Sluggish PC, could be due to malware...
Hello all, my PC performance has been unusually sluggish over the past week with programs that would otherwise run smoothly constantly crashing. I've also downloaded a fair amount of free software (not cracked but freeware) from possibly less than reputable sites so I'm concerned I might have picked up something nasty along the way. Any help would be much appreciated!
Here are my logs, thanks in advance!
FRST64:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-01-2017
Ran by Mark (administrator) on WIN-7Q0K2TFJBH6 (31-01-2017 18:28:45)
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark (Available Profiles: Mark)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Perforce Software Inc.) C:\Program Files\Perforce\Server\p4s.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Spotify Ltd) C:\Users\Mark\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Mark\AppData\Roaming\Spotify\Spotify.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Audient\USBAudioDriver\iD.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\Mark\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Mark\AppData\Roaming\Spotify\Spotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Spotify Ltd) C:\Users\Mark\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2631824 2015-07-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1464088 2016-12-19] (BullGuard Ltd.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-10-08] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595480 2016-03-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-366135555-2470553269-3306163725-1000\...\Run: [Spotify Web Helper] => C:\Users\Mark\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-01-27] (Spotify Ltd)
HKU\S-1-5-21-366135555-2470553269-3306163725-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-366135555-2470553269-3306163725-1000\...\Run: [Spotify] => C:\Users\Mark\AppData\Roaming\Spotify\Spotify.exe [7163504 2017-01-27] (Spotify Ltd)
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-12-19] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-12-19] (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll [2016-12-19] (BullGuard Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iD Autostart.lnk [2016-01-26]
ShortcutTarget: iD Autostart.lnk -> C:\Program Files\Audient\USBAudioDriver\iD.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2D3CB940-41CC-4E40-BB28-C51071C67116}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-366135555-2470553269-3306163725-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-366135555-2470553269-3306163725-1000 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.co.uk/gp/bit/amazonserp/ref=bit_bds-p10_serp_ie_uk_display?ie=UTF8&tagbase=bds-p10&tbrId=v1_abb-channel-10_0_1201_1401_20160324_GB_ie_ds_&tag=bds-p10-serp-uk-ie-21&query={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-03-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-03-24] (Oracle Corporation)
FireFox:
========
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-10] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-03-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-03-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-03-13] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-366135555-2470553269-3306163725-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Mark\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-01-26] (Citrix Online)
Chrome:
=======
CHR HomePage: Default -> amazon.co.uk/gp/bit/amazonserp/?ie=UTF8__PARAM__
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default [2017-01-31]
CHR Extension: (Google Slides) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Adobe Acrobat) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (Google Sheets) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-31]
CHR Extension: (Color Change for Google™) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngnmbchfbnklgpmahdjjkfpklacgmcc [2016-12-12]
CHR Extension: (Emoji Input by EmojiStuff.com) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\immhpnclomdloikkpcefncmfgjbkojmh [2017-01-10]
CHR Extension: (Auto HD For YouTube™) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2016-10-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKU\S-1-5-21-366135555-2470553269-3306163725-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [meagncggdmaklghgpmpljnedbdoepioa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [460472 2016-12-12] (Amazon Inc.)
R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [1540376 2016-12-21] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [705304 2016-12-19] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [184600 2016-12-19] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [487704 2016-12-19] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [860952 2016-12-19] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [5660440 2016-12-19] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [652056 2016-12-19] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [317208 2016-12-19] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [409880 2016-12-19] (BullGuard Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155216 2015-07-14] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 jswpbapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe [271840 2010-03-22] (Atheros Communications, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1871504 2015-07-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544592 2015-07-14] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-25] (Electronic Arts)
R2 Perforce; C:\Program Files\Perforce\Server\p4s.exe [4824320 2015-07-17] (Perforce Software Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [316120 2014-03-19] ()
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 AFW; C:\windows\System32\DRIVERS\afw.sys [52912 2015-06-17] (Agnitum Ltd.)
R3 afwcore; C:\windows\System32\DRIVERS\afwcore.sys [465072 2015-06-17] (Agnitum Ltd.)
R3 audientusbaudio; C:\windows\System32\DRIVERS\audientusbaudio_x64.sys [269312 2015-09-03] ()
R3 audientusbaudioks; C:\windows\System32\DRIVERS\audientusbaudioks_x64.sys [50688 2015-09-03] ()
R1 BdAgent; C:\windows\System32\DRIVERS\BdAgent.sys [174744 2016-09-20] (BullGuard Ltd.)
R3 BdNet; C:\windows\System32\DRIVERS\BdNet.sys [33968 2015-10-09] (BullGuard Ltd.)
R1 BdSpy; C:\windows\System32\drivers\BdSpy.sys [76728 2015-10-09] (BullGuard Ltd.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NIWinCDEmu; C:\windows\System32\DRIVERS\NIWinCDEmu.sys [112408 2016-09-07] ()
R1 NovaShieldFilterDriver; C:\windows\System32\DRIVERS\NSKernel.sys [325752 2016-07-27] (BullGuard Ltd.)
R1 NovaShieldTDIDriver; C:\windows\System32\DRIVERS\NSNetmon.sys [26504 2016-07-27] (BullGuard Ltd.)
R2 npf; C:\windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-07-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\windows\System32\drivers\nvvad64v.sys [47976 2015-07-03] (NVIDIA Corporation)
R3 Trufos; C:\windows\System32\DRIVERS\Trufos.sys [485512 2016-04-14] (BitDefender S.R.L.)
R3 VUSB3HUB; C:\windows\System32\DRIVERS\ViaHub3.sys [233160 2013-01-03] (VIA Technologies, Inc.)
