - )
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.11.45 - NVIDIA Corporation) Hidden
Skyrim Script Extender (SKSE) (HKLM-x32\...\Steam App 365720) (Version: - The SKSE Team)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version: - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Speech Ananlyzer 3.1 (HKLM-x32\...\{D99E9365-BB4F-4430-875C-BD5516EE92DA}) (Version: 3.1 - SIL International, Inc)
Spotify (HKU\S-1-5-21-366135555-2470553269-3306163725-1000\...\Spotify) (Version: 1.0.47.13.gd8e05b1f - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StrongholdCrusader (HKLM\...\{5a56ddf5-f2fd-4a53-b852-909002f9df30}.sdb) (Version: - )
Sugar Bytes WOW2 Demo 2.1.1 (HKLM\...\WOW2_is1) (Version: 2.1.1 - Sugar Bytes)
Superior Drummer 64-bit (HKLM\...\{0E54CF79-AE40-409E-9253-9563418C730C}) (Version: 2.4.1 - Toontrack)
Superior Drummer Installer (HKLM-x32\...\{009AC76E-1A66-4682-82B7-417E77F3C648}) (Version: 2.0.1 - Toontrack)
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version: - Berserk Games)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Evil Within (HKLM-x32\...\Steam App 268050) (Version: - Tango Gameworks)
Tomb Raider (HKLM\...\Steam App 203160) (Version: - Crystal Dynamics)
Toontrack solo (HKLM-x32\...\{5866520C-8857-4986-833A-039F4584C3F7}) (Version: 1.1.1 - Toontrack)
Toribash (HKLM-x32\...\Steam App 248570) (Version: - Nabi Studios)
TSE BOD v2.1.0 (HKLM-x32\...\{C201CB0D-F5E3-476B-BA29-2F834C6171A5}_is1) (Version: v2.1.0 - TSE Audio)
Unreal Development Kit: 2012-07 (HKLM\...\UDK-42e6f4db-e845-4c3f-82b4-15f346b7647e) (Version: - Epic Games, Inc.)
Unreal Tournament 2004 (HKLM-x32\...\GOGPACKUT2004_is1) (Version: 2.0.0.6 - GOG.com)
Unreal Tournament 3 (HKU\S-1-5-21-366135555-2470553269-3306163725-1000\...\InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}) (Version: 1.00.0000 - Epic Games)
Unreal Tournament 3 (x32 Version: 1.00.0000 - Epic Games) Hidden
UT2K4 Voice Packager v1.0.4.6 (HKLM-x32\...\UT2K4 Voice Packager_is1) (Version: - Xtreme Gaming Xperience, LLC)
Viscera Cleanup Detail (HKLM-x32\...\Steam App 246900) (Version: - RuneStorm)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version: - Relic Entertainment)
Waves Complete V9r15 (HKLM-x32\...\{91000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.1.15 - Waves)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.20 beta 4 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.4 - win.rar GmbH)
Worms Clan Wars (HKLM-x32\...\Steam App 233840) (Version: - Team17 Digital Ltd)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-366135555-2470553269-3306163725-1000_Classes\CLSID\{D82589D2-1B7D-7FF1-A355-87431E72C0B9}\InprocServer32 -> no filepath

