# Very stubborn adware / malware



## cheekyninja (Dec 14, 2014)

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Professional, Service Pack 1, 64 bit
Processor: AMD FX(tm)-9370 Eight-Core Processor, AMD64 Family 21 Model 2 Stepping 0
Processor Count: 8
RAM: 16344 Mb
Graphics Card: AMD Radeon HD 7900 Series, -1024 Mb
Hard Drives: C: Total - 228933 MB, Free - 153242 MB; G: Total - 953866 MB, Free - 398886 MB;
Motherboard: Gigabyte Technology Co., Ltd., 990FXA-UD5
Antivirus: Ad-Aware Antivirus, Disabled

Don't normally have a problem removing these sorts of things myself but this has really got me stumped.

I use Chrome as my default browser, it is infested with inbedded adverts, popups and redirecting.

I have used Hijackthis and removed everything that looked suspicious (can supply a log)

I have removed all extensions within chrome that I didnt chose to install. I have removed all of the search engines except for google. I tried disabling every extension but it had no impact on the adds.

I have used spybot search and destroy 2.4 which finds no problems.

I have Ad-aware antivirus which finds no problems.

Avast-browser-cleanup says there is nothing wrong with my browser

I used adwcleaner_4.105 which doesnt find anything.

I did find some program files called gifter, cheapdeals and similar which have been deleted.

I have gone through the add/remove programs and cannot find anything on there that I cant identify.

Nothing seems to have an impact on it, im struggling because none of the software I have used shows me anything is wrong.


----------



## dbreeze (Oct 6, 2014)

Hi cheekyninja

Welcome to Tech Support Guy. My name is dbreeze and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

As I am in the final phase of training right now, my responses to you may be delayed slightly as they have to be checked by my adviser (good news for you, as there will be two sets of eyes fixing your problem). I promise to be as prompt as possible in helping you, so please bear with me and we will get through this.
*Please read all of my response through at least once before attempting to follow the procedures described.*I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. *If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.*
*All of the assistants and staff at Tech Support Guy are here on a volunteer basis; please respect our time given to the cause of helping others.*If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
*Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. * The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
*If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.*All of the tools I will have you use are safe to use (as instructed) and malware free.
*While we strive to disrupt your system as little as possible, things happen.*If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
*Please do not run any other tools or scanners than what I ask you to.*Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
*Please do not attach any log files to your replies unless I specifically ask you.*Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.

*- Save ALL Tools to your Desktop-*​All the tools that I will have you download should be placed on the *desktop *unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.







Google Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.







Choose *Settings*. at the bottom of the screen click the
"*Show advanced settings...*" link. Scroll down to find the Downloads section and click the *Change... *button. Select your desktop and click OK.







Mozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser.







Choose *Options*. In the downloads section, click the *Browse *button, click on the Desktop folder
and the click the "Select Folder" button. Click OK to get out of the Options menu.







Internet Explorer - Click the Tools menu in the upper right-corner of the browser.







Select *View downloads*. Select the *Options *link in the lower left of the window. Click Browse and
select the Desktop and then choose the *Select Folder *button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
*Let's get started....*

Please download Farbar Recovery Scan Tool 64bit and save it to your Desktop.


Right click the FRST file on your desktop and select "Run as Administrator..." (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click *Yes* to disclaimer.
If an update is available, the program will inform you and download the update. Allow it do this please.
Press the *Scan* button.
It will produce a log called *FRST.txt* in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (*Addition.txt* - also located in the same directory as FRST64.exe). Please also paste that along with the FRST.txt into your reply.


----------



## cheekyninja (Dec 14, 2014)

Hi dbreeze,

Thanks for the reply, look forward to getting this all resolved!