R3 xhcdrv; C:\windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-31 18:28 - 2017-01-31 18:30 - 00020036 _____ C:\Users\Mark\Desktop\FRST.txt
2017-01-31 18:28 - 2017-01-31 18:28 - 00000000 ____D C:\FRST
2017-01-31 18:14 - 2017-01-31 18:14 - 05198336 _____ (AVAST Software) C:\Users\Mark\Desktop\aswMBR.exe
2017-01-31 18:13 - 2017-01-31 18:28 - 02420736 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2017-01-30 17:43 - 2017-01-30 17:44 - 47168360 ____T C:\Users\Mark\Desktop\Drums with Real Toms.wav
2017-01-30 15:23 - 2017-01-30 15:23 - 47168360 ____T C:\Users\Mark\Desktop\Specimen Yarp Drums with Tempo Changes.wav
2017-01-30 15:22 - 2017-01-30 15:22 - 47168360 ____T C:\Users\Mark\Desktop\Specimen Yarp Drums with Demo Guitars.wav
2017-01-30 15:05 - 2017-01-30 15:05 - 47872292 ____T C:\Users\Mark\Desktop\Specimen Yarp Drums 130bpm.wav
2017-01-30 00:08 - 2017-01-30 00:08 - 00000000 ____D C:\Users\Mark\AppData\Local\id Software
2017-01-29 15:18 - 2017-01-29 15:18 - 00007297 _____ C:\Users\Mark\Downloads\Bass MIDI SUFFERCATIONCHAMBER.mid
2017-01-28 22:17 - 2017-01-29 21:49 - 00000222 _____ C:\Users\Mark\Desktop\DOOM.url
2017-01-28 15:50 - 2017-01-28 15:50 - 31449644 ____T C:\Users\Mark\Desktop\Alien Conflict Demo.wav
2017-01-28 14:41 - 2017-01-28 14:41 - 62125288 ____T C:\Users\Mark\Desktop\River of Souls ROUGH DEMO.wav
2017-01-28 14:30 - 2017-01-28 14:30 - 40103784 ____T C:\Users\Mark\Desktop\Perfect Dark Credits Demo.wav
2017-01-24 16:37 - 2017-01-24 16:37 - 34385732 _____ C:\Users\Mark\Downloads\Beryl.wav
2017-01-24 16:31 - 2017-01-24 16:31 - 00180495 _____ C:\Users\Mark\Downloads\Beryl.als
2017-01-23 22:02 - 2017-01-23 22:02 - 01251683 _____ C:\Users\Mark\Downloads\illformed_old_vst_plugins.zip
2017-01-20 14:40 - 2017-01-29 23:55 - 00000000 ____D C:\Users\Mark\Desktop\UBTW - Ableton
2017-01-12 16:25 - 2017-01-12 16:25 - 00000045 _____ C:\Users\Mark\Documents\Ryan Dorset Yahoo Details.txt
2017-01-11 16:46 - 2017-01-05 18:55 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2017-01-11 16:46 - 2017-01-05 18:55 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2017-01-11 16:46 - 2017-01-05 18:52 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00345600 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00123904 _____ (Microsoft Corporation) C:\windows\system32\bcrypt.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2017-01-11 16:46 - 2017-01-05 18:52 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00254464 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcrypt.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2017-01-11 16:46 - 2017-01-05 17:43 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2017-01-11 16:46 - 2017-01-05 17:42 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2017-01-11 16:46 - 2017-01-05 17:32 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2017-01-11 16:46 - 2017-01-05 17:25 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2017-01-11 16:46 - 2017-01-05 17:24 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2017-01-11 16:46 - 2017-01-05 17:24 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2017-01-11 16:46 - 2017-01-05 17:24 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2017-01-11 16:46 - 2017-01-05 17:23 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2017-01-11 16:46 - 2017-01-05 17:19 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2017-01-10 10:34 - 2017-01-10 10:52 - 2709453677 _____ C:\Users\Mark\Downloads\soundiron_olympus_elements_player_edition_1.5.zip
2017-01-09 23:19 - 2017-01-09 23:19 - 00000000 ____D C:\Users\Mark\Downloads\HK Balafon
2017-01-09 22:48 - 2017-01-09 22:48 - 20056454 _____ C:\Users\Mark\Downloads\HK Balafon.zip
2017-01-09 22:43 - 2017-01-09 22:43 - 83939872 _____ C:\Users\Mark\Downloads\Shadowcaste Updated W_Drums.wav
2017-01-09 22:04 - 2017-01-09 22:04 - 00000000 ____D C:\Users\Public\Documents\NI Resources
2017-01-09 22:02 - 2017-01-09 22:02 - 00000000 __HDC C:\ProgramData\{5D37AF22-489A-46B2-9972-806CEC1EDFE2}
2017-01-09 21:58 - 2017-01-09 21:58 - 652066816 _____ C:\Users\Mark\Downloads\Kontakt_Factory_Selection.iso
2017-01-09 21:53 - 2016-09-07 13:26 - 00112408 _____ C:\windows\system32\Drivers\NIWinCDEmu.sys
2017-01-09 21:51 - 2017-01-09 21:51 - 05621520 _____ (Native Instruments GmbH) C:\Users\Mark\Downloads\Kontakt_Factory_Selection_Downloader.exe
2017-01-09 21:18 - 2017-01-09 21:18 - 00000980 _____ C:\Users\Mark\Documents\Kontakt 5.lnk
2017-01-09 21:10 - 2017-01-09 21:10 - 00114900 _____ C:\Users\Mark\Documents\cc_20170109_211008.reg
2017-01-09 20:59 - 2017-01-09 20:59 - 00000000 __HDC C:\ProgramData\{9179C0A4-3D98-4B5D-B8BD-BD155B46E0DD}
2017-01-09 20:56 - 2017-01-09 21:18 - 00000000 __HDC C:\ProgramData\{72F2A743-44A4-4035-BE3B-80C2E67B0CEB}
2017-01-09 20:54 - 2017-01-09 20:54 - 00000000 ____D C:\Users\Mark\Downloads\Kontakt_5_565_PC
2017-01-09 20:49 - 2017-01-09 20:51 - 524116068 _____ C:\Users\Mark\Downloads\Kontakt_5_565_PC.zip
2017-01-09 20:43 - 2017-01-09 20:43 - 00000000 ____D C:\Users\Mark\Downloads\KontaktPlayer4_411_Win
2017-01-09 20:41 - 2017-01-09 20:43 - 379581473 _____ C:\Users\Mark\Downloads\KontaktPlayer4_411_Win.zip
2017-01-09 16:08 - 2017-01-09 16:08 - 00000000 ____D C:\ProgramData\Yellow Tools
2017-01-09 15:28 - 2017-01-09 15:28 - 00000000 ____D C:\Users\Mark\Documents\Best Service
2017-01-09 15:28 - 2017-01-09 15:28 - 00000000 ____D C:\Users\Mark\AppData\Local\Best Service
2017-01-09 15:28 - 2017-01-09 15:28 - 00000000 ____D C:\ProgramData\MAGIX
2017-01-09 15:27 - 2017-01-09 15:27 - 00000984 _____ C:\Users\Mark\Documents\Engine 2.lnk
2017-01-09 15:27 - 2017-01-09 15:27 - 00000000 __HDC C:\ProgramData\{CA777780-A077-49F1-ABDE-9094A2FF0C0A}
2017-01-09 15:27 - 2017-01-09 15:27 - 00000000 __HDC C:\ProgramData\{3937F241-9144-4823-AFFB-BEAF082E554C}
2017-01-09 15:27 - 2017-01-09 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Engine 2
2017-01-09 15:27 - 2017-01-09 15:27 - 00000000 ____D C:\ProgramData\Best Service
2017-01-09 15:27 - 2017-01-09 15:27 - 00000000 ____D C:\Program Files\Best Service
2017-01-09 15:25 - 2017-01-09 15:25 - 00000000 ____D C:\Users\Mark\AppData\Local\PackageAware
2017-01-09 15:15 - 2017-01-09 15:18 - 135332865 _____ C:\Users\Mark\Downloads\Engine_2.5.0.73_win.zip
2017-01-09 15:13 - 2017-01-09 15:55 - 00000000 ____D C:\Users\Mark\Desktop\Forest Kingdom II
2017-01-09 15:11 - 2017-01-09 15:11 - 02163868 _____ C:\Users\Mark\Downloads\Engine_library_installation.zip
