Accidentally downloaded Tuneup Utilities 2014 spyware.

**markus212** · 2014-12-26, 20:40

Hello all.

I accidentally downloaded and installed a program calling itself Tuneup Utilities 2014 which from what I've read is a spyware. I've uninstalled the program but my PC has been acting strangely since the program installed itself with other programs sporadically crashing. I'd appreciate it if some could take a look:

Here is my FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-12-2014
Ran by Mark (administrator) on WIN-7Q0K2TFJBH6 on 26-12-2014 19:13:39
Running from C:\Users\Mark\Desktop\Armour
Loaded Profile: Mark (Available profiles: Mark)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Atheros Communications, Inc.) C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
(Spotify Ltd) C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
() C:\Program Files\Audient\USBAudioDriver\iD22.exe
(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginClientService.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Spotify Ltd) C:\Users\Mark\AppData\Roaming\Spotify\spotify.exe
() C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\windows\system32\rundll32.exe C:\windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BullGuard] => C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1357648 2014-12-17] (BullGuard Ltd.)
HKLM\...\Run: [BullGuardUpdate2] => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2933072 2014-12-17] (BullGuard Ltd.)
HKLM-x32\...\Run: [jswtrayutil] => "C:\Program Files (x86)\NETGEAR\WNA1100\jswtrayutil.exe"
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-366135555-2470553269-3306163725-1000\...\Run: [Spotify] => C:\Users\Mark\AppData\Roaming\Spotify\Spotify.exe [6737976 2014-12-10] (Spotify Ltd)
HKU\S-1-5-21-366135555-2470553269-3306163725-1000\...\Run: [Spotify Web Helper] => C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-10] (Spotify Ltd)
HKU\S-1-5-21-366135555-2470553269-3306163725-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-12-25] (Electronic Arts)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iD22.lnk
ShortcutTarget: iD22.lnk -> C:\Program Files\Audient\USBAudioDriver\iD22.exe ()
ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)
ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-366135555-2470553269-3306163725-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard
FF Extension: BullGuard Safe Browsing - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard [2014-11-15]