frst.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Luke (administrator) on LUKE-PC on 16-12-2014 08:17:52
Running from C:\Users\Luke\Desktop
Loaded Profile: Luke (Available profiles: Luke)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Company) C:\Program Files (x86)\Popcorn Time\Updater.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-12-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-12-13] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585048 2014-05-31] (Razer Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-12-08] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\RunOnce: [EasyTuneVI] => C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe [40960 2012-07-09] ()
HKU\S-1-5-21-2156901063-3073810262-3925687902-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-2156901063-3073810262-3925687902-1000\...\RunOnce: [Adobe Speed Launcher] => 1418717725
HKU\S-1-5-21-2156901063-3073810262-3925687902-1000\...\MountPoints2: {4bb9cae1-03d2-11e4-a849-806e6f6e6963} - D:\Run.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-07-06] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-2156901063-3073810262-3925687902-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2156901063-3073810262-3925687902-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://knowhow.cyrilsweett.com/Pages/CSHome.aspx
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-13]
CHR Extension: (Google Docs) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-13]
CHR Extension: (Google Drive) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-04]
CHR Extension: (YouTube) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-04]
CHR Extension: (Google Search) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-04]
CHR Extension: (Google Sheets) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-13]
CHR Extension: (AdBlock) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-04]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-07-04]
CHR Extension: (Allow Right-Click) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo [2014-07-04]
CHR Extension: (Google +1 Button) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2014-07-04]
CHR Extension: (Google Wallet) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-04]
CHR Extension: (Vimeo Downloader) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmggbdmadcebmiklfajmbfpdgimdpij [2014-07-04]
CHR Extension: (20-20 3D Viewer for IKEA) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfhldcakmgpmglboaclpfdedehjblalp [2014-08-01]
CHR Extension: (Gmail) - C:\Users\Luke\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-11-20] (Advanced Micro Devices, Inc.) [File not signed]
S4 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [528096 2014-06-08] (Futuremark)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Update service; C:\Program Files (x86)\Popcorn Time\Updater.exe [179200 2014-10-09] (Company) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\AMD\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
R3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-12-16] ()
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [39080 2014-05-19] (Razer Inc)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]
S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 08:17 - 2014-12-16 08:17 - 02119168 _____ (Farbar) C:\Users\Luke\Desktop\FRST64.exe
2014-12-16 08:17 - 2014-12-16 08:17 - 00015280 _____ () C:\Users\Luke\Desktop\FRST.txt
2014-12-16 08:17 - 2014-12-16 08:17 - 00000000 ____D () C:\FRST
2014-12-14 22:18 - 2014-12-14 22:18 - 00509440 _____ (Tech Support Guy System) C:\Users\Luke\Downloads\SysInfo.exe
2014-12-14 00:15 - 2014-12-14 00:16 - 16513448 _____ (Anvisoft) C:\Users\Luke\Downloads\csbsetup.exe
2014-12-13 23:33 - 2014-12-13 23:34 - 01615535 _____ () C:\Users\Luke\Downloads\13790543685406_uk_GB13_FV215b_42_north_america.wotreplay
2014-12-13 21:43 - 2014-12-13 21:43 - 02953520 _____ (AVAST Software) C:\Users\Luke\Downloads\avast-browser-cleanup.exe
2014-12-13 21:33 - 2014-12-14 00:27 - 00000000 ____D () C:\AdwCleaner
2014-12-13 21:33 - 2014-12-13 21:33 - 02166272 _____ () C:\Users\Luke\Downloads\adwcleaner_4.105.exe
2014-12-13 09:51 - 2014-12-13 09:51 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2014-12-13 09:51 - 2014-12-13 09:51 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-12-13 09:50 - 2014-12-13 09:50 - 00753184 _____ () C:\Users\Luke\Downloads\Adware-Removal-Tool-v3.9.1.exe
2014-12-13 09:49 - 2014-12-13 09:49 - 01102848 _____ () C:\Users\Luke\Downloads\Setup (1).exe
2014-12-13 09:27 - 2014-12-13 09:27 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\Lavasoft
2014-12-13 00:31 - 2014-12-16 08:15 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-12-13 00:31 - 2014-12-13 00:31 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\LavasoftStatistics
2014-12-13 00:31 - 2014-12-13 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-12-13 00:29 - 2014-12-13 00:29 - 00000000 ____D () C:\Program Files\Lavasoft
2014-12-13 00:27 - 2014-12-13 00:27 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-12-13 00:26 - 2014-12-13 00:26 - 01754248 _____ () C:\Users\Luke\Downloads\Adaware_Installer.exe
2014-12-13 00:26 - 2014-12-13 00:26 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-12-09 19:59 - 2014-11-21 11:35 - 01188864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-09 19:59 - 2014-11-21 11:34 - 12289024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-09 19:59 - 2014-11-21 11:34 - 09058816 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-09 19:59 - 2014-11-21 11:34 - 02467328 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-09 19:59 - 2014-11-21 11:34 - 01541632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-09 19:59 - 2014-11-21 11:34 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-09 19:59 - 2014-11-21 11:34 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-09 19:59 - 2014-11-21 11:34 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-09 19:59 - 2014-11-21 11:34 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-09 19:59 - 2014-11-21 11:34 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-09 19:59 - 2014-11-21 11:34 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-09 19:59 - 2014-11-21 11:33 - 00495616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-09 19:59 - 2014-11-21 11:33 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-09 19:59 - 2014-11-21 11:33 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-09 19:59 - 2014-11-21 11:33 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-09 19:59 - 2014-11-21 11:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-09 19:59 - 2014-11-21 11:32 - 01538048 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-09 19:59 - 2014-11-21 10:44 - 00981504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-09 19:59 - 2014-11-21 10:43 - 06026240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-09 19:59 - 2014-11-21 10:43 - 01267712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-09 19:59 - 2014-11-21 10:43 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-09 19:59 - 2014-11-21 10:43 - 00132096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-09 19:59 - 2014-11-21 10:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-09 19:59 - 2014-11-21 10:43 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-09 19:59 - 2014-11-21 10:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-09 19:59 - 2014-11-21 10:42 - 11019264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-09 19:59 - 2014-11-21 10:42 - 02086912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-09 19:59 - 2014-11-21 10:42 - 00345600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-09 19:59 - 2014-11-21 10:42 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-09 19:59 - 2014-11-21 10:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-09 19:59 - 2014-11-21 10:41 - 01466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-09 19:59 - 2014-11-21 10:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-09 19:59 - 2014-11-21 10:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-09 19:59 - 2014-11-21 10:41 - 00016384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-09 19:59 - 2014-11-21 10:23 - 00482816 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-09 19:59 - 2014-11-21 09:28 - 00386048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-09 19:59 - 2014-11-21 08:55 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-09 19:59 - 2014-11-21 07:53 - 01638912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-09 19:59 - 2014-11-11 03:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-09 19:59 - 2014-11-11 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-09 19:59 - 2014-10-30 02:04 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-09 19:59 - 2014-10-30 01:46 - 00428544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-09 19:03 - 2014-12-09 19:03 - 00058610 _____ () C:\Windows\SysWOW64\CCCInstall_201412091903058179.log
2014-12-09 19:03 - 2014-12-09 19:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-09 19:03 - 2014-12-09 19:03 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-09 19:02 - 2014-12-09 19:02 - 00000000 ____D () C:\ProgramData\ATI
2014-12-06 16:37 - 2014-12-16 08:15 - 00000004 _____ () C:\Windows\SysWOW64\GVTunner.ref
2014-12-05 23:47 - 2014-12-05 23:47 - 00604360 _____ () C:\Users\Luke\Downloads\FileDownloader__9581_il729379.exe
2014-12-04 08:36 - 2014-12-13 00:20 - 00000000 ____D () C:\Users\Luke\Desktop\backups
2014-12-03 19:08 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-12-03 19:07 - 2014-12-09 22:36 - 00000000 ____D () C:\Users\Luke\AppData\Local\Ubisoft Game Launcher
2014-12-03 19:07 - 2014-12-03 19:07 - 00000123 _____ () C:\Users\Public\Desktop\FarCry 4.url
2014-12-03 19:07 - 2014-12-03 19:07 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2014-12-03 19:07 - 2014-12-03 19:07 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-11-30 20:56 - 2014-11-30 20:56 - 00000000 ____D () C:\Users\Luke\Documents\Banished
2014-11-29 23:30 - 2014-11-29 23:31 - 25723531 _____ () C:\Users\Luke\Downloads\installer_win (2).exe
2014-11-29 23:00 - 2014-11-29 23:00 - 00000222 _____ () C:\Users\Luke\Desktop\Banished.url
2014-11-29 20:41 - 2014-11-30 12:27 - 00000000 ____D () C:\Users\Luke\AppData\Local\Skyrim
2014-11-26 11:53 - 2014-11-26 11:53 - 10152517 _____ () C:\Users\Luke\Downloads\Desktop.rar
2014-11-25 20:07 - 2014-11-25 20:07 - 00000000 ____D () C:\Users\Luke\Downloads\WoT Replay Analyzer 0.9.4.0-WIP#2
2014-11-25 20:06 - 2014-11-25 20:06 - 14300097 _____ () C:\Users\Luke\Downloads\SmyleeRage's Third Day 13 Battles.rar
2014-11-25 20:04 - 2014-11-25 20:06 - 26103571 _____ () C:\Users\Luke\Downloads\WoT Replay Analyzer 0.9.4.0-WIP#2.7z
2014-11-21 22:50 - 2014-11-21 22:50 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\10tons
2014-11-21 02:44 - 2014-11-21 02:44 - 09401480 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-11-21 02:44 - 2014-11-21 02:44 - 00128384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2014-11-21 02:44 - 2014-11-21 02:44 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-11-21 02:44 - 2014-11-21 02:44 - 00118096 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2014-11-21 02:44 - 2014-11-21 02:44 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-11-21 02:44 - 2014-11-21 02:44 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-11-21 02:44 - 2014-11-21 02:44 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-11-21 02:44 - 2014-11-21 02:44 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-11-21 02:41 - 2014-11-21 02:41 - 00294600 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-11-21 02:40 - 2014-11-21 02:40 - 18959360 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-11-21 02:33 - 2014-11-21 02:33 - 47899136 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-11-21 02:33 - 2014-11-21 02:33 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2014-11-21 02:33 - 2014-11-21 02:33 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-11-21 02:33 - 2014-11-21 02:33 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-11-21 02:33 - 2014-11-21 02:33 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-11-21 02:33 - 2014-11-21 02:33 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-11-21 02:32 - 2014-11-21 02:32 - 40987136 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-11-21 02:31 - 2014-11-21 02:31 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-11-21 02:31 - 2014-11-21 02:31 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-11-21 02:24 - 2014-11-21 02:24 - 28354560 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-11-21 02:19 - 2014-11-21 02:19 - 23621632 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-11-21 02:19 - 2014-11-21 02:19 - 00049664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-11-21 02:19 - 2014-11-21 02:19 - 00038912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-11-21 02:18 - 2014-11-21 02:18 - 05837312 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-11-21 02:18 - 2014-11-21 02:18 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-11-21 02:18 - 2014-11-21 02:18 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-11-21 02:17 - 2014-11-21 02:17 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-11-21 02:17 - 2014-11-21 02:17 - 00631912 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-11-21 02:17 - 2014-11-21 02:17 - 00631912 _____ () C:\Windows\system32\atiapfxx.blb
2014-11-21 02:17 - 2014-11-21 02:17 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-11-21 02:17 - 2014-11-21 02:17 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-11-21 02:17 - 2014-11-21 02:17 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-11-21 02:16 - 2014-11-21 02:16 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-11-21 02:16 - 2014-11-21 02:16 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-11-21 02:16 - 2014-11-21 02:16 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-11-21 02:16 - 2014-11-21 02:16 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-11-21 02:15 - 2014-11-21 02:15 - 04590592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-11-21 02:13 - 2014-11-21 02:13 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-11-21 02:13 - 2014-11-21 02:13 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-11-21 02:13 - 2014-11-21 02:13 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-11-21 02:12 - 2014-11-21 02:12 - 00774656 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-11-21 02:12 - 2014-11-21 02:12 - 00244736 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-11-21 02:12 - 2014-11-21 02:12 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-11-21 02:12 - 2014-11-21 02:12 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-11-21 02:10 - 2014-11-21 02:10 - 00843776 _____ (AMD) C:\Windows\system32\coinst_14.50.dll
2014-11-21 02:09 - 2014-11-21 02:09 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2014-11-21 02:09 - 2014-11-21 02:09 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2014-11-21 02:09 - 2014-11-21 02:09 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2014-11-21 02:09 - 2014-11-21 02:09 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-11-21 02:09 - 2014-11-21 02:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-11-21 02:09 - 2014-11-21 02:09 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-11-21 02:08 - 2014-11-21 02:08 - 00589312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-11-21 02:08 - 2014-11-21 02:08 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-11-21 02:08 - 2014-11-21 02:08 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-11-21 02:08 - 2014-11-21 02:08 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-11-20 21:36 - 2014-11-20 21:36 - 00051200 _____ () C:\Windows\system32\kdbsdk64.dll
2014-11-20 21:35 - 2014-11-20 21:35 - 00038912 _____ () C:\Windows\SysWOW64\kdbsdk32.dll
2014-11-19 18:11 - 2014-11-11 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 18:11 - 2014-11-11 03:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 18:11 - 2014-11-11 02:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 18:11 - 2014-11-11 02:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 17:27 - 2014-11-18 17:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-11-17 18:55 - 2014-11-14 18:45 - 00020499 _____ () C:\Users\Luke\Documents\colors.xc