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1295157C-C24C-4576-946E-0599D63E170D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {24B1E6BF-8A6C-409B-95A0-DE4CB646DBA7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {3195EA84-5783-4A53-8BC6-D1DE86CD6C9A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {36120B84-0E2E-41D1-B6BE-46A404B14EB9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {38244AFF-68AF-4F1E-BF6B-1510C27CF255} - System32\Tasks\{51D1B497-8A59-4917-BAFC-2AD2C67DC18F} => C:\GOG Games\Deus Ex - Invisible War\System\DX2Main.exe [2012-06-04] ()
Task: {4BE172A6-C88E-491C-9D9F-81F4311EB2B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5E1D815B-E999-4BFA-BBB4-430E19810214} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {61BCAA4C-0B27-4965-AD78-26F1A6B8A944} - System32\Tasks\{8FCD0894-FD26-42D5-99C6-0EBAE5C598A4} => pcalua.exe -a "C:\Users\Mark\Desktop\super duper drummer\super drum files\Install\PC\Superior2 Sound Installer.exe" -d "C:\Users\Mark\Desktop\super duper drummer\super drum files\Install\PC"
Task: {6638A13B-272F-4184-A435-C77AC8D67EF3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7454E6C6-C5C8-4B42-86D8-BC3447D74AF8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7D55D3E5-DC3A-4182-951F-1FBB0621CB51} - System32\Tasks\{E37786F8-0DB2-494D-B876-E330CEADF3D1} => pcalua.exe -a "C:\Users\Mark\Desktop\SampleTank_FREE_b\SampleTank_FREE_b\Install SampleTank FREE.exe" -d C:\Users\Mark\Desktop\SampleTank_FREE_b\SampleTank_FREE_b
Task: {80B9A8FA-F985-4C7F-B73F-4AFCEB325EB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {89E735FF-B643-4034-94AD-571159D53C1A} - System32\Tasks\BullGuard\BullGuardUpdate2 => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2016-12-19] (BullGuard Ltd.)
Task: {8E2B4BC5-9FA6-41D8-88F9-72EC4A5D5A7A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {8F25B239-8147-4752-89E3-468E98EB63BD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C085B5AF-6AF7-4D0F-9E88-22659141F3D9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D3DE0BE5-FF98-41D9-A9D5-D17E30FB63FC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FC934114-70D5-4A20-98F6-25DE87B9D358} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {FEBD774C-C67D-47C8-979F-71CF3FA478AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-12-19 13:55 - 2016-12-19 13:55 - 00727320 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2016-12-19 13:55 - 2016-12-19 13:55 - 00084248 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2016-12-19 13:55 - 2016-12-19 13:55 - 00644888 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2014-11-11 13:40 - 2015-03-13 16:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-19 13:55 - 2016-12-19 13:55 - 00644888 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2016-12-19 13:55 - 2016-12-19 13:55 - 00064792 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2016-12-19 13:55 - 2016-12-19 13:55 - 00084248 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2014-03-04 15:23 - 2013-11-02 17:06 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-12-19 13:55 - 2016-12-19 13:55 - 00727320 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2014-11-16 13:51 - 2014-03-19 09:51 - 00316120 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2016-01-26 12:03 - 2015-12-03 15:24 - 06295552 _____ () C:\Program Files\Audient\USBAudioDriver\iD.exe
2015-07-15 22:09 - 2015-07-14 19:06 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-11-16 13:51 - 2014-03-06 16:45 - 00372736 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2016-12-08 16:30 - 2017-01-27 11:21 - 51777648 _____ () C:\Users\Mark\AppData\Roaming\Spotify\libcef.dll
2016-01-26 12:03 - 2015-09-03 09:29 - 00200704 _____ () C:\Program Files\Audient\USBAudioDriver\audientusbaudioapi.dll
2016-12-15 12:30 - 2016-12-08 07:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-15 12:30 - 2016-12-08 07:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-12-08 16:30 - 2017-01-27 11:21 - 01803888 _____ () C:\Users\Mark\AppData\Roaming\Spotify\libglesv2.dll
2016-12-08 16:30 - 2017-01-27 11:21 - 00086128 _____ () C:\Users\Mark\AppData\Roaming\Spotify\libegl.dll
2014-11-11 13:31 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [1]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [1]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [1]
AlternateDataStreams: C:\Users\Mark\Local Settings:SrzdpEDZ4n9Bkrhv1GveFbU [2534]
AlternateDataStreams: C:\Users\Mark\AppData\Local:SrzdpEDZ4n9Bkrhv1GveFbU [2534]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Application Data:SrzdpEDZ4n9Bkrhv1GveFbU [2534]
AlternateDataStreams: C:\Users\Mark\AppData\Local\JfzJRGueM46qZ:8TXUjmBilZyPptLEC [2008]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Temp:b7qXxbqTbYWneAuCuejvU [2402]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Temp:EyajXVarKQMW3gvXYTKRojrWv [2422]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Temp:ragXzDyd97H1yzXHkVrwwdw [2346]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Temp:XxRF4J8zmz2AxOZoq6TYF [2130]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\amazon.co.uk -> hxxps://amazon.co.uk
IE trusted site: HKU\S-1-5-21-366135555-2470553269-3306163725-1000\...\amazon.co.uk -> hxxps://amazon.co.uk