Chrome:
=======
CHR Profile: C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-15]
CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-15]
CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-15]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-15]
CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-15]
CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-15]
CHR Extension: (Google Sheets) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-15]
CHR Extension: (AdBlock) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-24]
CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-15]
CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-15]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [778576 2014-12-17] (BullGuard Ltd.)
R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [601424 2014-12-24] (BullGuard Ltd.)
R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [156496 2014-12-17] (BullGuard Ltd.)
R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [428368 2014-12-17] (BullGuard Ltd.)
R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [756048 2014-12-17] (BullGuard Ltd.)
R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [758608 2014-12-24] (BullGuard Ltd.)
R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [549200 2014-12-17] (BullGuard Ltd.)
R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [280912 2014-12-17] (BullGuard Ltd.)
R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [384336 2014-12-17] (BullGuard Ltd.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 jswpbapi; C:\Program Files (x86)\NETGEAR\WNA1100\jswpbapi.exe [271840 2010-03-22] (Atheros Communications, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
R3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-25] (Electronic Arts)
R2 WSWNA1100; C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [316120 2014-03-19] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [41680 2014-11-15] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [469712 2014-11-15] (Agnitum Ltd.)
R3 audientusbaudio; C:\Windows\System32\DRIVERS\audientusbaudio_x64.sys [250712 2014-03-31] ()
R3 audientusbaudioks; C:\Windows\System32\DRIVERS\audientusbaudioks_x64.sys [52056 2014-03-31] ()
R3 BdNet; C:\Windows\System32\drivers\BdNet.sys [34896 2014-11-15] (BullGuard Ltd.)
R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [67680 2014-11-15] (BullGuard Ltd.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [321112 2014-11-15] (BullGuard Ltd.)
R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [27544 2014-11-15] (BullGuard Ltd.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2013-09-12] (BitDefender S.R.L.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [233160 2013-01-03] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [301256 2013-01-03] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 19:12 - 2014-12-26 19:13 - 00000000 ____D () C:\Users\Mark\Desktop\Armour
2014-12-26 19:12 - 2014-12-26 19:12 - 00000000 ____D () C:\Users\Mark\Desktop\Production
2014-12-26 19:11 - 2014-12-26 19:13 - 00000000 ____D () C:\FRST
2014-12-26 18:53 - 2014-12-26 18:53 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\TuneUp Software
2014-12-26 18:53 - 2014-12-26 18:53 - 00000000 ____D () C:\Users\Mark\AppData\Local\TuneUp Software
2014-12-26 18:50 - 2014-12-26 18:53 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-12-26 18:50 - 2014-12-26 18:50 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-12-26 18:50 - 2014-12-26 18:50 - 00000000 ____D () C:\Users\Mark\Documents\Image-Line
2014-12-26 18:50 - 2014-12-26 18:50 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\OpenCandy
2014-12-26 18:50 - 2014-12-26 18:50 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-12-26 18:50 - 2014-12-26 18:50 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-12-26 18:50 - 2014-12-26 18:50 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\IHlpr
2014-12-26 18:50 - 2014-12-26 18:50 - 00000000 ____D () C:\Program Files\Image-Line
2014-12-26 18:50 - 2014-12-26 18:50 - 00000000 ____D () C:\Program Files\Common Files\VST2
2014-12-26 18:50 - 2014-12-26 18:50 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software
2014-12-26 18:50 - 2014-12-26 18:50 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2014-12-26 18:50 - 2014-12-26 18:50 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2014-12-26 18:50 - 2014-12-26 18:50 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-12-26 18:47 - 2014-12-26 18:50 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-12-26 18:28 - 2014-12-26 18:34 - 370000160 _____ (Image-Line) C:\Users\Mark\Downloads\flstudio_11.1.1.exe
2014-12-26 12:28 - 2014-12-26 12:28 - 00000512 _____ () C:\windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2014-12-26 11:48 - 2014-12-26 11:50 - 00000000 ____D () C:\ProgramData\regid.2011-12.ru.newsdozor,cifra
2014-12-26 11:48 - 2014-12-26 11:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2014-12-26 11:07 - 2014-12-26 11:07 - 00000000 __RHD () C:\Users\Mark\AppData\Roaming\SecuROM
2014-12-26 10:57 - 2014-12-26 13:11 - 00000000 ____D () C:\Users\Mark\Documents\Electronic Arts
2014-12-26 10:57 - 2014-12-26 10:57 - 00000000 ____D () C:\ProgramData\EA Core
2014-12-26 01:14 - 2014-12-26 01:14 - 00000155 _____ () C:\Users\Mark\Downloads\Resource.cfg_Documenti.rar
2014-12-26 00:58 - 2014-12-26 13:04 - 00447752 _____ (On2.com) C:\windows\SysWOW64\vp6vfw.dll
2014-12-25 22:39 - 2014-12-25 22:40 - 02901610 _____ () C:\Users\Mark\Downloads\Gore_Blood_Pack_Beta_2.rar
2014-12-25 16:35 - 2014-12-25 16:35 - 00298184 _____ () C:\windows\Minidump\122514-34710-01.dmp
2014-12-25 16:09 - 2014-12-25 16:09 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-25 16:03 - 2014-12-25 16:03 - 00000872 _____ () C:\windows\DirectX.log
2014-12-25 16:03 - 2014-12-25 16:03 - 00000343 _____ () C:\windows\doom3.ini
2014-12-25 16:03 - 2014-12-25 16:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Doom 3
2014-12-25 15:53 - 2014-12-25 16:03 - 00000000 ____D () C:\Program Files (x86)\DOOM 3
2014-12-25 10:48 - 2014-12-26 12:36 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-12-25 10:44 - 2014-12-25 16:38 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Origin
2014-12-25 10:44 - 2014-12-25 10:48 - 00000000 ____D () C:\Users\Mark\AppData\Local\Origin
2014-12-25 10:43 - 2014-12-26 12:28 - 00000000 ____D () C:\ProgramData\Origin
2014-12-25 10:43 - 2014-12-26 12:28 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-12-25 10:43 - 2014-12-25 10:43 - 17102864 _____ (Electronic Arts, Inc.) C:\Users\Mark\Downloads\OriginThinSetup.exe
2014-12-25 10:43 - 2014-12-25 10:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-25 10:43 - 2014-12-25 10:43 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-12-25 00:45 - 2014-12-25 00:45 - 13993828 _____ () C:\Users\Mark\Downloads\Enhanced_Blood_Textures_1_1.rar
2014-12-25 00:45 - 2014-12-25 00:45 - 00000000 ____D () C:\Users\Mark\Downloads\Enhanced_Blood_Textures_1_1
2014-12-25 00:40 - 2014-12-25 00:40 - 14296635 _____ () C:\Users\Mark\Downloads\Enhanced_Blood-Textures.rar
2014-12-25 00:40 - 2014-12-25 00:40 - 00000000 ____D () C:\Users\Mark\Downloads\Enhanced_Blood-Textures
2014-12-24 20:24 - 2014-12-25 16:35 - 00000000 ____D () C:\windows\Minidump
2014-12-24 20:24 - 2014-12-25 16:34 - 477774393 _____ () C:\windows\MEMORY.DMP
2014-12-24 20:24 - 2014-12-25 16:34 - 00001618 _____ () C:\windows\PFRO.log
2014-12-24 20:24 - 2014-12-24 20:24 - 00298184 _____ () C:\windows\Minidump\122414-22339-01.dmp
2014-12-24 17:22 - 2014-12-24 17:23 - 00000000 ____D () C:\Users\Mark\Downloads\16790RmcK
2014-12-24 00:49 - 2014-12-24 00:49 - 00000000 ____D () C:\Users\Mark\Downloads\gsfnnn
2014-12-24 00:48 - 2014-12-24 00:49 - 46354326 _____ () C:\Users\Mark\Downloads\gsfnnn.rar
2014-12-24 00:44 - 2014-12-24 00:45 - 00000000 ____D () C:\Users\Mark\Downloads\(DE) (original) dean
2014-12-24 00:44 - 2014-12-24 00:44 - 34530849 _____ () C:\Users\Mark\Downloads\(DE) (original) dean.rar
2014-12-24 00:40 - 2014-12-24 00:40 - 00000000 ____D () C:\Users\Mark\Downloads\Leon Kennedy (Casual) by psychicsocial
2014-12-24 00:39 - 2014-12-24 00:40 - 25466029 _____ () C:\Users\Mark\Downloads\Leon Kennedy (Casual) by psychicsocial.rar
2014-12-24 00:06 - 2014-12-24 00:06 - 07497579 _____ () C:\Users\Mark\Downloads\steve_burnside_retextured_by_manic_k-d3d6r78.rar
2014-12-24 00:06 - 2014-12-24 00:06 - 00000000 ____D () C:\Users\Mark\Downloads\steve_burnside_retextured_by_manic_k-d3d6r78
2014-12-22 16:43 - 2014-12-22 16:44 - 00000000 ____D () C:\Users\Mark\Downloads\predetoria_ut2k4_(fixed)
2014-12-22 16:43 - 2014-12-22 16:43 - 05205273 _____ () C:\Users\Mark\Downloads\predetoria_ut2k4_(fixed).rar
2014-12-22 16:38 - 2014-12-22 16:39 - 00000000 ____D () C:\Users\Mark\Downloads\UT2k4-TeamSnakeEyes
2014-12-22 16:37 - 2014-12-22 16:37 - 50813187 _____ () C:\Users\Mark\Downloads\UT2k4-TeamSnakeEyes.zip
2014-12-22 16:35 - 2014-12-22 16:35 - 00000000 ____D () C:\Users\Mark\Downloads\Krod
2014-12-22 16:31 - 2014-12-22 16:32 - 06766807 _____ () C:\Users\Mark\Downloads\Krod.zip
2014-12-21 15:10 - 2014-12-21 15:10 - 00441044 _____ () C:\Users\Mark\Desktop\Tone.wav
2014-12-21 11:00 - 2014-12-26 12:26 - 00002642 _____ () C:\windows\setupact.log
2014-12-21 11:00 - 2014-12-21 11:00 - 00000000 _____ () C:\windows\setuperr.log
2014-12-18 17:59 - 2014-12-18 17:59 - 80028103 _____ () C:\Users\Mark\Downloads\VCTF-RT-TrainCrossing-V0.719(beta2).zip
2014-12-18 17:56 - 2014-12-18 17:56 - 15163985 _____ () C:\Users\Mark\Downloads\BR-FURY-II.zip
2014-12-18 12:56 - 2014-12-18 12:56 - 00000000 __SHD () C:\Users\Mark\AppData\Local\EmieUserList
2014-12-18 12:56 - 2014-12-18 12:56 - 00000000 __SHD () C:\Users\Mark\AppData\Local\EmieSiteList
2014-12-18 12:56 - 2014-12-18 12:56 - 00000000 __SHD () C:\Users\Mark\AppData\Local\EmieBrowserModeList
2014-12-18 12:30 - 2014-12-18 12:43 - 00000000 ____D () C:\Users\Mark\Desktop\Michael Clarke Duncan
2014-12-18 11:40 - 2014-12-18 11:43 - 00000000 ____D () C:\ProgramData\Freemake
2014-12-18 11:40 - 2014-12-18 11:40 - 00000000 ____D () C:\Program Files\WinPcap
2014-12-18 11:39 - 2014-12-18 11:43 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-12-18 11:39 - 2014-12-18 11:39 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\RHEng
2014-12-18 11:18 - 2014-12-13 05:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 11:18 - 2014-12-13 03:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-18 00:02 - 2014-12-18 00:05 - 00000000 ____D () C:\Users\Mark\Downloads\ut4mod opener
2014-12-18 00:02 - 2014-12-18 00:02 - 01022722 _____ () C:\Users\Mark\Downloads\ut4mod opener.zip
2014-12-17 23:20 - 2014-12-17 23:20 - 04131488 _____ () C:\Users\Mark\Downloads\UT2K4VoicePackager_Setup (2).rar
2014-12-17 23:20 - 2014-12-17 23:20 - 00000000 ____D () C:\Users\Mark\Downloads\UT2K4VoicePackager_Setup (2)
2014-12-17 23:20 - 2014-12-17 23:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UT2K4 Voice Packager
2014-12-17 23:20 - 2014-12-17 23:20 - 00000000 ____D () C:\Program Files (x86)\UT2K4 Voice Packager
2014-12-17 23:19 - 2014-12-17 23:20 - 04131488 _____ () C:\Users\Mark\Downloads\UT2K4VoicePackager_Setup (1).rar
2014-12-17 23:19 - 2014-12-17 23:19 - 04131488 _____ () C:\Users\Mark\Downloads\UT2K4VoicePackager_Setup.rar
2014-12-17 19:16 - 2014-12-17 19:16 - 38307960 _____ () C:\Users\Mark\Downloads\Ghost Skin pack 4.zip
2014-12-17 19:16 - 2014-12-17 19:16 - 00000000 ____D () C:\Users\Mark\Downloads\Ghost Skin pack 4
2014-12-17 12:12 - 2014-12-17 12:13 - 00000000 ____D () C:\Users\Mark\Downloads\BallisticV25_Complete
2014-12-17 12:11 - 2014-12-17 12:12 - 265565321 _____ () C:\Users\Mark\Downloads\BallisticV25_Complete.rar
2014-12-17 12:05 - 2014-12-17 12:05 - 00153712 _____ (BullGuard Ltd.) C:\windows\system32\BgGamingMonitor.dll
2014-12-17 12:05 - 2014-12-17 12:05 - 00140280 _____ (BullGuard Ltd.) C:\windows\SysWOW64\BgGamingMonitor.dll
2014-12-17 12:05 - 2014-12-17 12:05 - 00076624 _____ (BullGuard Ltd.) C:\windows\system32\BGLsp.dll
2014-12-17 12:05 - 2014-12-17 12:05 - 00064336 _____ (BullGuard Ltd.) C:\windows\SysWOW64\BGLsp.dll
2014-12-16 23:24 - 2014-12-16 23:25 - 00000000 ____D () C:\Users\Mark\Downloads\ut2k4_collection_pt1