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-16 08:16 - 2014-07-04 17:15 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\Raptr
2014-12-16 08:15 - 2014-07-04 16:41 - 00030528 _____ () C:\Windows\GVTDrv64.sys
2014-12-16 08:15 - 2014-07-04 16:40 - 00025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2014-12-16 08:15 - 2014-07-04 16:30 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-16 08:15 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-16 08:15 - 2009-07-14 04:51 - 00036266 _____ () C:\Windows\setupact.log
2014-12-15 23:57 - 2014-07-07 22:34 - 00905096 _____ () C:\Windows\IE11_main.log
2014-12-15 23:57 - 2014-07-04 16:26 - 01417764 _____ () C:\Windows\WindowsUpdate.log
2014-12-15 23:50 - 2014-08-17 07:16 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-15 23:46 - 2014-07-04 16:30 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-15 23:12 - 2014-07-04 18:13 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\ActiveDossierUploader
2014-12-15 22:58 - 2009-07-14 05:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-14 00:28 - 2014-07-04 16:40 - 00018334 _____ () C:\Windows\PFRO.log
2014-12-13 10:22 - 2009-07-14 04:45 - 00024480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-13 10:22 - 2009-07-14 04:45 - 00024480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-13 00:26 - 2014-11-04 18:40 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-09 19:50 - 2014-08-17 07:16 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 19:50 - 2014-07-12 18:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 19:50 - 2014-07-12 18:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 19:03 - 2014-07-04 16:36 - 00000000 ____D () C:\ProgramData\AMD
2014-12-09 19:03 - 2014-07-04 16:36 - 00000000 ____D () C:\Program Files\AMD
2014-12-09 19:02 - 2014-07-04 16:36 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-12-09 19:02 - 2014-07-04 16:36 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-12-09 19:01 - 2014-07-04 17:13 - 00000000 ____D () C:\AMD
2014-12-09 18:34 - 2014-07-08 21:08 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-09 18:25 - 2014-07-04 17:15 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-12-06 10:54 - 2014-07-13 16:44 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\uTorrent
2014-12-04 20:56 - 2014-11-08 14:53 - 00000778 _____ () C:\Users\Luke\Desktop\World of Tanks 0.9.4 ProMod.lnk
2014-12-04 20:49 - 2014-07-04 18:08 - 00218200 _____ () C:\Windows\SysWOW64\unrar.dll
2014-12-04 20:49 - 2014-07-04 18:08 - 00034308 _____ () C:\Windows\SysWOW64\bassmod.dll
2014-12-04 19:03 - 2014-07-04 17:32 - 00000000 ____D () C:\Users\Luke\Documents\my games
2014-12-03 19:08 - 2014-07-04 17:46 - 00079203 _____ () C:\Windows\DirectX.log
2014-12-03 19:08 - 2009-07-14 05:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-29 23:32 - 2014-07-04 18:22 - 00003154 _____ () C:\Windows\System32\Tasks\Private Internet Access Startup
2014-11-29 23:32 - 2014-07-04 18:21 - 00000000 ____D () C:\Program Files\pia_manager
2014-11-28 22:08 - 2014-10-24 18:33 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\Mumble
2014-11-21 02:44 - 2014-04-18 02:43 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2014-11-21 02:44 - 2014-04-18 02:42 - 11076784 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2014-11-21 02:44 - 2014-04-18 02:42 - 01348928 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2014-11-21 02:44 - 2014-04-18 02:42 - 01127496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-11-21 02:44 - 2014-04-18 02:42 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-11-21 02:44 - 2014-04-18 02:42 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-11-21 02:43 - 2014-04-18 02:42 - 08379720 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-11-21 02:43 - 2014-04-18 02:42 - 08369408 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-11-21 02:43 - 2014-04-18 02:42 - 07558816 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-11-21 02:43 - 2014-04-18 02:42 - 07077776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-11-21 02:12 - 2014-09-15 22:03 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-11-21 02:09 - 2014-04-18 01:09 - 01214976 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-11-21 02:09 - 2014-04-18 01:09 - 00903168 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-11-21 02:09 - 2014-04-18 01:08 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2014-11-20 12:27 - 2014-07-04 20:37 - 00000000 ____D () C:\Users\Luke\AppData\Roaming\vlc
2014-11-17 20:29 - 2014-11-05 22:36 - 00000004 _____ () C:\Users\Luke\AppData\Roaming\appdataFr2.bin

Some content of TEMP:
====================
C:\Users\Luke\AppData\Local\Temp\Quarantine.exe
C:\Users\Luke\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-06 00:11

==================== End Of Log ============================

addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by Luke at 2014-12-16 08:18:12
Running from C:\Users\Luke\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.33 - GIGABYTE)
µTorrent (HKU\S-1-5-21-2156901063-3073810262-3925687902-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Assetto Corsa (HKLM-x32\...\Steam App 244210) (Version: - Kunos Simulazioni)
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Banished (HKLM-x32\...\Steam App 242920) (Version: - Shining Rock Software LLC)
Blender (HKLM\...\Blender) (Version: 2.71 - Blender Foundation)
blueCFD-SingleCore Uninstall (HKLM-x32\...\{C45D7528-1A9D-497C-AA8C-7C0A8D393A1E}_is1) (Version: 2.1.2.0 - blueCAPE Lda)
Contribtastic 2.1.2 (HKLM-x32\...\Contribtastic) (Version: 2.1.2 - StackFoundry LLC)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Easy Tune 6 B13.1111.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B13.1111.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Etron USB3.0 Host Controller (x32 Version: 0.118 - Etron Technology) Hidden
FarCry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)
Futuremark SystemInfo (HKLM-x32\...\{4115C9AA-35E0-45D8-9363-47635B8750C7}) (Version: 4.29.438.0 - Futuremark)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
K-Lite Codec Pack 10.6.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.6.5 - )
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.2.0.1039 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
ON_OFF Charge 2 B13.1028.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.1028.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
PingPlotter Freeware (HKLM-x32\...\{8C99C3CB-763F-4D87-8ACA-81B6899207B1}) (Version: 1.30.0.11 - Nessoft, LLC)
Popcorn Time (HKLM-x32\...\Popcorn Time_is1) (Version: Beta 4.3 - Popcorn Time)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Raptr (HKLM-x32\...\Raptr) (Version: - )
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.13 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7106 - Realtek Semiconductor Corp.)
SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2156901063-3073810262-3925687902-1000_Classes\CLSID\{D45F043D-F17F-4e8a-8435-70971D9FA46D}\InprocServer32 -> C:\Program Files\Blender Foundation\Blender\BlendThumb64.dll ()

==================== Restore Points =========================

06-12-2014 12:55:13 Windows Update
06-12-2014 18:48:46 Windows Update
07-12-2014 01:51:06 Windows Update
07-12-2014 10:43:52 Windows Update
08-12-2014 00:11:42 Windows Update
09-12-2014 00:02:49 Windows Update
09-12-2014 23:51:33 Windows Update
12-12-2014 18:42:02 Windows Update
13-12-2014 00:26:56 AA11
13-12-2014 10:19:13 Windows Update
14-12-2014 00:48:49 Windows Update
14-12-2014 12:47:14 Windows Update
14-12-2014 23:32:37 Windows Update
15-12-2014 20:01:14 Windows Update
15-12-2014 23:53:56 Windows Update