2017-01-03 15:32 - 2017-01-03 15:33 - 65017156 _____ C:\Users\Mark\Downloads\Shadowcaste Drums Only.wav
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-01-31 18:30 - 2014-11-15 11:50 - 00000000 ____D C:\ProgramData\BullGuard
2017-01-31 18:15 - 2015-01-18 16:47 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2017-01-31 15:48 - 2014-11-15 16:20 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Spotify
2017-01-31 13:42 - 2009-07-14 04:45 - 00028720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-31 13:42 - 2009-07-14 04:45 - 00028720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-31 13:34 - 2014-11-15 16:26 - 00000000 ____D C:\Users\Mark\AppData\Local\Spotify
2017-01-31 13:30 - 2014-11-15 13:13 - 00000312 _____ C:\windows\system32\config\afw_hm.conf
2017-01-31 13:30 - 2014-11-15 13:13 - 00000004 _____ C:\windows\system32\config\afw_db.conf
2017-01-31 13:30 - 2009-07-14 05:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-01-31 13:29 - 2014-11-11 13:40 - 00000000 ____D C:\ProgramData\NVIDIA
2017-01-30 17:25 - 2016-07-26 13:27 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Drumatom
2017-01-30 16:19 - 2015-11-12 22:26 - 00000000 ____D C:\Users\Mark\AvidLogFiles
2017-01-30 11:58 - 2009-07-14 03:20 - 00000000 ____D C:\windows\inf
2017-01-30 00:25 - 2014-11-15 13:43 - 00000000 ____D C:\Program Files (x86)\Steam
2017-01-27 16:50 - 2009-07-14 05:13 - 00006214 _____ C:\windows\system32\PerfStringBackup.INI
2017-01-26 17:13 - 2015-10-21 15:51 - 00000000 ____D C:\Users\Mark\Documents\Pro Tools
2017-01-23 17:20 - 2015-02-01 22:07 - 00000000 ____D C:\Users\Mark\Documents\Ableton
2017-01-19 20:01 - 2015-09-28 22:15 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-01-15 16:05 - 2014-11-15 16:45 - 00000000 ____D C:\Users\Mark\Desktop\Games
2017-01-15 00:32 - 2015-01-16 20:16 - 00000000 ____D C:\Users\Mark\AppData\Roaming\vlc
2017-01-14 22:20 - 2014-12-06 18:25 - 00000000 ____D C:\Users\Mark\AppData\Roaming\dvdcss
2017-01-14 19:48 - 2014-11-15 11:48 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-12 20:18 - 2015-09-28 22:16 - 00004476 _____ C:\windows\System32\Tasks\Adobe Acrobat Update Task
2017-01-12 13:01 - 2016-03-24 13:15 - 00000000 ____D C:\Program Files (x86)\Amazon
2017-01-10 22:15 - 2015-01-18 16:47 - 00802904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2017-01-10 22:15 - 2015-01-18 16:47 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2017-01-10 22:15 - 2015-01-18 16:47 - 00000000 ____D C:\windows\system32\Macromed
2017-01-10 22:15 - 2015-01-01 13:51 - 00144472 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-01-10 22:15 - 2015-01-01 13:51 - 00000000 ____D C:\windows\SysWOW64\Macromed
2017-01-09 22:04 - 2015-02-13 14:46 - 00000000 ____D C:\Users\Mark\Documents\Native Instruments
2017-01-09 22:02 - 2015-02-13 14:45 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2017-01-09 21:53 - 2015-09-26 22:10 - 00000000 ____D C:\Program Files (x86)\Native Instruments
2017-01-09 21:16 - 2015-02-13 14:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2017-01-09 21:16 - 2015-02-13 14:45 - 00000000 ____D C:\Program Files\Native Instruments
2017-01-09 21:16 - 2014-12-26 18:50 - 00000000 ____D C:\Program Files (x86)\VstPlugins
2017-01-09 20:47 - 2015-02-13 14:46 - 00000000 ____D C:\Users\Mark\AppData\Local\Native Instruments
2017-01-03 23:19 - 2014-12-06 18:33 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Audacity
==================== Files in the root of some directories =======
2013-10-14 02:44 - 2013-10-14 02:44 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2015-10-21 15:35 - 2015-10-21 15:35 - 2126240 _____ () C:\Users\Mark\AppData\Roaming\AvidApplicationManager_Install.log
2015-11-12 22:18 - 2015-11-12 22:18 - 0522328 _____ () C:\Users\Mark\AppData\Roaming\AvidCoreRuntime_Install.log
2015-11-12 22:22 - 2015-11-12 22:22 - 0595694 _____ () C:\Users\Mark\AppData\Roaming\AvidDIORuntime_Install.log
2015-11-12 22:21 - 2015-11-12 22:22 - 0182304 _____ () C:\Users\Mark\AppData\Roaming\FlamethrowerDriver_Install.log
2016-08-08 23:22 - 2016-08-08 23:22 - 0002005 _____ () C:\Users\Mark\AppData\Local\recently-used.xbel
2014-11-15 14:08 - 2012-09-06 16:06 - 0126976 _____ (Thesycon GmbH) C:\ProgramData\CNEEB29.tmp
Files to move or delete:
====================
C:\Users\Mark\keFIR_v1.64.dll
C:\Users\Mark\keFIR_v1_2ch.64.dll
C:\Users\Mark\OMB2.64.dll
C:\Users\Mark\WOW2.64.dll
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-11 21:19
==================== End of FRST.txt ============================
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Mark (31-01-2017 18:30:45)
Running from C:\Users\Mark\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2014-11-15 11:45:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
248DF0F1DAF442E19D43 (S-1-5-21-366135555-2470553269-3306163725-1003 - Limited - Enabled)
Administrator (S-1-5-21-366135555-2470553269-3306163725-500 - Administrator - Disabled)
Guest (S-1-5-21-366135555-2470553269-3306163725-501 - Limited - Disabled)
Mark (S-1-5-21-366135555-2470553269-3306163725-1000 - Administrator - Enabled) => C:\Users\Mark
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: BullGuard Antivirus (Enabled - Up to date) {EDBB5818-2352-E06B-028A-4E6873B92CC5}
AS: BullGuard Antispyware (Enabled - Up to date) {56DAB9FC-0568-EFE5-383A-751A083E6678}
FW: BullGuard Firewall (Disabled) {D580D93D-693D-E133-29D5-E75D8D6A6BBE}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Ableton Live 9 Suite (HKLM\...\{A7C273D4-3F82-4A08-94DC-7492FC151F15}) (Version: 9.0.0.0 - Ableton)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20056 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated)
Age of Empires® III: Complete Collection (HKLM\...\Steam App 105450) (Version: - Ensemble Studios)
Amnesia: A Machine for Pigs (HKLM-x32\...\Steam App 239200) (Version: - The Chinese Room)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Audient USB Audio Driver v3.20.0 (HKLM-x32\...\Software_Audient_audientusbaudio_Setup) (Version: 3.20.0 - Audient)
Avid Core Runtime (HKLM-x32\...\{29E44AFF-790B-46B8-8CA6-A0EE6EFC9D7A}) (Version: 6.1.0 - Avid Technology, Inc.)
Avid DIO Runtime (HKLM-x32\...\{15E44F0D-2B0E-4F2E-B931-920F4D8D2DCA}) (Version: 6.1.0 - Avid Technology, Inc.)
Avid Effects (HKLM-x32\...\{A86F1158-A7F7-4E8C-98E3-88F4996E85EB}) (Version: 10.3.7 - Avid Technology, Inc.)
Avid HD Driver (x64) (HKLM\...\{658E112A-8776-4430-A275-D9248732DFB9}) (Version: 10.3.7 - Avid Technology, Inc.)