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2015-09-29 11:17 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-366135555-2470553269-3306163725-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Spotify => "C:\Users\Mark\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{F79FCF57-FBAD-4850-9B86-A96C3A86C756}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0723B56A-D09C-4738-9060-3FA596F64EA6}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{48E9DE8E-ADB2-4EC2-83A0-EBBD02E2BA60}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3A7AEAC9-62AE-4F86-8706-0176A018C727}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3A5C8052-EFB9-4D37-897E-95B09A5683C1}] => C:\Program Files (x86)\Steam\steamapps\common\DoorKickers\DoorKickers.exe
FirewallRules: [{0FDCD3FB-F259-45E9-B1ED-487B6589A188}] => C:\Program Files (x86)\Steam\steamapps\common\DoorKickers\DoorKickers.exe
FirewallRules: [{3009162B-175A-40C0-AEF2-D65BF3F9A3F8}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{7EC6ACC7-103A-4103-B3F7-EB16A88AAA99}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{642F625D-378B-42C7-87EB-3396C8F7A958}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{61363FF8-45C4-446C-ACA5-CF5C4A7FDE79}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{0577D119-7BD1-4334-B6C0-1332C513D253}] => C:\Program Files (x86)\Steam\steamapps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{021AD885-CD64-4BC4-93B5-440B4A277CBB}] => C:\Program Files (x86)\Steam\steamapps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{8447CEFA-C941-44D4-9F03-FA4C5197C94A}] => C:\Program Files (x86)\Steam\steamapps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [{05404C48-C63A-4F0B-8B85-44B57C24160F}] => C:\Program Files (x86)\Steam\steamapps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [TCP Query User{7CEC1BED-A231-4207-92C5-DAB89681670E}C:\users\mark\appdata\roaming\spotify\spotify.exe] => C:\users\mark\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E047D36D-AB5A-4DC7-A87D-BB4CEF1689D1}C:\users\mark\appdata\roaming\spotify\spotify.exe] => C:\users\mark\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E16FC8BE-E1CC-43DC-891C-28A3F9B7793C}] => C:\Program Files (x86)\Steam\steamapps\common\Toribash\toribash.exe
FirewallRules: [{0C6484EE-F475-4B0F-9C35-B9F1541CF301}] => C:\Program Files (x86)\Steam\steamapps\common\Toribash\toribash.exe
FirewallRules: [{9A4FFB37-2CEA-40F9-A112-E7B628DB98EC}] => C:\Program Files (x86)\Unreal Tournament 3\Binaries\UT3.exe
FirewallRules: [{BFAB9785-613B-43AE-BD8C-8DC04336B15A}] => C:\Program Files (x86)\Unreal Tournament 3\Binaries\UT3.exe
FirewallRules: [{6F096A56-FE90-4056-8605-4AADC0741C00}] => C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{07017B20-2D62-4AC1-876B-AF7934B4EA0B}] => C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{DB8955F1-3EDD-4DDA-9049-7353ABF9A924}] => C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{2375E01B-F179-47C7-A844-FBF71B1A58BE}] => C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{19E8829D-D10E-4E29-8F0F-BD8F592CF90D}] => C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{82F8883D-2767-4DFD-8B46-79E2EC9AC66A}] => C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{E9CDEDED-447F-4E83-B338-44B65CFB220F}] => C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{72ACCD2B-055A-4EAF-A77F-4099694C5ACD}] => C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{D92B3967-38C2-4245-A5C1-7B80B422DCFD}] => C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{C3DA496A-BF3D-4F2A-88CD-3423A2ADB7DF}] => C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{683CD2C3-5A79-4891-991C-43104BDFA0C3}] => C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{446CDD8D-DB26-4B67-8580-50A7382A1F93}] => C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{DB08185D-8034-4ED6-84B6-3D3D41A93EB4}] => C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{A8A89D0A-CCCF-42BD-BD60-D5C10492A242}] => C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{05A04738-A453-4134-8B74-C536ABBC2B0C}] => C:\Program Files (x86)\Steam\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{5865EC54-65A9-4780-A9E8-1FBB2774E4E5}] => C:\Program Files (x86)\Steam\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{DE8FFC9E-62BA-4DF5-B3DC-12D209617AC7}] => C:\Program Files (x86)\Steam\steamapps\common\Machine for Pigs\aamfp.exe
FirewallRules: [{8DC6FA2E-E849-4D2C-989B-8C91C5222DCC}] => C:\Program Files (x86)\Steam\steamapps\common\Machine for Pigs\aamfp.exe
FirewallRules: [{CD956855-91CE-4253-BD02-B903096763A0}] => C:\Program Files (x86)\Steam\steamapps\common\Machine for Pigs\Launcher.exe
FirewallRules: [{111B6070-F111-48B1-AD8C-1510582B629F}] => C:\Program Files (x86)\Steam\steamapps\common\Machine for Pigs\Launcher.exe
FirewallRules: [{EE057731-351F-43E7-941F-1CD8B01888CE}] => C:\Program Files (x86)\Steam\steamapps\common\Dungeon Siege 2\DungeonSiege2.exe
FirewallRules: [{DCBA62C6-27E1-43FC-96BA-84F17ED120A9}] => C:\Program Files (x86)\Steam\steamapps\common\Dungeon Siege 2\DungeonSiege2.exe
FirewallRules: [{891253E5-2621-46D8-8B57-E9B61081E6EA}] => C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{0E7F83B4-D725-4884-B839-EDAC8E2041B6}] => C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{4F5F8E92-6C58-43D4-9C51-BC45320AAB04}] => C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{02EB2FDF-86D4-4628-AF76-571A5A5474AD}] => C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{48DCAA06-78B1-4C10-8AC0-B8F25B9D9685}] => C:\Program Files (x86)\Steam\steamapps\common\narcissu2\narci2.exe
FirewallRules: [{0AF6B668-EDB2-4AAB-B34B-6466877FCAE3}] => C:\Program Files (x86)\Steam\steamapps\common\narcissu2\narci2.exe
FirewallRules: [{69DA4BDF-B34B-49B4-95F1-4D3F337E28D4}] => C:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{8DAB8911-6388-496B-9BB7-F69BF086A7BF}] => C:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{8B78E594-6703-4CE6-A4A4-44A5807BEC45}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{550CD175-73D4-45A6-9376-6F8CAC740A5D}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8AA0A079-8DA0-4CC2-8B99-EE32CE05C0F6}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1615D08D-B5D3-4687-955D-F7AB2F4F81D2}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{07CF8EEB-3A9F-4F49-878E-A9CCE58C6155}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{07CBE1B2-4513-44A9-8197-82156EFD34F5}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A43C789C-8EB1-4F25-8E7A-A17F776A69DB}] => LPort=2869