2014-12-16 23:24 - 2014-12-16 23:24 - 28911803 _____ () C:\Users\Mark\Downloads\ut2k4_collection_pt1.rar
2014-12-16 23:19 - 2014-12-16 23:19 - 01361476 _____ () C:\Users\Mark\Downloads\bladethevampirehunter.7z
2014-12-16 23:19 - 2014-12-16 23:19 - 00000000 ____D () C:\Users\Mark\Downloads\bladethevampirehunter
2014-12-16 19:00 - 2014-12-16 19:00 - 00002988 _____ () C:\windows\System32\Tasks\{51D1B497-8A59-4917-BAFC-2AD2C67DC18F}
2014-12-16 18:09 - 2014-12-16 18:16 - 00000000 ____D () C:\Users\Mark\Documents\Deus Ex - Invisible War
2014-12-16 18:06 - 2014-12-16 18:06 - 00001829 _____ () C:\Users\Public\Desktop\Deus Ex - Invisible War.lnk
2014-12-16 18:04 - 2014-12-16 18:04 - 01617141 _____ () C:\Users\Mark\Downloads\blade_the_vampirehunter_2.rar
2014-12-14 20:37 - 2014-12-14 20:37 - 00000000 ____D () C:\Users\Mark\Downloads\ballistic-ut3port_v1
2014-12-14 20:36 - 2014-12-14 20:36 - 00000000 ____D () C:\Users\Mark\Downloads\UT3Patch5
2014-12-14 20:35 - 2014-12-14 20:36 - 70044638 _____ () C:\Users\Mark\Downloads\ballistic-ut3port_v1.7z
2014-12-14 20:34 - 2014-12-14 20:36 - 343837747 _____ () C:\Users\Mark\Downloads\UT3Patch5.zip
2014-12-14 20:29 - 2014-12-14 20:29 - 39919279 _____ () C:\Users\Mark\Downloads\crucibleweaponspack_v1.7z
2014-12-14 20:29 - 2014-12-14 20:29 - 00000000 ____D () C:\Users\Mark\Downloads\crucibleweaponspack_v1
2014-12-14 17:33 - 2014-12-14 17:33 - 01665448 _____ () C:\Users\Mark\Downloads\opheliabthlocal.zip
2014-12-14 17:31 - 2014-12-14 17:31 - 03177452 _____ () C:\Users\Mark\Downloads\magdalena.rar
2014-12-14 17:30 - 2014-12-14 17:30 - 04025177 _____ () C:\Users\Mark\Downloads\ut2k4mdl-effigy.zip
2014-12-14 17:29 - 2014-12-14 17:29 - 03860814 _____ () C:\Users\Mark\Downloads\ut2k4monstar.zip
2014-12-14 17:28 - 2014-12-14 17:28 - 00100686 _____ () C:\Users\Mark\Downloads\gibalicious2.zip
2014-12-14 17:17 - 2014-12-14 17:17 - 03701856 _____ (GOG.com ) C:\Users\Mark\Downloads\Setup_Downloader_3.6.0_stable (1).exe
2014-12-10 18:38 - 2014-12-10 18:38 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-10 00:01 - 2014-10-18 02:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-10 00:01 - 2014-10-18 01:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-10 00:01 - 2014-07-07 02:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-10 00:01 - 2014-07-07 02:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-10 00:01 - 2014-07-07 02:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-10 00:01 - 2014-07-07 02:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-10 00:01 - 2014-07-07 01:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-12-10 00:01 - 2014-07-07 01:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-12-10 00:01 - 2014-07-07 01:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-12-10 00:01 - 2014-07-07 01:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-12-09 23:15 - 2014-12-09 23:15 - 00000000 ____D () C:\Users\Mark\Downloads\BMP - Heavy Music For Life (2014)
2014-12-09 21:24 - 2014-12-04 02:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-09 21:24 - 2014-12-04 02:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-09 21:24 - 2014-12-04 02:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-09 21:24 - 2014-12-04 02:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-09 21:24 - 2014-12-04 02:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-09 21:24 - 2014-12-04 02:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-09 21:24 - 2014-12-01 23:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-09 21:23 - 2014-12-04 02:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-09 21:23 - 2014-11-27 01:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-09 21:23 - 2014-11-27 01:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-09 21:23 - 2014-11-22 03:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-09 21:23 - 2014-11-22 03:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-09 21:23 - 2014-11-22 03:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-09 21:23 - 2014-11-22 02:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-09 21:23 - 2014-11-22 02:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-09 21:23 - 2014-11-22 02:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-09 21:23 - 2014-11-22 02:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-09 21:23 - 2014-11-22 02:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-09 21:23 - 2014-11-22 02:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-09 21:23 - 2014-11-22 02:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-09 21:23 - 2014-11-22 02:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-09 21:23 - 2014-11-22 02:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-09 21:23 - 2014-11-22 02:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-09 21:23 - 2014-11-22 02:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-09 21:23 - 2014-11-22 02:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-09 21:23 - 2014-11-22 02:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-09 21:23 - 2014-11-22 02:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-09 21:23 - 2014-11-22 02:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-09 21:23 - 2014-11-22 02:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-09 21:23 - 2014-11-22 02:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-09 21:23 - 2014-11-22 02:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-09 21:23 - 2014-11-22 02:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-09 21:23 - 2014-11-22 02:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-09 21:23 - 2014-11-22 02:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-09 21:23 - 2014-11-22 02:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-09 21:23 - 2014-11-22 02:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-09 21:23 - 2014-11-22 02:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-09 21:23 - 2014-11-22 01:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-09 21:23 - 2014-11-22 01:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-09 21:23 - 2014-11-22 01:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-09 21:23 - 2014-11-22 01:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-09 21:23 - 2014-11-22 01:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-09 21:23 - 2014-11-22 01:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-09 21:23 - 2014-11-22 01:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-09 21:23 - 2014-11-22 01:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-09 21:23 - 2014-11-22 01:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-09 21:23 - 2014-11-22 01:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-09 21:23 - 2014-11-22 01:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-09 21:23 - 2014-11-22 01:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-09 21:23 - 2014-11-22 01:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-09 21:23 - 2014-11-22 01:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-09 21:23 - 2014-11-22 01:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-09 21:23 - 2014-11-22 01:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-09 21:23 - 2014-11-22 01:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-09 21:23 - 2014-11-22 01:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-09 21:23 - 2014-11-22 01:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-09 21:23 - 2014-11-22 01:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-09 21:23 - 2014-11-22 01:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-09 21:23 - 2014-11-22 01:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-09 21:23 - 2014-11-22 01:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-09 21:23 - 2014-11-22 00:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-09 21:23 - 2014-11-22 00:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-09 21:23 - 2014-11-11 03:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-09 21:23 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-09 21:23 - 2014-11-11 01:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-09 21:23 - 2014-11-08 03:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-09 21:23 - 2014-11-08 02:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-09 21:23 - 2014-10-30 02:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-09 21:23 - 2014-10-30 01:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-09 21:23 - 2014-10-03 02:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-09 21:23 - 2014-10-03 02:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-09 21:23 - 2014-10-03 02:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-09 21:23 - 2014-10-03 02:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-09 21:23 - 2014-10-03 02:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-09 21:23 - 2014-10-03 01:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-09 21:23 - 2014-10-03 01:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-09 21:23 - 2014-10-03 01:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-09 21:23 - 2014-10-03 01:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-09 21:23 - 2014-10-03 01:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-07 15:31 - 2014-12-07 15:32 - 42208663 _____ () C:\Users\Mark\Downloads\2008_10_26_GaltanorsInvasion022.7z
2014-12-07 14:41 - 2014-12-07 14:41 - 11046790 _____ () C:\Users\Mark\Downloads\rszombie_v11_ut3.7z
2014-12-07 14:18 - 2014-12-07 14:18 - 00000000 ____D () C:\Users\Mark\Downloads\COG_Marcus_Fenix_UT3
2014-12-07 14:17 - 2014-12-07 14:18 - 38901659 _____ () C:\Users\Mark\Downloads\COG_Marcus_Fenix_UT3.7z
2014-12-06 18:33 - 2014-12-25 18:14 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Audacity
2014-12-06 18:33 - 2014-12-06 18:33 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2014-12-06 18:33 - 2014-12-06 18:33 - 00001013 _____ () C:\Users\Public\Desktop\Audacity.lnk
2014-12-06 18:32 - 2014-12-06 18:33 - 00000000 ____D () C:\Program Files (x86)\Audacity
2014-12-06 18:32 - 2014-12-06 18:32 - 22892794 _____ (Audacity Team ) C:\Users\Mark\Downloads\audacity-win-2.0.6.exe
2014-12-06 18:30 - 2014-12-06 18:30 - 07084197 _____ (Computer Application Studio ) C:\Users\Mark\Downloads\dvdaudioextractor (1).exe
2014-12-06 18:28 - 2014-12-06 18:28 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\ImTOO
2014-12-06 18:28 - 2014-12-06 18:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImTOO
2014-12-06 18:28 - 2014-12-06 18:28 - 00000000 ____D () C:\ProgramData\ImTOO
2014-12-06 18:28 - 2014-12-06 18:28 - 00000000 ____D () C:\Program Files (x86)\ImTOO
2014-12-06 18:27 - 2014-12-06 18:27 - 37758728 _____ () C:\Users\Mark\Downloads\dvd-audio-ripper6-se.exe
2014-12-06 18:25 - 2014-12-06 18:30 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\dvdcss
2014-12-06 18:25 - 2014-12-06 18:27 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\dvdae
2014-12-06 18:22 - 2014-12-06 18:22 - 07084197 _____ (Computer Application Studio ) C:\Users\Mark\Downloads\dvdaudioextractor.exe
2014-12-06 14:42 - 2014-12-06 14:42 - 00007604 _____ () C:\Users\Mark\Downloads\Lighter Flame.zip
2014-12-06 14:42 - 2014-12-06 14:42 - 00000000 ____D () C:\Users\Mark\Downloads\Lighter Flame
2014-11-30 20:47 - 2014-11-30 20:51 - 00000000 ____D () C:\Users\Mark\Downloads\ChronosPhaseIBeta
2014-11-30 20:47 - 2014-11-30 20:47 - 17465624 _____ () C:\Users\Mark\Downloads\ChronosPhaseIBeta.zip
2014-11-30 18:08 - 2014-11-30 18:08 - 00000000 ____D () C:\Users\Mark\Documents\Amnesia
2014-11-30 18:08 - 2014-11-30 18:08 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\NVIDIA
2014-11-29 16:50 - 2014-11-29 16:51 - 00000000 ____D () C:\Users\Mark\Downloads\Vance is a Preset Face-57405-1-00
2014-11-29 16:50 - 2014-11-29 16:50 - 00015506 _____ () C:\Users\Mark\Downloads\Vance is a Preset Face-57405-1-00.zip
2014-11-28 19:15 - 2014-11-28 19:16 - 00000000 ____D () C:\Users\Mark\Downloads\Heights-6804
2014-11-28 19:15 - 2014-11-28 19:15 - 00016897 _____ () C:\Users\Mark\Downloads\Heights-6804.rar
2014-11-28 17:56 - 2014-11-28 17:56 - 00000000 ____D () C:\Users\Mark\AppData\Local\FalloutNV
2014-11-27 21:28 - 2014-11-27 21:28 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\MKKE