Avid HEAT (HKLM-x32\...\{82C04FF2-7662-4F8E-B6BE-85B40520AE6A}) (Version: 10.2.0 - Avid Technology, Inc.)
Avid Pro Tools (HKLM-x32\...\{8E60BB71-7EF3-42ED-9F10-AA041F25841A}) (Version: 10.3.7 - Avid Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BullGuard Internet Security (HKLM\...\BullGuard) (Version: 16.0 - BullGuard Ltd.)
Bully: Scholarship Edition (HKLM-x32\...\Steam App 12200) (Version: - Rockstar New England)
Call of Duty: Black Ops - Multiplayer (HKLM\...\Steam App 42710) (Version: - Treyarch)
Call of Duty: Black Ops (HKLM\...\Steam App 42700) (Version: - Treyarch)
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{678753E6-E526-4AE5-A144-00240772543A}) (Version: 1.0.393 - Citrix)
Commandos Ammo Pack (HKLM-x32\...\GOGPACKCOMMANDOS1_is1) (Version: 2.0.0.19 - GOG.com)
Crazy Taxi (HKLM-x32\...\Steam App 71230) (Version: - SEGA)
Custom Shop version 1.6.1 (HKLM-x32\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 1.6.1 - IK Multimedia)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deus Ex - Invisible War (HKLM-x32\...\GOGPACKDEUSEX2_is1) (Version: 2.0.0.8 - GOG.com)
Deus Ex GOTY (HKLM-x32\...\GOGPACKDEUSEX_is1) (Version: 2.0.0.11 - GOG.com)
Deus Ex: Game of the Year Edition (HKLM-x32\...\Steam App 6910) (Version: - Ion Storm)
Deus Ex: Revision (HKLM-x32\...\Steam App 397550) (Version: - Caustic Creative)
DOOM (HKLM\...\Steam App 379720) (Version: - id Software)
Door Kickers (HKLM-x32\...\Steam App 248610) (Version: - KillHouse Games)
Downfall Redux (HKLM-x32\...\1455298654_is1) (Version: 2.0.0.2 - GOG.com)
Duke Nukem - Manhattan Project (HKLM-x32\...\GOGPACKDUKEMANHATAN_is1) (Version: 2.0.0.12 - GOG.com)
Duke Nukem 3D (HKLM-x32\...\GOGPACKDUKE3D_is1) (Version: 2.0.0.85 - GOG.com)
Duke3D (HKLM\...\{b5f456c9-720b-410c-8b24-59e92772053b}.sdb) (Version: - )
Dungeon Siege 2 (HKLM-x32\...\Steam App 39200) (Version: - Gas Powered Games)
E-License Manager (HKLM-x32\...\E-License Manager) (Version: 1.4.0.0 - Best Service)
E-License Manager (Version: 1.4.0.0 - Magix) Hidden
Engine 2 (HKLM-x32\...\Engine 2) (Version: 2.5.0.73 - Best Service)
Engine 2 (Version: 2.5.0.73 - Best Service) Hidden
Epic Games Launcher (HKLM-x32\...\{A1C97AE7-FB6B-425F-B75B-7A16E1E5639D}) (Version: 1.1.52.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
Frozen Synapse (HKLM-x32\...\Steam App 98200) (Version: - Mode 7)
Garry's Mod (HKLM\...\Steam App 4000) (Version: - Facepunch Studios)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GWX Control Panel (HKLM-x32\...\UltimateOutsider_GwxControlPanel) (Version: - UltimateOutsider)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Helix Versioning Engine (HKLM\...\{F8466CD6-8BBA-4AF6-B03C-47D66288D5A1}) (Version: 151.120.4891 - Perforce Software)
Hitman - Contracts (HKLM-x32\...\GOGPACKHITMAN3_is1) (Version: 2.0.0.11 - GOG.com)
Hitman Codename 47 (HKLM-x32\...\GOGPACKANHITMAN1_is1) (Version: 2.0.0.13 - GOG.com)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - IO Interactive)
IK Multimedia Authorization Manager version 1.0.14 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.14 - IK Multimedia)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
JBridge (HKLM-x32\...\JBridge) (Version: - JBridge)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Leisure Suit Larry - Magna Cum Laude (HKLM-x32\...\{A31289C6-04EF-4437-A35B-7CC96167145C}) (Version: 1.00.0001 - )
Leisure Suit Larry - Reloaded (HKLM-x32\...\1207659243_is1) (Version: 2.1.0.11 - GOG.com)
Leisure Suit Larry- Magna Cum Laude (HKLM-x32\...\GOGPACKLARRYMCL_is1) (Version: 2.0.0.3 - GOG.com)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version: - NetherRealm Studios)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MusicLab RealEight (32-bit) (x32 Version: 1.0.0.7183 - MusicLab, Inc.) Hidden
MusicLab RealEight (64-bit) (Version: 1.0.0.7183 - MusicLab, Inc.) Hidden
MusicLab RealEight (HKLM-x32\...\{550309f3-2bc9-43a7-8091-faaf92edb69f}) (Version: 1.0.0.7183 - MusicLab, Inc.)
MusicLab RealEight Sound Bank (x32 Version: 1.0.0.7183 - MusicLab, Inc.) Hidden
Narcissu 1st & 2nd (HKLM-x32\...\Steam App 264380) (Version: - stage-nana)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (HKLM-x32\...\Native Instruments Guitar Rig Mobile I/O) (Version: - Native Instruments)
Native Instruments Guitar Rig Session I/O (HKLM-x32\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version: 5.6.5.13 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.0.4 - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: - Native Instruments)
Native Instruments Rig Kontrol 3 (HKLM-x32\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
NETGEAR WNA1100 wireless USB 2.0 driver (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.2.0.2 - NETGEAR)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.1 - Black Tree Gaming)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version: - No More Room in Hell Team)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.5.11.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.5.11.45 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.88 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
ORION: Prelude (HKLM\...\Steam App 104900) (Version: - Trek Industries, Inc)
Overgrowth (HKLM-x32\...\Steam App 25000) (Version: - Wolfire)
PACE License Support Win64 (HKLM\...\{72ad9d51-0903-4fe7-af5d-33b3185fa6e9}) (Version: 2.0.0.0256 - PACE Anti-Piracy, Inc.)