FirewallRules: [{35AC8500-0B7C-42F4-B1B1-ABD158FAE781}] => LPort=1900
FirewallRules: [{A55C83A2-BB1E-41F8-BF7D-7D3C4CC9986A}] => C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{99228AFC-CD3D-4FB2-AA1D-110E2ED66B83}] => C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{4C376C82-D1CE-48E3-85F5-64B1B91E874B}] => C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\Revision.exe
FirewallRules: [{A1C66229-DEBE-4491-8FE2-38D64385D868}] => C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\Revision.exe
FirewallRules: [{BBFFDE06-63BB-41C3-A364-74A8793D8E19}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9A6310F2-7895-4E2C-94A4-86FC7C7A3940}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2D55E4C2-786C-4C8C-A977-65C0112D19F7}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{302A3148-9406-4962-A02A-F8C3F7E191F9}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{66356982-29EA-4FE5-A475-077FD4589B06}] => C:\Program Files (x86)\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [{0CA81502-C2E6-4BAA-ADA4-2454B50F0A12}] => C:\Program Files (x86)\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [{155512C4-8DB3-49A8-AC38-50CB2AA1F3E5}] => C:\Program Files (x86)\Steam\steamapps\common\TheEvilWithin\EvilWithin.exe
FirewallRules: [{D521BE25-0AE7-44D4-B89F-0367BD7CCEBC}] => C:\Program Files (x86)\Steam\steamapps\common\TheEvilWithin\EvilWithin.exe
FirewallRules: [{4BF0ABC4-8D11-45CE-89B0-7D2114339735}] => C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{D06FE9C3-7CB4-40F8-B13C-5ACC53E461A2}] => C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C708039F-6E38-4451-8EF6-6E67B71A2641}] => C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{93CA5D44-1571-4122-8047-8F50B8EBDD87}] => C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{3BEC4729-943A-489E-A7CF-FABF8C07929B}] => C:\Program Files (x86)\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{BACB3AC0-0557-4C11-B0CC-83E1D3E4B089}] => C:\Program Files (x86)\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{B5B9586D-912C-4011-BF51-DFC76D02E529}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{DF655CF6-9C69-4071-A9DA-CF71CDF6224E}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{722758E9-FA16-470C-BFE0-E5BD88033465}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{51CBE5E1-20DA-4E1F-9438-5F4FCC437541}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{A6847172-D249-456D-8ACB-EEDFF9C9948A}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{7F745BD8-7E6F-4272-BCFE-2A886FF09B12}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{A8EF8B3E-7F65-4343-AA95-22096659D43F}] => C:\Program Files (x86)\Steam\steamapps\common\Crazy Taxi\AppLauncher.exe
FirewallRules: [{B3A0F255-AE43-41AB-9B2E-0227750D5636}] => C:\Program Files (x86)\Steam\steamapps\common\Crazy Taxi\AppLauncher.exe
FirewallRules: [{892270AF-1854-4CE5-9AAC-A954561FDEBD}] => C:\Program Files (x86)\Steam\steamapps\common\Frozen Synapse\FrozenSynapse.exe
FirewallRules: [{8921F91C-E635-4EB3-A4E4-F59EEE01C769}] => C:\Program Files (x86)\Steam\steamapps\common\Frozen Synapse\FrozenSynapse.exe
FirewallRules: [TCP Query User{3966AC40-5656-474B-813D-D1352CA1EE07}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{CCA87AF7-9839-4FE5-A764-58C1EC06D654}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{44A58767-49A3-47CB-B2DD-94D6A9890E20}C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-shipping.exe] => C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [UDP Query User{68E9B77F-509C-4C57-BF67-06468B0B1B53}C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-shipping.exe] => C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [{7FDDCA4A-19C2-4DEB-9F11-06D3C429249D}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{989131D3-9274-46C5-987D-A88E813FD53F}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{57D14194-AB6C-403E-BD33-4D5322D3D123}] => C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{7E92916E-FFED-4724-B503-E58ED976EAF8}] => C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{91A551C4-E4BC-491D-8CF7-1578B40E4F75}] => C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops\BlackOps.exe
FirewallRules: [{62E652D7-1BF5-4E1F-BF25-EEC881184F70}] => C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops\BlackOps.exe
FirewallRules: [{ABCE931F-8FA3-4F65-82B9-64AF3C6F4C99}] => C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [{F5BA5385-806D-40EB-BA97-9EB5450E924B}] => C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [{B3F4049D-212C-4988-BDBE-DCD4FA91493F}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D80AA5EF-40E5-4586-9F3A-C17DC2AE6D1E}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FC22A9B9-929D-4BCA-8749-7786DFE8F4A7}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{AE40D00F-9528-4F81-BF52-B1B516B0D082}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{A566C160-EABE-4EBB-A814-A1B816C6ED6C}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{B7EA09B7-E893-489B-80BD-228C085B33D7}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{B8A8AD83-665C-4ACC-A5B1-2019F600120A}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{13AEB1DC-19EA-48D3-BC65-ED641443495E}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{B0557032-2371-466B-A992-7AD35F4ED38F}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{0BA0776C-9FE1-4307-9BFE-6C9A86225EB4}] => C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{C6B306EA-2DFC-4480-98EC-B16F33651742}] => C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{8C3089ED-1CA0-4EEE-85FE-918FC0E3884F}] => C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{1255CFAD-8B25-4C74-A841-B92D51627971}] => C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{ACC0E8C9-A303-40D3-B48F-04FE5434979C}] => C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{99A352E3-8368-4AEA-9991-3043902060F3}] => C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{F50675A4-ACB9-4E5F-AAF5-D9C5A5421BF8}] => C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{56CFAD38-E7E6-4CC1-9DCF-7C403EF1FC28}] => C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{AFB7E2DA-5160-4E9A-9F30-C486CD68EDB1}] => C:\Program Files (x86)\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{AB9C0F6A-ABBF-4197-8B29-A57F0C354CA2}] => C:\Program Files (x86)\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{2422C5EC-3D05-4D9E-971F-7D33E80D6CCD}] => C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{6C933303-8178-4C62-A99D-05115A65B7CA}] => C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe

==================== Restore Points =========================

04-11-2016 18:32:22 Installed DirectX
05-11-2016 14:27:23 Installed DirectX
09-11-2016 19:35:38 Windows Update
15-12-2016 00:43:21 Windows Update
25-12-2016 22:19:47 Installed DirectX
25-12-2016 23:28:47 Installed DirectX 9.0
09-01-2017 21:14:00 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
09-01-2017 21:14:47 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
09-01-2017 21:53:50 Device Driver Package Install: Native Instruments GmbH Storage controllers
12-01-2017 01:09:27 Windows Update
14-01-2017 19:45:27 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210
14-01-2017 19:46:26 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
14-01-2017 19:47:05 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
14-01-2017 19:48:06 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/30/2017 04:49:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ProTools.exe, version: 10.3.4.181, time stamp: 0x51330148
Faulting module name: digitalio.dll, version: 6.1.0.14500, time stamp: 0x4c7358e4
Exception code: 0xc0000005
Fault offset: 0x0000b596
Faulting process id: 0x108
Faulting application start time: 0x01d27b149c5acd1d
Faulting application path: C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe
Faulting module path: C:\Program Files (x86)\Common Files\Avid\digitalio.dll
Report Id: 0817d1aa-e70c-11e6-9636-74d435d74a2b

Error: (01/30/2017 03:40:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ProTools.exe version 10.3.4.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1938

Start Time: 01d27b0db30f2086

Termination Time: 21

Application Path: C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe

Report Id: 55d8f9af-e702-11e6-92cc-74d435d74a2b

Error: (01/30/2017 03:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ProTools.exe, version: 10.3.4.181, time stamp: 0x51330148
Faulting module name: digitalio.dll, version: 6.1.0.14500, time stamp: 0x4c7358e4
Exception code: 0xc0000005
Fault offset: 0x0000b596
Faulting process id: 0x1dc8
Faulting application start time: 0x01d27b0d71e14c14
Faulting application path: C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe
Faulting module path: C:\Program Files (x86)\Common Files\Avid\digitalio.dll
Report Id: ecad4f8b-e700-11e6-92cc-74d435d74a2b

Error: (01/30/2017 03:15:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ProTools.exe, version: 10.3.4.181, time stamp: 0x51330148
Faulting module name: digitalio.dll, version: 6.1.0.14500, time stamp: 0x4c7358e4
Exception code: 0xc0000005
Fault offset: 0x0000b596
Faulting process id: 0x1fd4
Faulting application start time: 0x01d27b0a7f84a155
Faulting application path: C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe
Faulting module path: C:\Program Files (x86)\Common Files\Avid\digitalio.dll
Report Id: e218c54e-e6fe-11e6-92cc-74d435d74a2b

Error: (01/28/2017 04:11:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10078

Error: (01/28/2017 04:11:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10078

Error: (01/28/2017 04:11:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/28/2017 04:11:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9002

Error: (01/28/2017 04:11:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9002

Error: (01/28/2017 04:11:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (01/30/2017 05:54:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (01/30/2017 04:15:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 16:13:03 on ‎30/‎01/‎2017 was unexpected.

Error: (01/30/2017 12:10:53 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 00:09:09 on ‎30/‎01/‎2017 was unexpected.

Error: (01/30/2017 12:03:46 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (01/30/2017 12:00:00 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (01/29/2017 11:57:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 23:55:44 on ‎29/‎01/‎2017 was unexpected.

Error: (01/29/2017 01:29:57 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 01:03:56 on ‎29/‎01/‎2017 was unexpected.

Error: (01/28/2017 05:56:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSWNA1100 service.

Error: (01/28/2017 01:30:14 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: Unable to initialize the security package Basic for server side authentication. The data field contains the error number.

Error: (01/28/2017 01:30:14 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: Unable to initialize the security package Negotiate for server side authentication. The data field contains the error number.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 55%
Total physical RAM: 8053.92 MB
Available physical RAM: 3545.51 MB
Total Virtual: 16106.02 MB
Available Virtual: 10680.03 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:931.02 GB) (Free:240.95 GB) NTFS
Drive d: (APOCALYPTO) (CDROM) (Total:7.75 GB) (Free:0 GB) UDF
Drive f: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1682.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BF4817BF)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 09A39BF8)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-01-31 18:38:56
-----------------------------
18:38:56.810 OS Version: Windows x64 6.1.7601 Service Pack 1
18:38:56.810 Number of processors: 4 586 0x3C03
18:38:56.810 ComputerName: WIN-7Q0K2TFJBH6 UserName: Mark
18:39:02.245 Initialize success
18:39:02.290 VM: initialized successfully
18:39:02.291 VM: Intel CPU supported
18:39:07.218 VM: supported disk I/O ataport.SYS
18:45:45.957 AVAST engine defs: 17010903
18:45:50.533 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"