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {344CA77F-13C2-47BD-946B-FFB16D3FAA59} - System32\Tasks\{6DFE375E-CE98-4A42-8330-6C5706DB2414} => pcalua.exe -a "G:\Program Files (x86)\World_of_Tanks\ProMod.exe" -d "G:\Program Files (x86)\World_of_Tanks"
Task: {43793184-9D92-48FC-8FE5-41538D133B8E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)
Task: {82CE656A-1A30-408E-879E-FD9C81D3BB9E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {972A3B53-90ED-4891-B843-961800A7CC29} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-04] (Google Inc.)
Task: {BFB5B726-50C4-454C-9841-4A6E85FC5B2F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {D8FBF94C-0129-4CBA-A8C6-68604699495B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {E2364988-55A7-4A0E-9F70-9B805C0467EE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {EC691064-831B-4F10-AED7-D34D3E49B8C8} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-11-29] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-20 21:23 - 2014-11-20 21:23 - 00214528 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 00817152 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Device.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 03650560 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Platform.dll
2014-10-15 13:37 - 2014-10-15 13:37 - 00707888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
2014-10-15 14:03 - 2014-10-15 14:03 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 12459344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareServiceKernel.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_regex-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareActivation.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 02185560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareApplicationUpdater.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareGamingMode.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareReset.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTime.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00952152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdater.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01108808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIgnoreList.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00250696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareQuarantine.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00989016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiMalwareEngine.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiRootkitEngine.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerHistory.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01281344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScanner.dll
2014-10-15 14:04 - 2014-10-15 14:04 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_timer-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00976728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerScheduler.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01092440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtection.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIncompatibles.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00893768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiSpam.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00845136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiPhishing.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareParentalControl.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 02887504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareWebProtection.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareEmailProtection.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNetworkProtection.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePromo.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareFeedback.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareThreatWorkAlliance.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01264960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePinCode.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNotice.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAvcEngine.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 01179496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtectionHistory.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\SecurityCenter.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 02753360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareShellExtension.dll
2012-01-13 13:04 - 2012-01-13 13:04 - 00219760 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
2014-10-15 14:03 - 2014-10-15 14:03 - 08925504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
2014-10-15 14:03 - 2014-10-15 14:03 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 02132800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll
2014-10-15 14:03 - 2014-10-15 14:03 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll
2014-11-20 21:23 - 2014-11-20 21:23 - 00102400 _____ () C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-11-04 18:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-04 18:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-04 18:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-04 18:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-04 18:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-11-11 17:56 - 2013-11-11 17:56 - 02887747 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll
2013-11-05 10:07 - 2013-11-05 10:07 - 00651327 _____ () C:\Program Files (x86)\GIGABYTE\ET6\work.dll
2013-09-13 14:26 - 2013-09-13 14:26 - 01331266 _____ () C:\Program Files (x86)\GIGABYTE\ET6\SF.dll
2008-05-07 14:22 - 2008-05-07 14:22 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll
2012-05-08 14:01 - 2012-05-08 14:01 - 00069632 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll
2012-11-27 14:03 - 2012-11-27 14:03 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll
2010-06-24 14:50 - 2010-06-24 14:50 - 00094208 _____ () C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll
2011-03-01 18:00 - 2011-03-01 18:00 - 00126976 _____ () C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll
2011-10-18 08:26 - 2011-10-18 08:26 - 00024576 _____ () C:\Program Files (x86)\GIGABYTE\ET6\STT.dll
2013-11-05 12:12 - 2013-11-05 12:12 - 01499200 _____ () C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll
2013-11-06 16:59 - 2013-11-06 16:59 - 01335358 _____ () C:\Program Files (x86)\GIGABYTE\ET6\HM.dll
2013-03-23 09:59 - 2013-03-23 09:59 - 01433674 _____ () C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll
2003-02-14 13:11 - 2003-02-14 13:11 - 00102400 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll
2013-11-01 09:29 - 2013-11-01 09:29 - 01318984 _____ () C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll
2013-05-23 23:50 - 2013-05-23 23:50 - 03860520 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Platform.dll
2013-05-23 23:50 - 2013-05-23 23:50 - 00579616 _____ () C:\Program Files (x86)\GIGABYTE\ET6\Device.dll
2013-09-12 10:50 - 2013-09-12 10:50 - 00311296 _____ () C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.DLL
2010-11-22 22:56 - 2010-11-22 22:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 22:56 - 2010-11-22 22:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 22:56 - 2010-11-22 22:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 23:26 - 2014-05-13 23:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 23:26 - 2014-05-13 23:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 23:26 - 2014-05-13 23:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 23:26 - 2014-05-13 23:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 22:57 - 2010-11-22 22:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 22:56 - 2010-11-22 22:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 22:56 - 2010-11-22 22:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2010-11-22 22:56 - 2010-11-22 22:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 22:57 - 2010-11-22 22:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 22:57 - 2010-11-22 22:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 22:56 - 2010-11-22 22:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 18:17 - 2011-02-15 18:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 22:57 - 2010-11-22 22:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2014-05-13 23:26 - 2014-05-13 23:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 22:56 - 2010-11-22 22:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2010-11-22 22:56 - 2010-11-22 22:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 22:56 - 2010-11-22 22:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 22:57 - 2010-11-22 22:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2014-08-14 00:37 - 2014-08-14 00:37 - 00113171 _____ () C:\Program Files (x86)\Raptr\libvlc.dll
2014-08-14 00:37 - 2014-08-14 00:37 - 02396691 _____ () C:\Program Files (x86)\Raptr\libvlccore.dll
2010-11-22 22:56 - 2010-11-22 22:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 22:57 - 2010-11-22 22:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 22:56 - 2010-11-22 22:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2013-11-21 00:05 - 2013-11-21 00:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 22:57 - 2010-11-22 22:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2014-06-18 00:56 - 2014-06-18 00:56 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 18:17 - 2011-02-15 18:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 23:06 - 2010-11-22 23:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 23:52 - 2013-05-09 23:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 23:52 - 2013-05-09 23:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 23:52 - 2013-05-09 23:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 18:57 - 2013-05-03 18:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 18:56 - 2013-05-03 18:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 18:56 - 2013-05-03 18:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 18:57 - 2013-05-03 18:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 18:56 - 2013-05-03 18:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 18:57 - 2013-05-03 18:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 18:57 - 2013-05-03 18:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 18:57 - 2013-05-03 18:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 18:57 - 2013-05-03 18:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
2014-10-28 21:47 - 2014-10-22 04:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-28 21:47 - 2014-10-22 04:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-28 21:47 - 2014-10-22 04:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-28 21:47 - 2014-10-22 04:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
2014-10-28 21:47 - 2014-10-22 04:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2156901063-3073810262-3925687902-500 - Administrator - Disabled)
Guest (S-1-5-21-2156901063-3073810262-3925687902-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2156901063-3073810262-3925687902-1005 - Limited - Enabled)
Luke (S-1-5-21-2156901063-3073810262-3925687902-1000 - Administrator - Enabled) => C:\Users\Luke

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/13/2014 10:19:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service VideoCnv since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

System errors:
=============
Error: (12/16/2014 08:15:49 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/16/2014 08:15:48 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/16/2014 08:15:28 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/16/2014 08:15:27 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/16/2014 08:15:27 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/16/2014 08:15:24 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/16/2014 08:15:23 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
UsbCharger

Error: (12/16/2014 08:15:19 AM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/15/2014 11:57:05 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (12/15/2014 11:57:03 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7 for x64-based Systems.