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-26 19:13 - 2014-11-15 11:50 - 00000000 ____D () C:\ProgramData\BullGuard
2014-12-26 19:12 - 2014-11-15 16:45 - 00000000 ____D () C:\Users\Mark\Desktop\Games
2014-12-26 18:27 - 2014-11-15 13:22 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-26 17:25 - 2014-11-15 16:20 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Spotify
2014-12-26 15:11 - 2014-11-15 13:43 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-26 14:49 - 2009-07-14 04:45 - 00028720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-26 14:49 - 2009-07-14 04:45 - 00028720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-26 13:27 - 2014-11-15 13:22 - 00000890 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-26 13:05 - 2009-07-14 05:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-26 13:04 - 2014-11-11 13:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-26 12:32 - 2009-07-14 05:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-26 12:26 - 2014-11-15 13:13 - 00000268 _____ () C:\windows\system32\config\afw_hm.conf
2014-12-26 12:26 - 2014-11-15 13:13 - 00000004 _____ () C:\windows\system32\config\afw_db.conf
2014-12-26 12:26 - 2014-11-11 13:40 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-26 12:26 - 2009-07-14 05:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-26 10:57 - 2010-11-21 02:52 - 01515254 _____ () C:\windows\WindowsUpdate.log
2014-12-25 00:27 - 2014-11-22 09:49 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-12-24 11:00 - 2014-11-15 16:26 - 00000000 ____D () C:\Users\Mark\AppData\Local\Spotify
2014-12-16 23:08 - 2014-11-15 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2014-12-16 23:04 - 2014-11-15 13:43 - 00000000 ____D () C:\GOG Games
2014-12-14 17:17 - 2014-11-15 16:13 - 00000000 ____D () C:\Program Files (x86)\GOG.com
2014-12-13 19:36 - 2014-11-21 09:30 - 00000000 ____D () C:\Users\Mark\Documents\My Games
2014-12-10 18:38 - 2014-11-16 20:56 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-10 18:38 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-10 18:38 - 2009-07-14 03:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-09 19:28 - 2014-11-15 13:23 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