Juliet

2017-01-31, 22:52

Please go to add/remove programs and uninstall the version of Java below. Very out dated and exploited.
Later, we can download the most current version.
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)

~~~~~~~~~~~~~~~~~~~~~~~~~~
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

start
CreateRestorePoint:
CloseProcesses:
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation)
C:\Users\Mark\keFIR_v1.64.dll
C:\Users\Mark\keFIR_v1_2ch.64.dll
C:\Users\Mark\OMB2.64.dll
C:\Users\Mark\WOW2.64.dll
CustomCLSID: HKU\S-1-5-21-366135555-2470553269-3306163725-1000_Classes\CLSID\{D82589D2-1B7D-7FF1-A355-87431E72C0B9}\InprocServer32 -> no filepath
Task: {3195EA84-5783-4A53-8BC6-D1DE86CD6C9A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {36120B84-0E2E-41D1-B6BE-46A404B14EB9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5E1D815B-E999-4BFA-BBB4-430E19810214} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6638A13B-272F-4184-A435-C77AC8D67EF3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7454E6C6-C5C8-4B42-86D8-BC3447D74AF8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8F25B239-8147-4752-89E3-468E98EB63BD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C085B5AF-6AF7-4D0F-9E88-22659141F3D9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D3DE0BE5-FF98-41D9-A9D5-D17E30FB63FC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FC934114-70D5-4A20-98F6-25DE87B9D358} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {FEBD774C-C67D-47C8-979F-71CF3FA478AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [1]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [1]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [1]
AlternateDataStreams: C:\Users\Mark\Local Settings:SrzdpEDZ4n9Bkrhv1GveFbU [2534]
AlternateDataStreams: C:\Users\Mark\AppData\Local:SrzdpEDZ4n9Bkrhv1GveFbU [2534]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Application Data:SrzdpEDZ4n9Bkrhv1GveFbU [2534]
AlternateDataStreams: C:\Users\Mark\AppData\Local\JfzJRGueM46qZ:8TXUjmBilZyPptLEC [2008]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Temp:b7qXxbqTbYWneAuCuejvU [2402]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Temp:EyajXVarKQMW3gvXYTKRojrWv [2422]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Temp:ragXzDyd97H1yzXHkVrwwdw [2346]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Temp:XxRF4J8zmz2AxOZoq6TYF [2130]
EmptyTemp:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
End

Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
In order to use AdwCleaner, you have to agree the Eula:
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~
please post
Fixlog.txt
AdwCleaner[C1].txt
JRT.txt

Marcus

2017-02-01, 23:57

Hello there.

Here is the fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Mark (01-02-2017 20:51:04) Run:1
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark (Available Profiles: Mark)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation)
C:\Users\Mark\keFIR_v1.64.dll
C:\Users\Mark\keFIR_v1_2ch.64.dll
C:\Users\Mark\OMB2.64.dll
C:\Users\Mark\WOW2.64.dll
CustomCLSID: HKU\S-1-5-21-366135555-2470553269-3306163725-1000_Classes\CLSID\{D82589D2-1B7D-7FF1-A355-87431E72C0B9}\InprocServer32 -> no filepath
Task: {3195EA84-5783-4A53-8BC6-D1DE86CD6C9A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {36120B84-0E2E-41D1-B6BE-46A404B14EB9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5E1D815B-E999-4BFA-BBB4-430E19810214} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6638A13B-272F-4184-A435-C77AC8D67EF3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7454E6C6-C5C8-4B42-86D8-BC3447D74AF8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8F25B239-8147-4752-89E3-468E98EB63BD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C085B5AF-6AF7-4D0F-9E88-22659141F3D9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D3DE0BE5-FF98-41D9-A9D5-D17E30FB63FC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FC934114-70D5-4A20-98F6-25DE87B9D358} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {FEBD774C-C67D-47C8-979F-71CF3FA478AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [1]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [1]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [1]
AlternateDataStreams: C:\Users\Mark\Local Settings:SrzdpEDZ4n9Bkrhv1GveFbU [2534]
AlternateDataStreams: C:\Users\Mark\AppData\Local:SrzdpEDZ4n9Bkrhv1GveFbU [2534]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Application Data:SrzdpEDZ4n9Bkrhv1GveFbU [2534]
AlternateDataStreams: C:\Users\Mark\AppData\Local\JfzJRGueM46qZ:8TXUjmBilZyPptLEC [2008]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Temp:b7qXxbqTbYWneAuCuejvU [2402]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Temp:EyajXVarKQMW3gvXYTKRojrWv [2422]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Temp:ragXzDyd97H1yzXHkVrwwdw [2346]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Temp:XxRF4J8zmz2AxOZoq6TYF [2130]
EmptyTemp:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B69F34DD-F0F9-42DC-9EDD-957187DA688D} => key removed successfully
HKCR\Wow6432Node\CLSID\{B69F34DD-F0F9-42DC-9EDD-957187DA688D} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.77.2 => key not found.
C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll => not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.77.2 => key not found.
C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll => not found.
C:\Users\Mark\keFIR_v1.64.dll => moved successfully
C:\Users\Mark\keFIR_v1_2ch.64.dll => moved successfully
C:\Users\Mark\OMB2.64.dll => moved successfully