Microsoft Office Sessions:
=========================
Error: (12/16/2014 08:15:19 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (12/15/2014 10:52:40 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (12/15/2014 06:21:48 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (12/14/2014 03:15:00 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (12/14/2014 10:16:58 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (12/14/2014 00:28:29 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (12/14/2014 00:20:40 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (12/13/2014 09:36:17 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (12/13/2014 01:00:45 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000

Error: (12/13/2014 10:19:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddWin32ServiceFiles: Unable to back up image of service VideoCnv since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

==================== Memory info ===========================

Processor: AMD FX(tm)-9370 Eight-Core Processor 
Percentage of memory in use: 23%
Total physical RAM: 16344.73 MB
Available physical RAM: 12497.37 MB
Total Pagefile: 32687.65 MB
Available Pagefile: 28364.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.57 GB) (Free:149.6 GB) NTFS
Drive g: (Storage) (Fixed) (Total:931.51 GB) (Free:389.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 78F36D3A)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: 6832F6FD)
Partition 1: (Not Active) - (Size=223.6 GB) - (Type=07 NTFS)

==================== End Of Log ============================


----------



## dbreeze (Oct 6, 2014)

Cheekyninja,

Thank you for the FRST logs. I have reviewed them and can offer the following:

*First, P2P warnings >>>>*

   ALERT!!!  P2P WARNING ALERT!!!   ​
*You have a P2P / file sharing application on your system!!* While this may not be a surprize to you (most likely installed by you or another user on the system) and the file sharing application itself may be safe, the files shared could be a little more than you hoped for. *File sharing* has been shown to be a major source for *trojans, virii, worms and webbot attacks* to spread on the internet. There are *exploits in file sharing software* that can be used to compromise your system and personal information. You may be sharing a lot more than just a little bandwidth to 'help the community share' information.

*Geeks to Go recommends that you uninstall your P2P software*; you have to have open pathways (network ports) in and out of your system and you could be helping to move illegal files (copyrighted material (software, movies, video, etc.) even if you don't 'download' them yourself.

*If you choose to keep your P2P program installed, I must ask that you de-activate / shutdown the software and not use it until the cleaning of your system is done.*

*Application to uninstall:
µTorrent
Popcorn Time*

*Need more info? Read these:*

US Gov. CERT: Risks of File Sharing Technology 
2010: The Year of P2P Vulnerabilities
Risks of P2P file sharing
File sharing infects 500,000 computers
*Second, AdBlock in Chrome >>>>*

I noticed that you do have AdBlock installed in Chrome; is it active and working? Possibly does the Allowed Ads / Websites need to be reset?

*Third, A FRST Fixlist script >>>>*

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as *fixlist.txt*



> start
> CloseProcesses:
> HKLM\...\Run: [] => [X]
> HKLM-x32\...\Run: [] => [X]
> ...


*NOTE.* It's important that both files, *FRST64* and *fixlist.txt *are in the same location or the fix will not work.

*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*

Run *FRST64* and press the *Fix* button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

*Information to Reply with >>>>*

What did you decide about the P2P programs?
What about the AdBlock in Chrome? Did that help any?
The FRST Fixlog.txt log file.
How is your system now?


----------



## cheekyninja (Dec 14, 2014)

dbreeze,

Thanks for the help.

I'm comfortable with the P2P software so I will keep that but wont run it all until the issues are fixed. If you have a particular issue with it then I can remove it.

Adblock in Chrome I have looked through all the settings and it all appears fine, the allow list still only has 1 or 2 sites on it which are ones I have added and it is blocking some of the popups that are trying to appear from the adware (4 on this page alone).

I ran the fixlist and it has not had any impact.

To be honest I would have been disappointed if I had missed an easy fix.

If it helps some of the popups say "provided by gifter" on them. A search of C: for gifter produces no results.

Fix log is below.



> Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
> Ran by Luke at 2014-12-17 18:22:25 Run:1
> Running from C:\Users\Luke\Desktop
> Loaded Profile: Luke (Available profiles: Luke)
> ...


Also every now and then when I open chrome there are 4 addititional blank tabs which open, none of these are shown on the "pages to open when starting chrome" under settings.

The tabs are:

http://--extensions-on-chrome-urls/
http://--test-type/
http://--load-extension=c/Program Files/Google/Chrome/Application/Extensions/chrome/app
http://--load-component-extension=c/Program Files/Google/Chrome/Application/Extensions/chrome/man

and all say "This webpage is not available"


----------



## dbreeze (Oct 6, 2014)

Thank you for the information and the log file. I believe that the culprit of your problems are some of the extensions in Chrome.

Download the attached *fixlist.txt* file and save it to the Desktop.

*NOTE.* It's important that both files, *FRST64* and *fixlist.txt *are in the same location or the fix will not work.

*NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system*

Run *FRST64* by right clicking on it, selecting "Run as Administrator .." and pressing the *Fix* button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


----------



## cheekyninja (Dec 14, 2014)

Okay, I have run the fixlist and it hasn't had any impact.

Log below



> Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
> Ran by Luke at 2014-12-20 09:31:32 Run:2
> Running from C:\Users\Luke\Desktop
> Loaded Profile: Luke (Available profiles: Luke)
> ...


----------



## dbreeze (Oct 6, 2014)

Let us try and see if the Chrome Default profile files are corrupt.

Enter the keyboard shortcut Windows key +E to open Windows Explorer.

In the Windows Explorer window that appears enter the following in the address bar.
Windows XP: %USERPROFILE%\Local Settings\Application Data\Google\Chrome\User Data\
Windows Vista/ Windows 7/ Windows 8: %LOCALAPPDATA%\Google\Chrome\User Data\

Locate the folder called "Default" in the directory window that opens and rename it as "Backup default."

Try opening Google Chrome again. A new "Default" folder is automatically created as you start using the browser.

Do you still get the same issues with Chrome now?


----------



## cheekyninja (Dec 14, 2014)

That has removed the embedded adverts (yay) but I still have popups opening everytime I click and redirects when I try to follow links.

Also still have the hyperlink key word adverts within text. i.e. "wndows vista" in you post pops up a little window "ad by gifter" official windows drivers.. etc.

Edit: It has made the embedded adverts appear slightly less often, they are still here. :/


----------



## dbreeze (Oct 6, 2014)

Sorry it has taken so long to reply but it did take a while to work out what may be happening. Waiting on approval of my post and will be back as soon as that happens.

On a side note, wishing you and yours a very Happy Holidays!!


----------



## cheekyninja (Dec 14, 2014)

Thank you, Happy Holidays to you too


----------



## dbreeze (Oct 6, 2014)

The fact that the clean Chrome profile and the clean extensions in Chrome did not solve the problem of the ads had me scratching my head for awhile until I noticed the following on my own machine:










I then read the Help file on AdBlock Plus (found out that most ad blocking extensions for browsers use the same syntax) and wrote the following custom filter rule:










After the addition of the custom filter rule, the web page displays as this:










I believe you should be able to do the same for the filter you have in Chrome. Notice the double pipe characters in the front of the filter rule. I believe the custom rule to add in your case is ||gifter.com^ . If that does not work then we can Wireshark your net traffic and search for the proper name.


----------



## cheekyninja (Dec 14, 2014)

Perfect!

So are these adds embedded in the sites I am visiting rather than my pc? Just seems odd that its the same add provider across everything I browse?

Anyway you are a star, thank you very much


----------



## cheekyninja (Dec 14, 2014)

Argh its back!!


----------



## dbreeze (Oct 6, 2014)

*First*, I hope you had a good holidays and safe New Years (coming up).

*Second,*







OTL
OTL is a tool for searching key areas of the registry and other system locations for the telltale signs of malware. It generates a comprehensive log, and offers an initial diagnosis.

Download OTL to your Desktop
Please right click on the OTL icon and select Run as Administrator. Make sure all other windows are closed and to let the tool run uninterrupted.
Make sure the following boxes / options are selected:
Scan All Users
*File Age -> select 90 days*
Include 64bit Scans (if this option is present)
Use Company-Name WhiteList
Skip Microsoft Files
Use No-Company-Name Whitelist
LOP Check
Purity Check
Use Safelist is selected under Extra Registry option box.

Copy the contents of the quote box below and paste them into the Custom Scans/Fixes box at the bottom of OTL's main panel. _Do not copy the word Quote._


> netsvcs
> BASESERVICES
> %SYSTEMDRIVE%\*.exe
> dir "%systemdrive%\*" /S /A:L /C
> ...



Click the Run Scan button. The scan won't take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into your reply. Thank you.

*Third,*
Download the latest version of TDSSKiller from *here* and save it to your Desktop.


Doubleclick on *TDSSKiller.exe* to run the application, then click on *Change parameters*.










Check the boxes beside *Verify Driver Digital Signature and Detect TDLFS* file system, then click OK.










Click the *Start Scan* button.










If a suspicious object is detected, the default action will be *Skip*, click on *Continue*.










If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure *Cure* is selected, then click *Continue* => *Reboot now* to finish the cleaning process.