Some content of TEMP:
====================
C:\Users\Mark\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Mark\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Mark\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Mark\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Mark\AppData\Local\Temp\TUUUninstallHelper.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-11 21:19

==================== End Of Log ============================

The addition:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-12-2014
Ran by Mark at 2014-12-26 19:14:39
Running from C:\Users\Mark\Desktop\Armour
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: BullGuard Antivirus (Enabled - Up to date) {EDBB5818-2352-E06B-028A-4E6873B92CC5}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: BullGuard Antispyware (Enabled - Up to date) {56DAB9FC-0568-EFE5-383A-751A083E6678}
FW: BullGuard Firewall (Enabled) {D580D93D-693D-E133-29D5-E75D8D6A6BBE}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

(HKLM\...\UDK-d0ba7a8e-21e0-4dc8-b02c-9ad6af604e59) (Version: - RuneStorm
Amnesia: A Machine for Pigs (HKLM-x32\...\Steam App 239200) (Version: - The Chinese Room)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Audient USB Audio Driver v1.67.0 (HKLM-x32\...\Audient USB Audio Driver v1.67.0) (Version: 1.67.0 - Audient)
BullGuard (HKLM\...\BullGuard) (Version: 14.0 - BullGuard Ltd.)
Dead Space (HKLM-x32\...\Steam App 17470) (Version: - EA Redwood Shores)
Deus Ex - Invisible War (HKLM-x32\...\GOGPACKDEUSEX2_is1) (Version: 2.0.0.8 - GOG.com)
Deus Ex GOTY (HKLM-x32\...\GOGPACKDEUSEX_is1) (Version: 2.0.0.11 - GOG.com)
Doom 3 (HKLM-x32\...\InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}) (Version: 1.00.0000 - Activision)
Doom 3 (x32 Version: 1.00.0000 - Activision) Hidden
Door Kickers (HKLM-x32\...\Steam App 248610) (Version: - KillHouse Games)
Duke Nukem - Manhattan Project (HKLM-x32\...\GOGPACKDUKEMANHATAN_is1) (Version: 2.0.0.12 - GOG.com)
Duke Nukem 3D (HKLM-x32\...\GOGPACKDUKE3D_is1) (Version: 2.0.0.85 - GOG.com)
Duke3D (HKLM\...\{b5f456c9-720b-410c-8b24-59e92772053b}.sdb) (Version: - )
Dungeon Siege 2 (HKLM-x32\...\Steam App 39200) (Version: - Gas Powered Games)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version: - Image-Line)
FlowStone FL 3.0 (HKLM-x32\...\FlowStone) (Version: - )
GOG.com Downloader version 3.6.0 (HKLM-x32\...\{456A5815-604D-4D72-94DF-346D2B978A59}_is1) (Version: 3.6.0 - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line)
ImTOO DVD Audio Ripper SE (HKLM-x32\...\ImTOO DVD Audio Ripper SE) (Version: 7.7.3.20131014 - ImTOO)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3355 - Intel Corporation)
Leisure Suit Larry - Magna Cum Laude (HKLM-x32\...\{A31289C6-04EF-4437-A35B-7CC96167145C}) (Version: 1.00.0001 - )
Leisure Suit Larry - Reloaded (HKLM-x32\...\1207659243_is1) (Version: 2.1.0.11 - GOG.com)
Leisure Suit Larry- Magna Cum Laude (HKLM-x32\...\GOGPACKLARRYMCL_is1) (Version: 2.0.0.3 - GOG.com)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mortal Kombat Komplete Edition (HKLM-x32\...\Steam App 237110) (Version: - NetherRealm Studios)
NETGEAR WNA1100 wireless USB 2.0 driver (HKLM-x32\...\{A2AE9709-283B-4B48-AA34-729C070A62FB}) (Version: 1.2.0.2 - NETGEAR)
NVIDIA 3D Vision Controller Driver 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.3.636 - Electronic Arts, Inc.)
Overgrowth (HKLM-x32\...\Steam App 25000) (Version: - Wolfire)
Perfect Dark: Source Beta 1.1686 (HKLM-x32\...\{5EDEF75E-1BA0-4D25-8131-ADCF83E3B1FF}_is1) (Version: 0.0.1.1 - Erocodeurs)
Postal 2 (HKLM-x32\...\1207658755_is1) (Version: 2.1.0.10 - GOG.com)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7076 - Realtek Semiconductor Corp.)
Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version: - Croteam)
Serious Sam HD: The Second Encounter (HKLM-x32\...\Steam App 41010) (Version: - Croteam)
Shadow Man (HKLM-x32\...\1207659713_is1) (Version: 2.1.0.5 - GOG.com)
Shadow Warrior (HKLM-x32\...\Steam App 233130) (Version: - Flying Wild Hog)
ShadowMan (HKLM-x32\...\ShadowMan) (Version: - )
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Source SDK Base 2006 (HKLM-x32\...\Steam App 215) (Version: - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Spotify (HKU\S-1-5-21-366135555-2470553269-3306163725-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold Crusader Extreme HD (HKLM-x32\...\GOGPACKSTRONGHOLDCRUSADERHD_is1) (Version: 2.2.0.8 - GOG.com)
StrongholdCrusader (HKLM\...\{5a56ddf5-f2fd-4a53-b852-909002f9df30}.sdb) (Version: - )
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version: - Berserk Games)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.42.130 - Electronic Arts)
Toribash (HKLM-x32\...\Steam App 248570) (Version: - Nabi Studios)
Unreal Tournament 2004 (HKLM-x32\...\GOGPACKUT2004_is1) (Version: 2.0.0.6 - GOG.com)
Unreal Tournament 3 (HKU\S-1-5-21-366135555-2470553269-3306163725-1000\...\InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}) (Version: 1.00.0000 - Epic Games)
Unreal Tournament 3 (x32 Version: 1.00.0000 - Epic Games) Hidden
UT2K4 Voice Packager v1.0.4.6 (HKLM-x32\...\UT2K4 Voice Packager_is1) (Version: - Xtreme Gaming Xperience, LLC)
Viscera Cleanup Detail (HKLM-x32\...\Steam App 246900) (Version: - RuneStorm)
Viscera Cleanup Detail: alpha v0.25
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.20 beta 4 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.20.4 - win.rar GmbH)
Worms Clan Wars (HKLM-x32\...\Steam App 233840) (Version: - Team17 Digital Ltd)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points =========================