Postal 2 (HKLM-x32\...\1207658755_is1) (Version: 2.1.0.10 - GOG.com)
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.4 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.6.9 - Rockstar Games)
Room EQ Wizard 5.14 (HKLM-x32\...\4549-9647-2313-4375) (Version: 5.14 - John Mulcahy)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition)
SampleTank 3 version 3.6.0 (HKLM\...\{4A5CE684-33A5-4EE6-AB22-4B92D92D37D8}_is1) (Version: 3.6.0 - IK Multimedia)
SampleTank FREE (HKLM-x32\...\{6559654F-2F38-491F-8411-211517C3E635}) (Version: 2.5.5 - IK Multimedia)
SecondLifeViewer (remove only) (HKLM-x32\...\SecondLifeViewer) (Version: - )
Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version: - Croteam)
Shadow Man (HKLM-x32\...\1207659713_is1) (Version: 2.1.0.5 - GOG.com)
Shadow Warrior (HKLM-x32\...\Steam App 233130) (Version: - Flying Wild Hog)
ShadowMan (HKLM-x32\...\ShadowMan) (Version: - )
SHIELD Streaming (Version: 4.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.5.11.45 - NVIDIA Corporation) Hidden
Skyrim Script Extender (SKSE) (HKLM-x32\...\Steam App 365720) (Version: - The SKSE Team)
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version: - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Speech Ananlyzer 3.1 (HKLM-x32\...\{D99E9365-BB4F-4430-875C-BD5516EE92DA}) (Version: 3.1 - SIL International, Inc)
Spotify (HKU\S-1-5-21-366135555-2470553269-3306163725-1000\...\Spotify) (Version: 1.0.47.13.gd8e05b1f - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StrongholdCrusader (HKLM\...\{5a56ddf5-f2fd-4a53-b852-909002f9df30}.sdb) (Version: - )
Sugar Bytes WOW2 Demo 2.1.1 (HKLM\...\WOW2_is1) (Version: 2.1.1 - Sugar Bytes)
Superior Drummer 64-bit (HKLM\...\{0E54CF79-AE40-409E-9253-9563418C730C}) (Version: 2.4.1 - Toontrack)
Superior Drummer Installer (HKLM-x32\...\{009AC76E-1A66-4682-82B7-417E77F3C648}) (Version: 2.0.1 - Toontrack)
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version: - Berserk Games)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Evil Within (HKLM-x32\...\Steam App 268050) (Version: - Tango Gameworks)
Tomb Raider (HKLM\...\Steam App 203160) (Version: - Crystal Dynamics)
Toontrack solo (HKLM-x32\...\{5866520C-8857-4986-833A-039F4584C3F7}) (Version: 1.1.1 - Toontrack)
Toribash (HKLM-x32\...\Steam App 248570) (Version: - Nabi Studios)
TSE BOD v2.1.0 (HKLM-x32\...\{C201CB0D-F5E3-476B-BA29-2F834C6171A5}_is1) (Version: v2.1.0 - TSE Audio)
Unreal Development Kit: 2012-07 (HKLM\...\UDK-42e6f4db-e845-4c3f-82b4-15f346b7647e) (Version: - Epic Games, Inc.)
Unreal Tournament 2004 (HKLM-x32\...\GOGPACKUT2004_is1) (Version: 2.0.0.6 - GOG.com)
Unreal Tournament 3 (HKU\S-1-5-21-366135555-2470553269-3306163725-1000\...\InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}) (Version: 1.00.0000 - Epic Games)
Unreal Tournament 3 (x32 Version: 1.00.0000 - Epic Games) Hidden
UT2K4 Voice Packager v1.0.4.6 (HKLM-x32\...\UT2K4 Voice Packager_is1) (Version: - Xtreme Gaming Xperience, LLC)
Viscera Cleanup Detail (HKLM-x32\...\Steam App 246900) (Version: - RuneStorm)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Warhammer® 40,000™: Dawn of War® II – Retribution™ (HKLM-x32\...\Steam App 56400) (Version: - Relic Entertainment)
Waves Complete V9r15 (HKLM-x32\...\{91000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.1.15 - Waves)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.20 beta 4 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.4 - win.rar GmbH)
Worms Clan Wars (HKLM-x32\...\Steam App 233840) (Version: - Team17 Digital Ltd)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-366135555-2470553269-3306163725-1000_Classes\CLSID\{D82589D2-1B7D-7FF1-A355-87431E72C0B9}\InprocServer32 -> no filepath
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1295157C-C24C-4576-946E-0599D63E170D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {24B1E6BF-8A6C-409B-95A0-DE4CB646DBA7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-10] (Adobe Systems Incorporated)
Task: {3195EA84-5783-4A53-8BC6-D1DE86CD6C9A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {36120B84-0E2E-41D1-B6BE-46A404B14EB9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {38244AFF-68AF-4F1E-BF6B-1510C27CF255} - System32\Tasks\{51D1B497-8A59-4917-BAFC-2AD2C67DC18F} => C:\GOG Games\Deus Ex - Invisible War\System\DX2Main.exe [2012-06-04] ()
Task: {4BE172A6-C88E-491C-9D9F-81F4311EB2B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5E1D815B-E999-4BFA-BBB4-430E19810214} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {61BCAA4C-0B27-4965-AD78-26F1A6B8A944} - System32\Tasks\{8FCD0894-FD26-42D5-99C6-0EBAE5C598A4} => pcalua.exe -a "C:\Users\Mark\Desktop\super duper drummer\super drum files\Install\PC\Superior2 Sound Installer.exe" -d "C:\Users\Mark\Desktop\super duper drummer\super drum files\Install\PC"
Task: {6638A13B-272F-4184-A435-C77AC8D67EF3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7454E6C6-C5C8-4B42-86D8-BC3447D74AF8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7D55D3E5-DC3A-4182-951F-1FBB0621CB51} - System32\Tasks\{E37786F8-0DB2-494D-B876-E330CEADF3D1} => pcalua.exe -a "C:\Users\Mark\Desktop\SampleTank_FREE_b\SampleTank_FREE_b\Install SampleTank FREE.exe" -d C:\Users\Mark\Desktop\SampleTank_FREE_b\SampleTank_FREE_b
Task: {80B9A8FA-F985-4C7F-B73F-4AFCEB325EB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {89E735FF-B643-4034-94AD-571159D53C1A} - System32\Tasks\BullGuard\BullGuardUpdate2 => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2016-12-19] (BullGuard Ltd.)