Note: *If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.*

A report will be created in your root directory, (usually C:\ folder) in the form of *"TDSSKiller.[Version]_[Date]_[Time]_log.txt"*. Please copy and paste its contents on your next reply.

*Information to Reply with >>>>*

How is your system running?
The OTL log file.
The OTL Extras log file.
The TDSSKiller log file.


----------



## dbreeze (Oct 6, 2014)

Do you still need any help here? Or are you getting assistance else where?


----------



## cheekyninja (Dec 14, 2014)

Sorry for the delay been busy with the family etc over new year.

Ran the OTL tool and got the following two files which I have attached as they were too long to embed in this post.

The link you gave for the TDSSKiller doesnt work for me, says 404 file not found. So I downloaded it from here http://download.cnet.com/Kaspersky-TDSSKiller/3000-2239_4-75722087.html

I have attached the log from that as well. It only found one suspicious object which I skipped as instructed so yeah, no change here.

Computer generally runs absolutely fine but then it is fairly powerful so it would take a lot to slow it down. However using the internet is very frustrating as every time you click on anything a new advert tab opens and then when you close that it pops with warnings saying are you sure you want to leave this page etc. It also interferes with youtube videos meaning the video is just a blank screen, you cant pause it or anything. If you refresh the page enough times it manages to work it out.


----------



## Dakeyras (Nov 27, 2008)

Hi. 

dbreeze us currently unavailable and I am covering for him.

Please refrain from attaching any requested logs, merely post the contents, thank you. Lets proceed as follows shall we...

*Download/Run ComboFix:*

Please visit this webpage for download links, and instructions for running the tool:

How to use ComboFix

* ** Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 


> How To Temporarily Disable Your Anti-virus, Firewall and Anti-malware Programs <-- Click on this link.


Please include the *C:\ComboFix.txt* in your next reply for further review.

*Note:* If ComboFix detects Rootkit activitity and asks to reboot the system, please allow this to be done.
If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix *Should Not* be used unless requested by a trained Anti-Malware helper.

*Next:*

When completed the above, please post back the following in the order asked for:


How is your computer performing now, any other symptoms and or problems encountered?
ComboFix Log.


----------



## cheekyninja (Dec 14, 2014)

Hi Dakeyras,

Thanks for your help, hope dbreeze is okay.

I attached the log files on the last post as they were too long to embed in my post.

I have downloaded, installed and run the combo fix program, it has made no difference to my problems.

Log is as follows:



> ComboFix 15-01-07.01 - Luke 07/01/2015 18:22:49.1.8 - x64
> Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.16345.14224 [GMT 0:00]
> Running from: c:\users\Luke\Desktop\ComboFix.exe
> SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
> ...


----------



## Dakeyras (Nov 27, 2008)

Hi. 



> Thanks for your help, hope dbreeze is okay.


You're welcome and aye he is fine just a problem with his internet service at present.



> I attached the log files on the last post as they were too long to embed in my post.


Fair play.



> it has made no difference to my problems


What are the exact issues/problems now please as you can best describe and can you confirm at present there is no Anti-Virus software installed.

With regard to the latter if indeed the case we will address in due course just limit online activity for the time being please if able as a precaution.

*Submit a File for Analysis:*

Please go to my file submission channel here.

Next to the box:- *Link to topic where this file was requested:* cut and paste in the below:- 

```
http://forums.techguy.org/virus-other-malware-removal/1139293-very-stubborn-adware-malware.html
```
Next to the box: *Browse to the file you want to submit:* click on the *Browse...* tab and navigate to the below:-

C:\Windows\System32\*user32.dll*

Then click on the *Send File* tab. I will be notified when the file has been uploaded and checked.


----------



## cheekyninja (Dec 14, 2014)

I will try to describe the exact issue I am having.

I open chrome and initially it is fine.
When I click in the search bar a pop up appears going to this address 


> http://www.reimageplus.com/lp/sys/i...7Zw7P-PvwYh1_PJKuTAWPaikmwF7E_WO6HC2DuBslkQGP


When I click close a warning pops up saying


> Confirm Navigation
> 
> Wait! Don't leave us just yet! Press Stay on this page to download and scan your PC for FREE! We will repair your windows errors!
> 
> ...


I click leave and its gone.

I do a google search for "techguy" this completes with no issues, I pick the top link to come to your form and the page loads fine.

Then as soon as its finished loading lots of isolated words of text are underline with a little green picture next to them (like dbreeze posted earlier).

If I put my mouse over them a little box pops up advertising something related to that word and at the bottom in small text it says "Ad by gifter x"

So I click "Virus and Other Malware Removal" and a new tab opens with this address



> http://www.mcafeestore.com/store/[email protected]&rests=1420741553598


I close that tab and click on this thread and another new tab opens directing here



> http://remotehelp.expert/camp/?k={keyword}


I click anywhere on the page within the topic and a new tab opens 


> https://safecart.com/desktoolssoft/.dfspecial/purchase


To close that tab I get another pop up asking if im sure I want to leave.

Once ive closed that if i click somewhere else on the topic this window pops up



> http://www.newspaperson.info/alerts/kjefhrgkjhfg/?_rff=px.pluginh


So thats the main issue I am having, you get the idea.

Another issue is if I browse to (for example) www.pistonheads.com I get like a toolbar overlayed on the right hand side titled "HOT DEALS" with loads of jackets beings sold by "zalando" at the bottom of this overlay it states "Powered by gifter"

There is also another bar across the bottom of the page which is the same. These adds dont appear on every single website, they seem to be attracted to pictures for some reason.

For example if I go to ebay each little thumbnail picture has these little advert pictures crammed into it.

The last thing I have noticed is that if I go to www.youtube.com, and open a video (firstly this tab pops up )



> http://jmpdirect01.com/ctrd/click/n...--N-PsyEZPsBvlYsrHJfEgj5YN5IdCUmw&version=1.2


I close that and get back to my video and it is just a black frame, theres no pause or play or volume control, but the video is playing, I can hear it.

If I refresh the page I briefly see the video controls then they dissapear again, when I refresh the page again the video appears.

The content of the adverts and pop ups changes frequently but it usually says "powered by gifter"

I have uploaded the file for you as requested.

I can confirm I dont have any antivirus software running, this has been true since I built my first pc 10 years ago. Whenever I do run into an infection I remove it usually with Hijackthis and am quite comfortable finding the problem files and removing them. However I am stumped at the moment because I cant find any files that appear to be the cause of the problem, none of the specific tools I have tried can find anything wrong and when I look into the Hijackthis results they all appear trust worthy.


----------



## Dakeyras (Nov 27, 2008)

Hi. 

Acknowledged and thanks for the update.

The analysis of the submitted file is favourable and no further action is required . Regarding Anti-Virus software your choice to have one installed or not but my friendly advise is do consider the use of one(when I give the all clear) as it will certainly be a aid against further infections etc. As for HijackThis, it has not been updated in a very long time nor is it actually 64 bit compatible either.

Anyway lets proceed as follows shall we...

*Scan with Zoek:*

Please download Zoek and save to to the desktop

You will need to temp' disable your current installed Anti-Virus/Security software, how to do so can be read here.

Right-click on *zoek.exe* and select *Run as Administrator* .
Once the *GUI*(graphical user interface) has loaded >> click on the *More Options* tab >> select *Auto Clean* only.
Ensure the option *Scan All Users* is selected >> now click on the *Run Script *tab.
Zoek will momentary close and a new GUI will appear and the scan will commence.
Please be patient as the scan may take some time depending on the specifications of your computer.
Once the scan is completed a log file named *zoek-results.log* will open via notepad, post the contents in your next reply.
If the sytem requires a reboot after the aforementioned scan, click on *OK* at the prompt(the log will appear after the reboot).
The *zoek-results.log* can also be found on your system drive.
*Note:* Do not forget to re-enable your Security software after running the above scan!


----------



## cheekyninja (Dec 14, 2014)

Hi,

That appears to have solved it at the moment!

Log file follows



> Zoek.exe v5.0.0.0 Updated 09-January-2015
> Tool run by Luke on 09/01/2015 at 18:17:04.66.
> Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
> Running in: Normal Mode Internet Access Detected
> ...


----------



## Dakeyras (Nov 27, 2008)

Hi. 



> That appears to have solved it at the moment!


Good, lets run one more scan a s a last check...