16-11-2014 22:27:27 Windows Update
17-11-2014 09:08:03 Windows Update
20-11-2014 23:25:20 Installed DirectX
20-11-2014 23:39:49 Installed Unreal Tournament 3
21-11-2014 09:08:11 Installed Unreal Tournament 3
21-11-2014 17:16:50 Installed DirectX
28-11-2014 17:54:44 Installed DirectX
10-12-2014 00:00:55 Windows Update
12-12-2014 00:53:46 Windows Update
15-12-2014 13:57:09 Installed Microsoft Visual C++ 2005 Redistributable
15-12-2014 13:58:14 Installed DirectX
19-12-2014 00:09:21 Windows Update
25-12-2014 15:53:53 Installed Doom 3
26-12-2014 00:57:16 Installed The Sims 3
26-12-2014 11:04:28 Installed The Sims 3
26-12-2014 12:35:22 Removed The Sims 3
26-12-2014 13:04:20 Installed The Sims 3
26-12-2014 19:04:08 Removed TuneUp Utilities 2014
26-12-2014 19:04:43 Removed TuneUp Utilities 2014 (en-GB)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {38244AFF-68AF-4F1E-BF6B-1510C27CF255} - System32\Tasks\{51D1B497-8A59-4917-BAFC-2AD2C67DC18F} => C:\GOG Games\Deus Ex - Invisible War\System\DX2Main.exe [2012-06-04] ()
Task: {4BE172A6-C88E-491C-9D9F-81F4311EB2B1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {80B9A8FA-F985-4C7F-B73F-4AFCEB325EB9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-12-17 12:05 - 2014-12-17 12:05 - 00613200 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll
2014-12-17 12:05 - 2014-12-17 12:05 - 00084304 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll
2014-12-17 12:05 - 2014-12-17 12:05 - 00653136 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll
2014-11-11 13:40 - 2014-11-03 22:02 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-17 12:05 - 2014-12-17 12:05 - 00653136 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
2014-12-17 12:05 - 2014-12-17 12:05 - 00021800 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BullGuardBhvScannerRes.dll
2014-12-17 12:05 - 2014-12-17 12:05 - 00064848 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
2014-12-17 12:05 - 2014-12-17 12:05 - 00084304 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
2014-11-16 13:51 - 2014-03-19 09:51 - 00316120 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
2014-03-04 15:23 - 2013-11-02 17:06 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-12-17 12:05 - 2014-12-17 12:05 - 00613200 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll
2014-12-17 12:05 - 2014-12-17 12:05 - 00279336 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpBackupRes.dll
2014-12-17 12:05 - 2014-12-17 12:05 - 00013096 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpInspectorRes.dll
2014-12-17 12:05 - 2014-12-17 12:05 - 00033064 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpMainRes.dll
2014-11-15 14:07 - 2014-11-15 14:03 - 06853120 _____ () C:\Program Files\Audient\USBAudioDriver\iD22.exe
2014-11-15 16:26 - 2014-12-10 18:44 - 00374840 _____ () C:\Users\Mark\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-12-17 12:05 - 2014-12-17 12:05 - 00028456 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BackupShellNamespaceRes.dll
2014-11-16 13:51 - 2014-03-06 16:45 - 00372736 _____ () C:\Program Files (x86)\NETGEAR\WNA1100\WifiLib.dll
2014-11-15 14:07 - 2014-11-15 14:03 - 00188416 _____ () C:\Program Files\Audient\USBAudioDriver\tusbaudioapi.dll
2014-12-25 10:44 - 2014-12-25 10:44 - 01007104 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2014-12-25 10:44 - 2014-12-25 10:44 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2014-12-25 10:44 - 2014-12-25 10:44 - 00024576 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2014-12-25 10:44 - 2014-12-25 10:44 - 00216576 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2014-12-25 10:44 - 2014-12-25 10:44 - 00261120 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2014-12-25 10:44 - 2014-12-25 10:44 - 00019456 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2014-12-25 10:44 - 2014-12-25 10:44 - 00337408 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2014-12-25 10:44 - 2014-12-25 10:44 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2014-12-25 10:44 - 2014-12-25 10:44 - 00060928 _____ () C:\Program Files (x86)\Origin\audio\qtaudio_windows.dll
2014-11-11 13:31 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-11-15 13:44 - 2014-11-11 18:48 - 01171456 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-11-15 13:44 - 2014-11-11 18:48 - 00442368 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-11-15 13:44 - 2014-11-11 18:48 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-11-15 13:45 - 2014-11-11 18:47 - 00774656 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-11-15 13:45 - 2014-11-18 20:23 - 02227904 _____ () C:\Program Files (x86)\Steam\video.dll
2014-11-15 13:44 - 2014-11-11 18:48 - 00403968 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-11-15 13:44 - 2014-11-11 18:48 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2014-11-15 13:45 - 2014-11-18 20:23 - 00690880 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-11-15 13:45 - 2014-11-11 18:48 - 34589888 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-11-15 13:44 - 2014-11-11 18:48 - 00837824 _____ () C:\Program Files (x86)\Steam\bin\ffmpegsumo.dll
2014-11-15 16:26 - 2014-12-10 18:44 - 36966968 _____ () C:\Users\Mark\AppData\Roaming\Spotify\Data\libcef.dll
2014-11-15 16:26 - 2014-12-10 18:44 - 00867896 _____ () C:\Users\Mark\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-11-15 16:26 - 2014-12-10 18:44 - 00886840 _____ () C:\Users\Mark\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-11-15 16:26 - 2014-12-10 18:44 - 00108600 _____ () C:\Users\Mark\AppData\Roaming\Spotify\Data\libegl.dll
2014-12-09 19:28 - 2014-12-06 01:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-09 19:28 - 2014-12-06 01:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-09 19:28 - 2014-12-06 01:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-09 19:28 - 2014-12-06 01:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-366135555-2470553269-3306163725-500 - Administrator - Disabled)
Guest (S-1-5-21-366135555-2470553269-3306163725-501 - Limited - Disabled)
Mark (S-1-5-21-366135555-2470553269-3306163725-1000 - Administrator - Enabled) => C:\Users\Mark