C:\Users\Mark\WOW2.64.dll => moved successfully
HKU\S-1-5-21-366135555-2470553269-3306163725-1000_Classes\CLSID\{D82589D2-1B7D-7FF1-A355-87431E72C0B9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3195EA84-5783-4A53-8BC6-D1DE86CD6C9A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3195EA84-5783-4A53-8BC6-D1DE86CD6C9A} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36120B84-0E2E-41D1-B6BE-46A404B14EB9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36120B84-0E2E-41D1-B6BE-46A404B14EB9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E1D815B-E999-4BFA-BBB4-430E19810214} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E1D815B-E999-4BFA-BBB4-430E19810214} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6638A13B-272F-4184-A435-C77AC8D67EF3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6638A13B-272F-4184-A435-C77AC8D67EF3} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7454E6C6-C5C8-4B42-86D8-BC3447D74AF8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7454E6C6-C5C8-4B42-86D8-BC3447D74AF8} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8F25B239-8147-4752-89E3-468E98EB63BD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F25B239-8147-4752-89E3-468E98EB63BD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C085B5AF-6AF7-4D0F-9E88-22659141F3D9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C085B5AF-6AF7-4D0F-9E88-22659141F3D9} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3DE0BE5-FF98-41D9-A9D5-D17E30FB63FC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3DE0BE5-FF98-41D9-A9D5-D17E30FB63FC} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC934114-70D5-4A20-98F6-25DE87B9D358} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC934114-70D5-4A20-98F6-25DE87B9D358} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FEBD774C-C67D-47C8-979F-71CF3FA478AD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FEBD774C-C67D-47C8-979F-71CF3FA478AD} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend => key removed successfully
C:\ProgramData => ":482EE99B1E21CE8C" ADS removed successfully.
"C:\Users\All Users" => ":482EE99B1E21CE8C" ADS not found.
"C:\ProgramData\Application Data" => ":482EE99B1E21CE8C" ADS not found.
C:\Users\Mark\Local Settings => ":SrzdpEDZ4n9Bkrhv1GveFbU" ADS removed successfully.
"C:\Users\Mark\AppData\Local" => ":SrzdpEDZ4n9Bkrhv1GveFbU" ADS not found.
"C:\Users\Mark\AppData\Local\Application Data" => ":SrzdpEDZ4n9Bkrhv1GveFbU" ADS not found.
C:\Users\Mark\AppData\Local\JfzJRGueM46qZ => ":8TXUjmBilZyPptLEC" ADS removed successfully.
C:\Users\Mark\AppData\Local\Temp => ":b7qXxbqTbYWneAuCuejvU" ADS removed successfully.
C:\Users\Mark\AppData\Local\Temp => ":EyajXVarKQMW3gvXYTKRojrWv" ADS removed successfully.
C:\Users\Mark\AppData\Local\Temp => ":ragXzDyd97H1yzXHkVrwwdw" ADS removed successfully.
C:\Users\Mark\AppData\Local\Temp => ":XxRF4J8zmz2AxOZoq6TYF" ADS removed successfully.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

========= End of Reg: =========

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 61281290 B
Java, Flash, Steam htmlcache => 398746805 B
Windows/system/drivers => 74019032 B
Edge => 0 B
Chrome => 702776143 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 21250048 B
systemprofile32 => 128 B
LocalService => 0 B
NetworkService => 0 B
Mark => 584272231 B

RecycleBin => 389805068 B
EmptyTemp: => 2.1 GB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 20:58:22 ====

And the ADW Clean log:

# AdwCleaner v6.043 - Logfile created 01/02/2017 at 21:43:41
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-01.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Mark - WIN-7Q0K2TFJBH6
# Running from : C:\Users\Mark\Downloads\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support

***** [ Services ] *****

[-] Service deleted: Amazon 1Button App Service

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Mark\AppData\Local\PackageAware
[-] Folder deleted: C:\ProgramData\Auslogics
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Auslogics
[-] Folder deleted: C:\Program Files (x86)\WinZip Driver Updater
[-] Folder deleted: C:\Program Files (x86)\Amazon\Amazon1ButtonApp

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\.bglog
[-] Key deleted: HKLM\SOFTWARE\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO
[-] Key deleted: HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
[-] Key deleted: HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
[-] Key deleted: HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
[-] Key deleted: HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\.bglog
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Amazon1ButtonBrowserHelper.Amazon1ButtonBHO
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.Amazon1ButtonRuntime
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\Amazon1ButtonRuntime.AmazonRuntimeServer
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7F46C358-270D-4791-A579-AD1DDA1A3F7B}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{BAC72C85-CEC6-4B86-AF06-FA20C259FAB8}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6557DB6C-EFE1-45AC-92A6-FBB1554B7502}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E4ADC61E-D06A-4E0E-8582-78C809CC8450}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{EB2BEAEF-150C-4DE4-9D09-F16403C22769}
[-] Key deleted: HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
[-] Key deleted: HKU\S-1-5-21-366135555-2470553269-3306163725-1000\Software\distromatic
[#] Key deleted on reboot: HKCU\Software\distromatic