*Scan with Panda Cloud Cleaner:*

Please download Panda Cloud Cleaner and save to your desktop.

Alternate downloads are here and here.


Right-click on *PandaCloudCleaner.exe* and select *Run as Administrator* >> *Next >* >> >> *Next >* 
Ensure Launch *Panda Cloud Cleaner * is selected >> *Finish* >> once the *GUI*(graphical user interface) appears >> click on *Accept and Scan* 
Please be patient as the scan may take some time to complete depending on your system's specifications. 
Once the scan has completed, if *Scan finished with detections* is denoted in the *GUI* do not take any action and or have Panda Cloud Cleaner clean absolutely anything! 
Now within the *GUI* click on the *>* tab >> then on *View Report* >> a notepad file should now open called *PCloudCleaner.txt* 
Save this to your desktop and post the contents in your next reply. 
Then click on *Back* >> *Exit* 
*Note: *When I give the all clear feel free to uninstall Panda Cloud Cleaner if you so wish via:

Click on *Start*(Windows 7 Orb) >> *All Programs* >> *Panda Security* >>* Panda Cloud Cleaner *>> right-click on *Uninstall Panda Cloud Cleaner* and select *Run as Administrator* >> >> follow the prompts.


----------



## cheekyninja (Dec 14, 2014)

Hmm its back again.

I have run the Panda cleaner and its a bit awkward to use but have the following log:



> Malware. FILE: C:\USERS\LUKE\DOWNLOADS\SETUP (1).EXE to be deleted.
> 
> Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
> 
> ...


Cheers.


----------



## Dakeyras (Nov 27, 2008)

Hi. 



> Hmm its back again.


OK we will take a different approach in due course.



> I have run the Panda cleaner and its a bit awkward to use but have the following log


Fair enough, might as well delete the following from your downloads folder:-

C:\USERS\LUKE\DOWNLOADS\*SETUP (1).EXE *

Then empty the Recycle Bin.

*Uninstall Software:*

Please click on *Start*(Windows 7 Orb) >> *Control Panel* >> *Uninstall a program* or *Programs and Features* and remove the following (if present):

*Gifter*

To do so click once on the above to highlight, then click on *Uninstall/Change* and follow the prompts.

*Note:* Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

*Scan with JRT:*

Please download Junkware Removal Tool to your desktop.

*Note:* Temp' disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.


Right-click on *JRT.exe * and select *Run as Administrator* to launch the application >> follow the on-screen prompt.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply.
*Note:* Reboot your machine and ensure all disabled security software is now enabled etc.

*Scan with AdwCleaner:*

Please download adwcleaner from here and save to your desktop.


Right-click on *adwcleaner.exe * and select *Run as Administrator* to launch the application.
Now click on the *Scan* tab >> once the scan is complete click on the *Clean* tab and follow the prompts.
Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
*Note:* The log can also be located at *C:* >> *AdwCleaner* >> *AdwCleaner[S0].txt*

*Next:*

When completed the above, please post back the following in the order asked for:


How is your computer performing now, any further symptoms and or problems encountered?
Junkware Removal Tool Log.
AdwCleaner Log.


----------



## cheekyninja (Dec 14, 2014)

Hi,

Computer is no different.

JRT log



> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Junkware Removal Tool (JRT) by Thisisu
> Version: 6.4.1 (12.28.2014:1)
> OS: Windows 7 Professional x64
> ...


ADW log



> # AdwCleaner v4.107 - Report created 10/01/2015 at 16:11:10
> # Updated 07/01/2015 by Xplode
> # Database : 2015-01-03.1 [Live]
> # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
> ...


Also the "gifter" program was not on the uninstall programs list.

:/

Cheers


----------



## Dakeyras (Nov 27, 2008)

Hi. 



> Computer is no different.


Acknowledged...

*Malwarebytes Anti-Malware:*

Please download a new installer for Malwarebytes' Anti-Malware to your desktop.


Right-click on *mbam-setup-2.0.2.1012.exe* and select *Run as Administrator*, then follow the prompts to install the program.
Select the language and click *OK* >> Accept the agreement.
Deselect the check-mark next to *Enable the Free Trial*(you may enable this when I give the all clear if you so wish) and then ensure *Launch **Malwarebytes' Anti-Malware* is selected, then click on finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Scan Now*".
The scan may take some time to finish, so please be patient.
When the scan is complete, click on *Quarantine All*
When disinfection is completed, a dialogue will open and you may be prompted to Restart.(See Extra Note)
Upon restart, launch Malwarebytes Antimalware and select *History* >> *Application Logs*.
Double click on the last scan done, then on *Copy to Clipboard.*
To submit your reply, click on Add Reply, then right click on the window and select Paste.
Submit your reply.
*Note:* If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


----------



## cheekyninja (Dec 14, 2014)

Hi,

Still no signs of improvement. Log is below,



> Malwarebytes Anti-Malware
> www.malwarebytes.org
> 
> Scan Date: 11/01/2015
> ...


----------



## Dakeyras (Nov 27, 2008)

Hi. 

My apologies for the delay, I am not always available at the weekends..



> Still no signs of improvement


I would like a fresh look at the system as follows...

*Re-scan with Farbar Recovery Scan Tool:*


Right-click on *FRST.exe * and select *Run as Administrator* to start *FRST* >> follow the prompt/click on *Yes*
After the tool has checked for any updates and *The tool is ready to use* is denoted:-
Under Optional Scan ensure both *Drivers MD5* and *Addition.txt* are selected.
Now click on the *Scan* button/radio tab >> at the *Scan completed* prompt click on *OK*
At the next prompt denoting *Addition.txt is saved in the same location FRST tool is run* >> click on *OK*
There will now be two logs on your desktop, *Addition.txt* and *FRST.txt*. Post the contents of both in your next reply.


----------



## cheekyninja (Dec 14, 2014)

Hi,

No worries.



> Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-01-2015 02
> Ran by Luke (administrator) on LUKE-PC on 12-01-2015 21:07:19
> Running from C:\Users\Luke\Desktop
> Loaded Profile: Luke (Available profiles: Luke)
> ...


addition.txt



> Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-01-2015 02
> Ran by Luke at 2015-01-12 21:07:39
> Running from C:\Users\Luke\Desktop
> Boot Mode: Normal
> ...


----------



## Dakeyras (Nov 27, 2008)

Hi. 

There are a few things that require addressing but not the root cause I suspect. However there is something else I would like to check first as follows...

*Download/run Rkill:*

(If one fails to work delete it and download/try another):

One, Two,Three, Four or Five

*Note:* If your security software warns about Rkill, please ignore and allow the download to continue.


Double click on *Rkill*.
A command window will open then disappear upon completion, this is normal.
Post the log created, found on the desktop *rkill.txt.* in your next reply.


----------



## cheekyninja (Dec 14, 2014)

Hi,

If it helps internet explorer appears unaffected and using incognito windows in chrome also works fine.

Log file below



> Rkill 2.7.0 by Lawrence Abrams (Grinler)
> http://www.bleepingcomputer.com/
> Copyright 2008-2015 BleepingComputer.com
> More Information about Rkill can be found at this link:
> ...


----------



## Dakeyras (Nov 27, 2008)

Hi. 

Let proceed as follows shall we...

*Custom FRST Script:*

Please download the attached *fixlist.txt*(see below) and save to the desktop.

View attachment fixlist.txt



Now right-click on *FRST.exe* and select Run as Administrator to start *FRST*.
Then click on the *Fix* button/radio tab >> at the *Fix completed* prompt click on *OK*
Your machine should now automatically reboot itself.
Post the contents of the newly created *Fixlog* in your next reply.
*Note:* If FRST advises there is a new updated version to be downloaded, do so/allow this.

*Reset your Router:*

Please reset your Router and afterwards apply a new admin/login password. If unsure of the process, information can be viewed here.

*Next:*

When completed the above, please post back the following in the order asked for:


How is your computer performing now, any further symptoms and or problems encountered ?
Custom FRST Script Log.


----------



## cheekyninja (Dec 14, 2014)

Hi, I will look at this when I get home tonight, I wasn't back long enough yesterday to do the router reset Cheers.


----------



## Dakeyras (Nov 27, 2008)

Acknowledged.