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2014 07:12:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: d9c

Start Time: 01d021073cea8ee5

Termination Time: 14

Application Path: C:\windows\Explorer.EXE

Report Id: 154b647d-8d33-11e4-96b5-74d435d74a2b

Error: (12/26/2014 07:07:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FL64.exe version 1.1.5.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 15d4

Start Time: 01d0213f17e8aa14

Termination Time: 6

Application Path: C:\Program Files (x86)\Image-Line\FL Studio 11\FL64.exe

Report Id:

Error: (12/26/2014 00:34:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TS3W.exe, version: 0.2.0.209, time stamp: 0x52d872da
Faulting module name: TS3W.exe, version: 0.2.0.209, time stamp: 0x52d872da
Exception code: 0xc0000005
Fault offset: 0x00a6e712
Faulting process id: 0xce4
Faulting application start time: 0xTS3W.exe0
Faulting application path: TS3W.exe1
Faulting module path: TS3W.exe2
Report Id: TS3W.exe3

Error: (12/26/2014 00:30:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TS3W.exe, version: 0.2.0.209, time stamp: 0x52d872da
Faulting module name: TS3W.exe, version: 0.2.0.209, time stamp: 0x52d872da
Exception code: 0xc0000005
Fault offset: 0x00a6e712
Faulting process id: 0x7b8
Faulting application start time: 0xTS3W.exe0
Faulting application path: TS3W.exe1
Faulting module path: TS3W.exe2
Report Id: TS3W.exe3

Error: (12/26/2014 00:29:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TS3W.exe, version: 0.2.0.209, time stamp: 0x52d872da
Faulting module name: TS3W.exe, version: 0.2.0.209, time stamp: 0x52d872da
Exception code: 0xc0000005
Fault offset: 0x00a6e712
Faulting process id: 0x1490
Faulting application start time: 0xTS3W.exe0
Faulting application path: TS3W.exe1
Faulting module path: TS3W.exe2
Report Id: TS3W.exe3

Error: (12/26/2014 00:27:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/26/2014 00:26:42 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (12/26/2014 00:26:42 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (12/26/2014 00:26:42 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (12/26/2014 00:24:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: TS3W.exe, version: 0.2.0.209, time stamp: 0x52d872da
Faulting module name: TS3W.exe, version: 0.2.0.209, time stamp: 0x52d872da
Exception code: 0xc0000005
Fault offset: 0x00a6e712
Faulting process id: 0x1644
Faulting application start time: 0xTS3W.exe0
Faulting application path: TS3W.exe1
Faulting module path: TS3W.exe2
Report Id: TS3W.exe3

System errors:
=============
Error: (12/26/2014 00:26:25 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:24:39 on ‎26/‎12/‎2014 was unexpected.

Error: (12/26/2014 10:53:02 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 01:15:12 on ‎26/‎12/‎2014 was unexpected.

Error: (12/26/2014 00:09:28 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (12/25/2014 04:35:13 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000d1 (0x0000000000000020, 0x0000000000000002, 0x0000000000000001, 0xfffff880014cf580)C:\windows\MEMORY.DMP122514-34710-01

Error: (12/25/2014 04:35:07 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 16:33:01 on ‎25/‎12/‎2014 was unexpected.

Error: (12/25/2014 03:53:38 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe -Embedding740{B3EDE298-AE75-4A1C-AB7E-1B9229B77BBE}

Error: (12/25/2014 11:34:24 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (12/25/2014 11:34:24 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (12/25/2014 11:34:23 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Error: (12/25/2014 11:34:23 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.

Microsoft Office Sessions:
=========================
Error: (12/26/2014 07:12:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.17567d9c01d021073cea8ee514C:\windows\Explorer.EXE154b647d-8d33-11e4-96b5-74d435d74a2b

Error: (12/26/2014 07:07:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FL64.exe1.1.5.015d401d0213f17e8aa146C:\Program Files (x86)\Image-Line\FL Studio 11\FL64.exe

Error: (12/26/2014 00:34:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TS3W.exe0.2.0.20952d872daTS3W.exe0.2.0.20952d872dac000000500a6e712ce401d02108484b6419C:\Program Files (x86)\Origin Games\The Sims 3\Game\Bin\TS3W.exeC:\Program Files (x86)\Origin Games\The Sims 3\Game\Bin\TS3W.exe8c66d13f-8cfb-11e4-96b5-74d435d74a2b

Error: (12/26/2014 00:30:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TS3W.exe0.2.0.20952d872daTS3W.exe0.2.0.20952d872dac000000500a6e7127b801d02107c03d367aC:\Program Files (x86)\Origin Games\The Sims 3\Game\Bin\TS3W.exeC:\Program Files (x86)\Origin Games\The Sims 3\Game\Bin\TS3W.exe0429076e-8cfb-11e4-96b5-74d435d74a2b

Error: (12/26/2014 00:29:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TS3W.exe0.2.0.20952d872daTS3W.exe0.2.0.20952d872dac000000500a6e712149001d0210788967cbfC:\Program Files (x86)\Origin Games\The Sims 3\Game\Bin\TS3W.exeC:\Program Files (x86)\Origin Games\The Sims 3\Game\Bin\TS3W.exedaa5e533-8cfa-11e4-96b5-74d435d74a2b

Error: (12/26/2014 00:27:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/26/2014 00:26:42 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (12/26/2014 00:26:42 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (12/26/2014 00:26:42 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (12/26/2014 00:24:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: TS3W.exe0.2.0.20952d872daTS3W.exe0.2.0.20952d872dac000000500a6e712164401d02106e8b584dfC:\Program Files (x86)\Origin Games\The Sims 3\Game\Bin\TS3W.exeC:\Program Files (x86)\Origin Games\The Sims 3\Game\Bin\TS3W.exe30af2514-8cfa-11e4-a4e5-74d435d74a2b

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 39%
Total physical RAM: 8061.34 MB
Available physical RAM: 4886.43 MB
Total Pagefile: 16120.85 MB
Available Pagefile: 12593.49 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (OSDisk) (Fixed) (Total:931.02 GB) (Free:715.9 GB) NTFS
Drive e: () (Removable) (Total:3.69 GB) (Free:0.57 GB) FAT32
Drive f: (KINGSTON) (Removable) (Total:14.54 GB) (Free:4.46 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: BF4817BF)
Partition 1: (Active) - (Size=499 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.6 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=0C)

========================================================
Disk: 2 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

And the aswMBR:

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-12-26 19:15:40
-----------------------------
19:15:40.485 OS Version: Windows x64 6.1.7601 Service Pack 1
19:15:40.485 Number of processors: 4 586 0x3C03
19:15:40.486 ComputerName: WIN-7Q0K2TFJBH6 UserName: Mark
19:15:41.679 Initialize success
19:15:41.728 VM: initialized successfully
19:15:41.729 VM: Intel CPU supported
19:15:45.600 VM: supported disk I/O ataport.SYS
19:24:07.240 AVAST engine defs: 14122601
19:27:37.467 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:27:37.469 Disk 0 Vendor: TOSHIBA_DT01ACA100 MS2OA750 Size: 953869MB BusType: 11
19:27:37.639 VM: Disk 0 MBR read successfully
19:27:37.641 Disk 0 MBR scan
19:27:37.644 Disk 0 Windows 7 default MBR code
19:27:37.652 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 499 MB offset 2048
19:27:37.654 Disk 0 Boot: NTFS code=1
19:27:37.662 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953368 MB offset 1024000
19:27:37.676 Disk 0 scanning C:\windows\system32\drivers
19:27:43.786 Service scanning
19:28:03.444 Modules scanning
19:28:03.449 Disk 0 trace - called modules:
19:28:03.462 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:28:03.464 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b33060]
19:28:03.467 3 CLASSPNP.SYS[fffff880018eb43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007497060]
19:28:04.773 AVAST engine scan C:\windows
19:28:06.582 AVAST engine scan C:\windows\system32
19:30:27.656 AVAST engine scan C:\windows\system32\drivers
19:30:36.115 AVAST engine scan C:\Users\Mark
19:34:57.174 AVAST engine scan C:\ProgramData
19:35:17.489 Disk 0 MBR has been saved successfully to "C:\Users\Mark\Desktop\Armour\MBR.dat"
19:35:17.493 The log file has been saved successfully to "C:\Users\Mark\Desktop\Armour\aswMBR.txt"

Thanks in advance.

**Juliet** · 2014-12-28, 13:43

Hi

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

start
CloseProcesses:
2014-12-26 18:53 - 2014-12-26 18:53 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\TuneUp Software
2014-12-26 18:53 - 2014-12-26 18:53 - 00000000 ____D () C:\Users\Mark\AppData\Local\TuneUp Software
2014-12-26 18:50 - 2014-12-26 18:53 - 00000000 ____D () C:\ProgramData\TuneUp Software
C:\Users\Mark\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Mark\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Mark\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Mark\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Mark\AppData\Local\Temp\TUUUninstallHelper.exe
EmptyTemp:
Hosts:
End

Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

*******

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

~~~~~~~~~~~~~~
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

**markus212** · 2015-01-01, 02:12

Hi, here is the fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by Mark at 2014-12-31 23:49:51 Run:1
Running from C:\Users\Mark\Desktop\Armour
Loaded Profile: Mark (Available profiles: Mark)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
2014-12-26 18:53 - 2014-12-26 18:53 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\TuneUp Software
2014-12-26 18:53 - 2014-12-26 18:53 - 00000000 ____D () C:\Users\Mark\AppData\Local\TuneUp Software
2014-12-26 18:50 - 2014-12-26 18:53 - 00000000 ____D () C:\ProgramData\TuneUp Software
C:\Users\Mark\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Mark\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Mark\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Mark\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Mark\AppData\Local\Temp\TUUUninstallHelper.exe
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
C:\Users\Mark\AppData\Roaming\TuneUp Software => Moved successfully.
C:\Users\Mark\AppData\Local\TuneUp Software => Moved successfully.
C:\ProgramData\TuneUp Software => Moved successfully.
"C:\Users\Mark\AppData\Local\Temp\DseShExt-x64.dll" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\DseShExt-x86.dll" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\SDShelEx-win32.dll" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\SDShelEx-x64.dll" => File/Directory not found.
"C:\Users\Mark\AppData\Local\Temp\TUUUninstallHelper.exe" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 712.4 MB temporary data.

The system needed a reboot.

==== End of Fixlog 23:50:30 ====

And the adwcleaner.txt:

# AdwCleaner v4.106 - Report created 01/01/2015 at 00:41:22
# Updated 21/12/2014 by Xplode
# Database : 2014-12-30.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Mark - WIN-7Q0K2TFJBH6
# Running from : C:\Users\Mark\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Mark\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Mark\AppData\Roaming\RHEng
File Deleted : C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Google Chrome v39.0.2171.95

*************************

AdwCleaner[R0].txt - [1121 octets] - [01/01/2015 00:37:06]
AdwCleaner[S0].txt - [1051 octets] - [01/01/2015 00:41:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1111 octets] ##########

And finally the JRT.txt:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Mark on 01/01/2015 at 0:52:02.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/01/2015 at 0:54:11.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

**Juliet** · 2015-01-01, 12:14

Download Malwarebytes' Anti-Malware to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes

***************************************

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.

Go here to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how.
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.

*************************************

Please post
Malwarebytes log
Eset log

How is your computer now?

**Juliet** · 2015-01-04, 15:09

Still need help?

**markus212** · 2015-01-05, 01:24

Hi sorry for the delay, here is the malwarebytes log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 04/01/2015
Scan Time: 22:40:21
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.04.15
Rootkit Database: v2014.12.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mark

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 314974
Time Elapsed: 15 min, 36 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.IHlpr.A, C:\Users\Mark\AppData\Roaming\IHlpr\B8C4F19C31C14C8A90A6695E826BC8FF, , [fc736e85b7d268ce5f6c4c1344bf46ba],

Files: 1
PUP.Optional.IHlpr.A, C:\Users\Mark\AppData\Roaming\IHlpr\B8C4F19C31C14C8A90A6695E826BC8FF\TuneUpUtilities_UK_Exp2.exe, , [fc736e85b7d268ce5f6c4c1344bf46ba],

Physical Sectors: 0
(No malicious items detected)

(end)

The ESET scanner said "No Threats found" and didn't save any kind of log.

**Juliet** · 2015-01-05, 03:20

Did you allow Malwarebytes to quarantine/ delete what was found?

How is your computer now?

**markus212** · 2015-01-08, 01:10

It quarantined 2 threats yes. Computer seems to be running fine, web pages are loading normally now.

**Juliet** · 2015-01-08, 01:26

DelFix

Please download DelFix and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
- Activate UAC
- Remove disinfection tools
- Create registry backup
- Reset system settings
Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

Answers to common security questions - Best Practices by quietman7, MVP
How Malware Spreads - How did I get infected? by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
How to Prevent Malware by miekiemoes, MVP
How to backup and restore your data using Cobian Backup by YourHighness
Slow Computer/browser? It May Not Be Malwareby quietman7, MVP

The following programmes come highly recommended in the security community.

AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
Secuina PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

**markus212** · 2015-01-11, 22:23

Hi, I've run the DelFix tool, here's the log that popped up:

# DelFix v10.8 - Logfile created 11/01/2015 at 21:21:37
# Updated 29/07/2014 by Xplode
# Username : Mark - WIN-7Q0K2TFJBH6
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Mark\Downloads\AdwCleaner.exe
Deleted : C:\Users\Mark\Downloads\esetsmartinstaller_enu.exe
Deleted : C:\Users\Mark\Downloads\JRT.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR

~ Creating registry backup ... OK

~ Resetting system settings ... OK

########## - EOF - ##########

Thanks for your help!

Thread: Accidentally downloaded Tuneup Utilities 2014 spyware.

Thread Tools

Display

Accidentally downloaded Tuneup Utilities 2014 spyware.

Posting Permissions