Task: {8E2B4BC5-9FA6-41D8-88F9-72EC4A5D5A7A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {8F25B239-8147-4752-89E3-468E98EB63BD} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {C085B5AF-6AF7-4D0F-9E88-22659141F3D9} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D3DE0BE5-FF98-41D9-A9D5-D17E30FB63FC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FC934114-70D5-4A20-98F6-25DE87B9D358} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {FEBD774C-C67D-47C8-979F-71CF3FA478AD} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-12-19 13:55 - 2016-12-19 13:55 - 00727320 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2016-12-19 13:55 - 2016-12-19 13:55 - 00084248 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2016-12-19 13:55 - 2016-12-19 13:55 - 00644888 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2014-11-11 13:40 - 2015-03-13 16:16 - 00118472 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-19 13:55 - 2016-12-19 13:55 - 00644888 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2016-12-19 13:55 - 2016-12-19 13:55 - 00064792 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2016-12-19 13:55 - 2016-12-19 13:55 - 00084248 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2014-03-04 15:23 - 2013-11-02 17:06 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-12-19 13:55 - 2016-12-19 13:55 - 00727320 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2014-11-16 13:51 - 2014-03-19 09:51 - 00316120 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2016-01-26 12:03 - 2015-12-03 15:24 - 06295552 _____ () C:\Program Files\Audient\USBAudioDriver\iD.exe
2015-07-15 22:09 - 2015-07-14 19:06 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2014-11-16 13:51 - 2014-03-06 16:45 - 00372736 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2016-12-08 16:30 - 2017-01-27 11:21 - 51777648 _____ () C:\Users\Mark\AppData\Roaming\Spotify\libcef.dll
2016-01-26 12:03 - 2015-09-03 09:29 - 00200704 _____ () C:\Program Files\Audient\USBAudioDriver\audientusbaudioapi.dll
2016-12-15 12:30 - 2016-12-08 07:29 - 01829208 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-15 12:30 - 2016-12-08 07:29 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-12-08 16:30 - 2017-01-27 11:21 - 01803888 _____ () C:\Users\Mark\AppData\Roaming\Spotify\libglesv2.dll
2016-12-08 16:30 - 2017-01-27 11:21 - 00086128 _____ () C:\Users\Mark\AppData\Roaming\Spotify\libegl.dll
2014-11-11 13:31 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData:482EE99B1E21CE8C [1]
AlternateDataStreams: C:\Users\All Users:482EE99B1E21CE8C [1]
AlternateDataStreams: C:\ProgramData\Application Data:482EE99B1E21CE8C [1]
AlternateDataStreams: C:\Users\Mark\Local Settings:SrzdpEDZ4n9Bkrhv1GveFbU [2534]
AlternateDataStreams: C:\Users\Mark\AppData\Local:SrzdpEDZ4n9Bkrhv1GveFbU [2534]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Application Data:SrzdpEDZ4n9Bkrhv1GveFbU [2534]
AlternateDataStreams: C:\Users\Mark\AppData\Local\JfzJRGueM46qZ:8TXUjmBilZyPptLEC [2008]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Temp:b7qXxbqTbYWneAuCuejvU [2402]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Temp:EyajXVarKQMW3gvXYTKRojrWv [2422]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Temp:ragXzDyd97H1yzXHkVrwwdw [2346]
AlternateDataStreams: C:\Users\Mark\AppData\Local\Temp:XxRF4J8zmz2AxOZoq6TYF [2130]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\amazon.co.uk -> hxxps://amazon.co.uk
IE trusted site: HKU\S-1-5-21-366135555-2470553269-3306163725-1000\...\amazon.co.uk -> hxxps://amazon.co.uk
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 02:34 - 2015-09-29 11:17 - 00000035 ____A C:\windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-366135555-2470553269-3306163725-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Spotify => "C:\Users\Mark\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{F79FCF57-FBAD-4850-9B86-A96C3A86C756}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{0723B56A-D09C-4738-9060-3FA596F64EA6}] => C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{48E9DE8E-ADB2-4EC2-83A0-EBBD02E2BA60}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3A7AEAC9-62AE-4F86-8706-0176A018C727}] => C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{3A5C8052-EFB9-4D37-897E-95B09A5683C1}] => C:\Program Files (x86)\Steam\steamapps\common\DoorKickers\DoorKickers.exe
FirewallRules: [{0FDCD3FB-F259-45E9-B1ED-487B6589A188}] => C:\Program Files (x86)\Steam\steamapps\common\DoorKickers\DoorKickers.exe
FirewallRules: [{3009162B-175A-40C0-AEF2-D65BF3F9A3F8}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{7EC6ACC7-103A-4103-B3F7-EB16A88AAA99}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{642F625D-378B-42C7-87EB-3396C8F7A958}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{61363FF8-45C4-446C-ACA5-CF5C4A7FDE79}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{0577D119-7BD1-4334-B6C0-1332C513D253}] => C:\Program Files (x86)\Steam\steamapps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{021AD885-CD64-4BC4-93B5-440B4A277CBB}] => C:\Program Files (x86)\Steam\steamapps\common\Overgrowth\Overgrowth.exe
FirewallRules: [{8447CEFA-C941-44D4-9F03-FA4C5197C94A}] => C:\Program Files (x86)\Steam\steamapps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [{05404C48-C63A-4F0B-8B85-44B57C24160F}] => C:\Program Files (x86)\Steam\steamapps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [TCP Query User{7CEC1BED-A231-4207-92C5-DAB89681670E}C:\users\mark\appdata\roaming\spotify\spotify.exe] => C:\users\mark\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E047D36D-AB5A-4DC7-A87D-BB4CEF1689D1}C:\users\mark\appdata\roaming\spotify\spotify.exe] => C:\users\mark\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E16FC8BE-E1CC-43DC-891C-28A3F9B7793C}] => C:\Program Files (x86)\Steam\steamapps\common\Toribash\toribash.exe
FirewallRules: [{0C6484EE-F475-4B0F-9C35-B9F1541CF301}] => C:\Program Files (x86)\Steam\steamapps\common\Toribash\toribash.exe
FirewallRules: [{9A4FFB37-2CEA-40F9-A112-E7B628DB98EC}] => C:\Program Files (x86)\Unreal Tournament 3\Binaries\UT3.exe
FirewallRules: [{BFAB9785-613B-43AE-BD8C-8DC04336B15A}] => C:\Program Files (x86)\Unreal Tournament 3\Binaries\UT3.exe
FirewallRules: [{6F096A56-FE90-4056-8605-4AADC0741C00}] => C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{07017B20-2D62-4AC1-876B-AF7934B4EA0B}] => C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base 2007\hl2.exe
FirewallRules: [{DB8955F1-3EDD-4DDA-9049-7353ABF9A924}] => C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{2375E01B-F179-47C7-A844-FBF71B1A58BE}] => C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3.exe
FirewallRules: [{19E8829D-D10E-4E29-8F0F-BD8F592CF90D}] => C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{82F8883D-2767-4DFD-8B46-79E2EC9AC66A}] => C:\Program Files (x86)\Steam\steamapps\common\Serious Sam 3\Bin\Sam3_Unrestricted.exe
FirewallRules: [{E9CDEDED-447F-4E83-B338-44B65CFB220F}] => C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{72ACCD2B-055A-4EAF-A77F-4099694C5ACD}] => C:\Program Files (x86)\Steam\steamapps\common\Source SDK Base\hl2.exe
FirewallRules: [{D92B3967-38C2-4245-A5C1-7B80B422DCFD}] => C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{C3DA496A-BF3D-4F2A-88CD-3423A2ADB7DF}] => C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{683CD2C3-5A79-4891-991C-43104BDFA0C3}] => C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{446CDD8D-DB26-4B67-8580-50A7382A1F93}] => C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\sw.exe