[-] Key deleted: HKLM\SOFTWARE\Auslogics
[#] Key deleted on reboot: [x64] HKCU\Software\distromatic
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3DCCCD6BD02558446B24CF1C63EC213C
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\amazonbrowserapp.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\analytics.app.amazonbrowserapp.com

***** [ Web browsers ] *****

[-] [C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pbjikboenpfhbbejgkoklgkhjpfogcam

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4306 Bytes] - [01/02/2017 21:43:41]
C:\AdwCleaner\AdwCleaner[S0].txt - [4280 Bytes] - [01/02/2017 21:43:18]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4452 Bytes] ##########

And the JRT log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Home Premium x64
Ran by Mark (Administrator) on 01/02/2017 at 21:52:29.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 8

Successfully deleted: C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O6LY0Z0 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IBODH1ZT (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J39U80SF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Mark\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLL23JSX (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2O6LY0Z0 (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IBODH1ZT (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J39U80SF (Temporary Internet Files Folder)
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLL23JSX (Temporary Internet Files Folder)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/02/2017 at 21:57:10.61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet

2017-02-02, 11:01

Let's update and run a scan with Malwarebytes Anti-Malware.

Open Malwarebytes Anti-Malware.

On the Dashboard click on Update Now

Under SETTINGS.....PROTECTION make sure AUTOMATIC QUARANTINE is on.
Then go to the Dashboard and click on SCAN NOW
When the scan is finished click on EXPORT SUMMARY......COPY TO CLIPBOARD
Then come back to this thread and and under REPLY TO THIS TOPIC, right click in the reply and select Paste
Then click on POST

Exit Malwarebytes

How is your computer now?

Marcus

2017-02-02, 18:23

Hello again. My PC seems to be running a lot smoother, thanks!

Here's the Malwarebytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 02/02/2017
Scan Time: 16:54
Logfile:
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2017.02.02.05
Rootkit Database: v2016.11.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mark

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 319627
Time Elapsed: 18 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Juliet

2017-02-02, 18:58

I kinda think we're there but need to run one more scan.

Then if all is OK we'll remove tools and quarantine folders.

Download Emsisoft Emergency Kit (http://www.emsisoft.com/en/software/eek/download/) and save it to your desktop.
Double-click icon then click Install
A Window should open highlighting Start Emergency Kit Scanner
Right click on the icon and select Run as administrator
Click 1. Update now!
Once the update is completed select Settings under Scan
Uncheck Join the Emsisoft Anti-Malware Network
Click Scan at the top
Click On scan completion
Click Quarantine detected objects, then click OK
Click Malware Scan
Once completed click View Report
Save the file to your Desktop using the default file name
Copy and paste the report in your reply

==============

Marcus

2017-02-03, 01:33

Here you go:

Emsisoft Emergency Kit - Version 12.0
Last update: 03/02/2017 00:09:14
User account: WIN-7Q0K2TFJBH6\Mark
Computer name: WIN-7Q0K2TFJBH6
OS version: Windows 7x64 Service Pack 1

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: Off
Scan archives: Off
ADS Scan: On
File extension filter: Off
Direct disk access: Off

Scan start: 03/02/2017 00:13:24

Scanned 88928
Found 0

Scan end: 03/02/2017 00:32:22
Scan time: 0:18:58

Juliet

2017-02-03, 01:37

Ready to remove tools and quarantine folders?

Marcus

2017-02-03, 17:16

I'm ready to start removing things, yes!

Juliet

2017-02-03, 19:23

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

**********

Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP

AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.

Marcus

2017-02-03, 19:36

Awesome! Here's the logfile if you need it. BTW you said something about reinstalling an up-to-date version of java?

# DelFix v1.010 - Logfile created 03/02/2017 at 18:34:38
# Updated 26/04/2015 by Xplode
# Username : Mark - WIN-7Q0K2TFJBH6
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Mark\Desktop\Addition.txt
Deleted : C:\Users\Mark\Desktop\AdwCleaner[C0].txt
Deleted : C:\Users\Mark\Desktop\aswMBR.exe
Deleted : C:\Users\Mark\Desktop\aswMBR.txt
Deleted : C:\Users\Mark\Desktop\Fixlog.txt
Deleted : C:\Users\Mark\Desktop\FRST.txt
Deleted : C:\Users\Mark\Desktop\FRST64.exe
Deleted : C:\Users\Mark\Desktop\JRT.txt
Deleted : C:\Users\Mark\Downloads\adwcleaner_6.043.exe
Deleted : C:\Users\Mark\Downloads\JRT.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

########## - EOF - ##########

Juliet

2017-02-03, 21:51

Awesome! Here's the logfile if you need it. BTW you said something about reinstalling an up-to-date version of java?

here you go
https://java.com/en/download/

Marcus

2017-02-04, 03:53

Got it. Thanks for all your help! :thanks:

Juliet

2017-02-04, 11:25

We're glad to help

safe surfing :)

Juliet

2017-02-06, 14:27

Glad we could help.
Since this issue appears resolved ... this Topic is closed.