FirewallRules: [{DB08185D-8034-4ED6-84B6-3D3D41A93EB4}] => C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{A8A89D0A-CCCF-42BD-BD60-D5C10492A242}] => C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{05A04738-A453-4134-8B74-C536ABBC2B0C}] => C:\Program Files (x86)\Steam\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{5865EC54-65A9-4780-A9E8-1FBB2774E4E5}] => C:\Program Files (x86)\Steam\steamapps\common\MortalKombat_KompleteEdition\DiscContentPC\MKKE.exe
FirewallRules: [{DE8FFC9E-62BA-4DF5-B3DC-12D209617AC7}] => C:\Program Files (x86)\Steam\steamapps\common\Machine for Pigs\aamfp.exe
FirewallRules: [{8DC6FA2E-E849-4D2C-989B-8C91C5222DCC}] => C:\Program Files (x86)\Steam\steamapps\common\Machine for Pigs\aamfp.exe
FirewallRules: [{CD956855-91CE-4253-BD02-B903096763A0}] => C:\Program Files (x86)\Steam\steamapps\common\Machine for Pigs\Launcher.exe
FirewallRules: [{111B6070-F111-48B1-AD8C-1510582B629F}] => C:\Program Files (x86)\Steam\steamapps\common\Machine for Pigs\Launcher.exe
FirewallRules: [{EE057731-351F-43E7-941F-1CD8B01888CE}] => C:\Program Files (x86)\Steam\steamapps\common\Dungeon Siege 2\DungeonSiege2.exe
FirewallRules: [{DCBA62C6-27E1-43FC-96BA-84F17ED120A9}] => C:\Program Files (x86)\Steam\steamapps\common\Dungeon Siege 2\DungeonSiege2.exe
FirewallRules: [{891253E5-2621-46D8-8B57-E9B61081E6EA}] => C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{0E7F83B4-D725-4884-B839-EDAC8E2041B6}] => C:\Program Files (x86)\Steam\steamapps\common\Hitman Absolution\HMA.exe
FirewallRules: [{4F5F8E92-6C58-43D4-9C51-BC45320AAB04}] => C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{02EB2FDF-86D4-4628-AF76-571A5A5474AD}] => C:\Program Files (x86)\Steam\steamapps\common\Shadow Warrior\dx11\launcher.exe
FirewallRules: [{48DCAA06-78B1-4C10-8AC0-B8F25B9D9685}] => C:\Program Files (x86)\Steam\steamapps\common\narcissu2\narci2.exe
FirewallRules: [{0AF6B668-EDB2-4AAB-B34B-6466877FCAE3}] => C:\Program Files (x86)\Steam\steamapps\common\narcissu2\narci2.exe
FirewallRules: [{69DA4BDF-B34B-49B4-95F1-4D3F337E28D4}] => C:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{8DAB8911-6388-496B-9BB7-F69BF086A7BF}] => C:\Program Files (x86)\Steam\steamapps\common\nmrih\sdk\hl2.exe
FirewallRules: [{8B78E594-6703-4CE6-A4A4-44A5807BEC45}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{550CD175-73D4-45A6-9376-6F8CAC740A5D}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{8AA0A079-8DA0-4CC2-8B99-EE32CE05C0F6}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1615D08D-B5D3-4687-955D-F7AB2F4F81D2}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{07CF8EEB-3A9F-4F49-878E-A9CCE58C6155}] => C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{07CBE1B2-4513-44A9-8197-82156EFD34F5}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A43C789C-8EB1-4F25-8E7A-A17F776A69DB}] => LPort=2869
FirewallRules: [{35AC8500-0B7C-42F4-B1B1-ABD158FAE781}] => LPort=1900
FirewallRules: [{A55C83A2-BB1E-41F8-BF7D-7D3C4CC9986A}] => C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{99228AFC-CD3D-4FB2-AA1D-110E2ED66B83}] => C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\DeusEx.exe
FirewallRules: [{4C376C82-D1CE-48E3-85F5-64B1B91E874B}] => C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\Revision.exe
FirewallRules: [{A1C66229-DEBE-4491-8FE2-38D64385D868}] => C:\Program Files (x86)\Steam\steamapps\common\Deus Ex\System\Revision.exe
FirewallRules: [{BBFFDE06-63BB-41C3-A364-74A8793D8E19}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9A6310F2-7895-4E2C-94A4-86FC7C7A3940}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2D55E4C2-786C-4C8C-A977-65C0112D19F7}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{302A3148-9406-4962-A02A-F8C3F7E191F9}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{66356982-29EA-4FE5-A475-077FD4589B06}] => C:\Program Files (x86)\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [{0CA81502-C2E6-4BAA-ADA4-2454B50F0A12}] => C:\Program Files (x86)\Steam\steamapps\common\Dawn of War II - Retribution\DOW2.exe
FirewallRules: [{155512C4-8DB3-49A8-AC38-50CB2AA1F3E5}] => C:\Program Files (x86)\Steam\steamapps\common\TheEvilWithin\EvilWithin.exe
FirewallRules: [{D521BE25-0AE7-44D4-B89F-0367BD7CCEBC}] => C:\Program Files (x86)\Steam\steamapps\common\TheEvilWithin\EvilWithin.exe
FirewallRules: [{4BF0ABC4-8D11-45CE-89B0-7D2114339735}] => C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{D06FE9C3-7CB4-40F8-B13C-5ACC53E461A2}] => C:\Program Files (x86)\Steam\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{C708039F-6E38-4451-8EF6-6E67B71A2641}] => C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{93CA5D44-1571-4122-8047-8F50B8EBDD87}] => C:\Program Files (x86)\Steam\steamapps\common\Skyrim\skse_steam_boot.exe
FirewallRules: [{3BEC4729-943A-489E-A7CF-FABF8C07929B}] => C:\Program Files (x86)\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{BACB3AC0-0557-4C11-B0CC-83E1D3E4B089}] => C:\Program Files (x86)\Steam\steamapps\common\Bully Scholarship Edition\Bully.exe
FirewallRules: [{B5B9586D-912C-4011-BF51-DFC76D02E529}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{DF655CF6-9C69-4071-A9DA-CF71CDF6224E}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\game_launcher.exe
FirewallRules: [{722758E9-FA16-470C-BFE0-E5BD88033465}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{51CBE5E1-20DA-4E1F-9438-5F4FCC437541}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{A6847172-D249-456D-8ACB-EEDFF9C9948A}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{7F745BD8-7E6F-4272-BCFE-2A886FF09B12}] => C:\Program Files (x86)\Steam\steamapps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{A8EF8B3E-7F65-4343-AA95-22096659D43F}] => C:\Program Files (x86)\Steam\steamapps\common\Crazy Taxi\AppLauncher.exe
FirewallRules: [{B3A0F255-AE43-41AB-9B2E-0227750D5636}] => C:\Program Files (x86)\Steam\steamapps\common\Crazy Taxi\AppLauncher.exe
FirewallRules: [{892270AF-1854-4CE5-9AAC-A954561FDEBD}] => C:\Program Files (x86)\Steam\steamapps\common\Frozen Synapse\FrozenSynapse.exe
FirewallRules: [{8921F91C-E635-4EB3-A4E4-F59EEE01C769}] => C:\Program Files (x86)\Steam\steamapps\common\Frozen Synapse\FrozenSynapse.exe
FirewallRules: [TCP Query User{3966AC40-5656-474B-813D-D1352CA1EE07}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{CCA87AF7-9839-4FE5-A764-58C1EC06D654}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{44A58767-49A3-47CB-B2DD-94D6A9890E20}C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-shipping.exe] => C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [UDP Query User{68E9B77F-509C-4C57-BF67-06468B0B1B53}C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-shipping.exe] => C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-shipping.exe
FirewallRules: [{7FDDCA4A-19C2-4DEB-9F11-06D3C429249D}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{989131D3-9274-46C5-987D-A88E813FD53F}] => C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{57D14194-AB6C-403E-BD33-4D5322D3D123}] => C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{7E92916E-FFED-4724-B503-E58ED976EAF8}] => C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{91A551C4-E4BC-491D-8CF7-1578B40E4F75}] => C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops\BlackOps.exe
FirewallRules: [{62E652D7-1BF5-4E1F-BF25-EEC881184F70}] => C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops\BlackOps.exe
FirewallRules: [{ABCE931F-8FA3-4F65-82B9-64AF3C6F4C99}] => C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [{F5BA5385-806D-40EB-BA97-9EB5450E924B}] => C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops\BlackOpsMP.exe
FirewallRules: [{B3F4049D-212C-4988-BDBE-DCD4FA91493F}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D80AA5EF-40E5-4586-9F3A-C17DC2AE6D1E}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FC22A9B9-929D-4BCA-8749-7786DFE8F4A7}] => C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{AE40D00F-9528-4F81-BF52-B1B516B0D082}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{A566C160-EABE-4EBB-A814-A1B816C6ED6C}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{B7EA09B7-E893-489B-80BD-228C085B33D7}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{B8A8AD83-665C-4ACC-A5B1-2019F600120A}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{13AEB1DC-19EA-48D3-BC65-ED641443495E}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{B0557032-2371-466B-A992-7AD35F4ED38F}] => C:\Program Files (x86)\Steam\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{0BA0776C-9FE1-4307-9BFE-6C9A86225EB4}] => C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{C6B306EA-2DFC-4480-98EC-B16F33651742}] => C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{8C3089ED-1CA0-4EEE-85FE-918FC0E3884F}] => C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{1255CFAD-8B25-4C74-A841-B92D51627971}] => C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{ACC0E8C9-A303-40D3-B48F-04FE5434979C}] => C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{99A352E3-8368-4AEA-9991-3043902060F3}] => C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{F50675A4-ACB9-4E5F-AAF5-D9C5A5421BF8}] => C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{56CFAD38-E7E6-4CC1-9DCF-7C403EF1FC28}] => C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{AFB7E2DA-5160-4E9A-9F30-C486CD68EDB1}] => C:\Program Files (x86)\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{AB9C0F6A-ABBF-4197-8B29-A57F0C354CA2}] => C:\Program Files (x86)\Steam\steamapps\common\Orion Dino Beatdown\Binaries\Win32\DinoHordeGame.exe
FirewallRules: [{2422C5EC-3D05-4D9E-971F-7D33E80D6CCD}] => C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{6C933303-8178-4C62-A99D-05115A65B7CA}] => C:\Program Files (x86)\Steam\steamapps\common\DOOM\DOOMx64.exe
==================== Restore Points =========================
04-11-2016 18:32:22 Installed DirectX
05-11-2016 14:27:23 Installed DirectX
09-11-2016 19:35:38 Windows Update
15-12-2016 00:43:21 Windows Update
25-12-2016 22:19:47 Installed DirectX
25-12-2016 23:28:47 Installed DirectX 9.0
09-01-2017 21:14:00 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
09-01-2017 21:14:47 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
09-01-2017 21:53:50 Device Driver Package Install: Native Instruments GmbH Storage controllers
12-01-2017 01:09:27 Windows Update
14-01-2017 19:45:27 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210
14-01-2017 19:46:26 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
14-01-2017 19:47:05 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
14-01-2017 19:48:06 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/30/2017 04:49:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ProTools.exe, version: 10.3.4.181, time stamp: 0x51330148
Faulting module name: digitalio.dll, version: 6.1.0.14500, time stamp: 0x4c7358e4
Exception code: 0xc0000005
Fault offset: 0x0000b596
Faulting process id: 0x108
Faulting application start time: 0x01d27b149c5acd1d
Faulting application path: C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe
Faulting module path: C:\Program Files (x86)\Common Files\Avid\digitalio.dll
Report Id: 0817d1aa-e70c-11e6-9636-74d435d74a2b
Error: (01/30/2017 03:40:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ProTools.exe version 10.3.4.181 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1938
Start Time: 01d27b0db30f2086
Termination Time: 21
Application Path: C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe
Report Id: 55d8f9af-e702-11e6-92cc-74d435d74a2b
Error: (01/30/2017 03:29:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ProTools.exe, version: 10.3.4.181, time stamp: 0x51330148
Faulting module name: digitalio.dll, version: 6.1.0.14500, time stamp: 0x4c7358e4
Exception code: 0xc0000005
Fault offset: 0x0000b596
Faulting process id: 0x1dc8
Faulting application start time: 0x01d27b0d71e14c14
Faulting application path: C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe
Faulting module path: C:\Program Files (x86)\Common Files\Avid\digitalio.dll
Report Id: ecad4f8b-e700-11e6-92cc-74d435d74a2b
Error: (01/30/2017 03:15:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ProTools.exe, version: 10.3.4.181, time stamp: 0x51330148
Faulting module name: digitalio.dll, version: 6.1.0.14500, time stamp: 0x4c7358e4
Exception code: 0xc0000005
Fault offset: 0x0000b596
Faulting process id: 0x1fd4
Faulting application start time: 0x01d27b0a7f84a155
Faulting application path: C:\Program Files (x86)\Avid\Pro Tools\ProTools.exe
Faulting module path: C:\Program Files (x86)\Common Files\Avid\digitalio.dll
Report Id: e218c54e-e6fe-11e6-92cc-74d435d74a2b
Error: (01/28/2017 04:11:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10078
Error: (01/28/2017 04:11:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10078
Error: (01/28/2017 04:11:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (01/28/2017 04:11:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9002
Error: (01/28/2017 04:11:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9002
Error: (01/28/2017 04:11:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (01/30/2017 05:54:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
Error: (01/30/2017 04:15:29 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 16:13:03 on 30/01/2017 was unexpected.
Error: (01/30/2017 12:10:53 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 00:09:09 on 30/01/2017 was unexpected.
Error: (01/30/2017 12:03:46 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
Error: (01/30/2017 12:00:00 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.
Error: (01/29/2017 11:57:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 23:55:44 on 29/01/2017 was unexpected.
Error: (01/29/2017 01:29:57 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 01:03:56 on 29/01/2017 was unexpected.
Error: (01/28/2017 05:56:07 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSWNA1100 service.
Error: (01/28/2017 01:30:14 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: Unable to initialize the security package Basic for server side authentication. The data field contains the error number.
Error: (01/28/2017 01:30:14 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: Unable to initialize the security package Negotiate for server side authentication. The data field contains the error number.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 55%
Total physical RAM: 8053.92 MB
Available physical RAM: 3545.51 MB
Total Virtual: 16106.02 MB
Available Virtual: 10680.03 MB
==================== Drives ================================
Drive c: (OSDisk) (Fixed) (Total:931.02 GB) (Free:240.95 GB) NTFS
Drive d: (APOCALYPTO) (CDROM) (Total:7.75 GB) (Free:0 GB) UDF
Drive f: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1682.3 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BF4817BF)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 09A39BF8)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2017-01-31 18:38:56
-----------------------------
18:38:56.810 OS Version: Windows x64 6.1.7601 Service Pack 1
18:38:56.810 Number of processors: 4 586 0x3C03
18:38:56.810 ComputerName: WIN-7Q0K2TFJBH6 UserName: Mark
18:39:02.245 Initialize success
18:39:02.290 VM: initialized successfully
18:39:02.291 VM: Intel CPU supported
18:39:07.218 VM: supported disk I/O ataport.SYS
18:45:45.957 AVAST engine defs: 17010903
18:45:50.533 The log file has been saved successfully to "C:\Users\Mark\Desktop\aswMBR.txt"
AdwCleaner
Run as administrator to run the programme.
Scan.
Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Clean.