----------



## cheekyninja (Dec 14, 2014)

Hi,

Still no progress :/

FRST log follows:



> Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015
> Ran by Luke at 2015-01-15 18:03:34 Run:3
> Running from C:\Users\Luke\Desktop
> Loaded Profiles: Luke (Available profiles: Luke)
> ...


----------



## cheekyninja (Dec 14, 2014)

Update,

Appears to be slightly better, am getting fewer popups but still have embedded ads and the overlay banner ones.


----------



## Dakeyras (Nov 27, 2008)

Hi. 



> Appears to be slightly better, am getting fewer popups but still have embedded ads and the overlay banner ones.


Some progress at least, for now I would like you to carry out the following to see if I can pinpoint the remaining issues as follows...

*Custom FRST Scan Script:*

Please download the attached *fixlist.txt*(see below) and save to the desktop.

View attachment fixlist.txt



Now right-click on *FRST.exe* and select Run as Administrator to start *FRST*.
Then click on the *Fix* button/radio tab >> at the *Fix completed* prompt click on *OK*
Post the contents of the newly created *Fixlog* in your next reply.
*Note:* If FRST advises there is a new updated version to be downloaded, do so/allow this.

*Scan with ESETPoweliksCleaner:*

Please download ESETPoweliksCleaner to the desktop.


Right-click on *ESETPoweliksCleaner.exe* and select *Run as Administrator* to launch the application.
Once loaded, it will begin to automatically scan.
If anything is found select *N* as in do not let it remove anything found as I would like to review the log first.
Regardless the outcome post the log created; SETPoweliksCleaner.exe_20150116.095346.4340.txt which can be located on the desktop in your next reply.
*Scan with RogueKiller:*

Please download RogueKiller to your desktop


Quit all running programs. 
Right-click on *RogueKillerX64* and select *Run as Administrator* to launch the application.
Let the pre-scan complete.
Now click on the *Scan* tab back in the RogueKiller main window.
Please be patient as the scan may take some time depending on the specifications of your machine.
*Note:* If a browser window is launched/opened, merely close it.

Once the scan is completed click on the *Report* tab. Post the contents of the log that opens in your next reply.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.com 
*Note:* The log can also be located within this folder C:\ProgramData\RogueKiller\*Logs*


----------



## cheekyninja (Dec 14, 2014)

Hi 

No impact yet, the 2nd program didnt seem to do anything at all.

Fixlog and ESETPowe... attached as too long to post, too many characters.

RKreport_SCN,....txt


> RogueKiller V10.1.2.0 (x64) [Jan 7 2015] by Adlice Software
> mail : http://www.adlice.com/contact/
> Feedback : http://forum.adlice.com
> Website : http://www.adlice.com/softwares/roguekiller/
> ...


----------



## cheekyninja (Dec 14, 2014)

When I first start chrome after running these fixes / scans it often opens 3 additional tabs as follows:

http://--extensions-on-chrome-urls/
http://--test-type/
http://--load-extension=c/Program Files/Google/Chrome/Application/Extensions/chrome/app

During this session none of the adverts come up at all.

Then if I close down chrome and reopen the adds come back.

EDIT:

Sorry want to correct that, I play an online game through which I can launch a browser window, when I open the browser from in game, the game minimises and chrome loads (as expected) this opens with the three additional tabs listed above but interestingly I can then browse completely add free.

If I open chrome from my usual start bar icon then I get all the adds.

I am confident that the game is not the issue as I have it installed on another pc with no adverse issues at all.


----------



## Dakeyras (Nov 27, 2008)

Hi. 

My sincere apologies for the delay, I have been offline due to personal reasons.



> No impact yet


Acknowledged as is all else mentioned.

*Custom FRST Script:*

Please download the attached *fixlist.txt*(see below) and save to the desktop.

View attachment fixlist.txt



Now right-click on *FRST.exe* and select Run as Administrator to start *FRST*.
Then click on the *Fix* button/radio tab >> at the *Fix completed* prompt click on *OK*
Your machine should now automatically reboot itself.
Post the contents of the newly created *Fixlog* in your next reply.
*Note:* If FRST advises there is a new updated version to be downloaded, do so/allow this.


----------



## cheekyninja (Dec 14, 2014)

Hi,

Thats okay, no worries.

Still no change.

log attached, too many characters.


----------



## Dakeyras (Nov 27, 2008)

Hi. 



> Still no change


OK lets try a reinstall(and uninstall of everything else google related) and a custom host file. After reinstalling do not install any add-ons for the time being and no need for the Adblock related one etc.

First backup any Chrome related bookmarks you wish to keep. If unsure how to instructions can be read:-

How to Export Bookmarks from Chrome

*Uninstall Software:*

Then uninstall Chrome via *Start*(Windows 7 Orb) >> *Control Panel* >> *Uninstall a program* or *Programs and Features* and remove the following (if present):

*Google Chrome*

To do so click once on the above to highlight, then click on *Uninstall/Change*.

When prompted with: *Also delete browsing data?* >> select this option then click on *Uninstall*

Also uninstall the following as well:-

*Google Drive* <-- You can reinstall when I give the all clear if you so wish. Anything saved prior will still be accessible via the cloud/when you sign into your google account etc.
*Google Toolbar for Internet Explorer* <-- No need for this as the custom host file that will be installed is the better option. Plus when I advise you Update IE , this further negates the use of this dire toolbar.
*Google Update Helper*

Then using *Windows Explorer* (to get there right-click your * Star*(Windows 7 Orb) button and go to *Open Windows Explorer*), please delete these *folders* (if present):

C:\Program Files (x86)\*Google*
C:\Users\Luke\AppData\*Google*


Now click on *Start*(Windows 7 Orb) >> *Run..*(or the Windows key and R together) to bring up the Run box.
Cut and paste in *cleanmgr* into the Run box and press *OK* >> *OK*
Ensure the boxes for *Temporary Files*, *Temporary Internet Files* and *Recycle Bin* are checked.
_You can choose to check other boxes if you wish but they are not required._
Click on *OK* then *Delete Files*.
Now *Reboot*(restart) your computer.
*Host File Reset/Replace:*

Please Download HostsXpert and unzip it to your computer, to somewhere you can find it.

The root of the system drive would be a ideal location EG: *C:\*


Right-click on *HostsXpert.exe* and select *Run as Administrator* to launch the programme. 
Check to see if top button on left hand side says *Make Writable?*
If it does. click on it then proceed to next instruction. 
If not, just proceed to next instruction
Click on* Restore MS Hosts File* to restore your Hosts file to its default condition

When prompted to confirm, click OK. 
Click on the *Download* button (lower left hand side)
Click on *MVPs Hosts...* button. 
Click on *Replace * button. 
Press OK in the box that pops up. (HostsXpert will now download and update your Hosts file. If prompted about DNS, just ignore it click on OK etc)
When finished.
Click on *File Handling* button. 
Click on *Make Read Only?* to secure it against infection.

Exit the programme.
*Reinstall Chrome:*

Now download the installer for Chrome to your desktop and then right-click on *ChromeSetup.exe * and select *Run as Administrator* to reinstall.

*Next:*

Let myself know the outcome of the above and we will then go from there, thank you.


----------



## cheekyninja (Dec 14, 2014)

Hi 

That appears to have cleaned it out 

Ill confirm later on this evening / tomorrow that it hasn't reappeared or anything.

Cheers,


----------



## Dakeyras (Nov 27, 2008)

Acknowledged.


----------



## cheekyninja (Dec 14, 2014)

Yup all seems to be working fine now thank you


----------



## Dakeyras (Nov 27, 2008)

Hi. 



> Yup all seems to be working fine now thank you


Good, carry out the bellow for myself please. Then afterwards I will provide some online safety advise etc.

*Clean-Up with DelFix:*

Please download DelFix to your desktop


Right-click on *delfix.exe * and select *Run as Administrator* to launch the application.
Referring to the image below, select all available options:










Then click on *Run*.
Once it has finished processing, a notepad file named *DelFix.txt* will open. Post the contents in your next reply for my review.
The log can also be located at the root of the system drive, *C:\DelFix.txt*.
After you have posted the aforementioned *DelFix.txt*, delete it and empty the Recycle Bin.
*Note:* The above application/overall process will flush old System Restore points and create a new clean one. It should also clean up and remove the vast majority of scanners used and logs created etc.

Any left over merely delete yourself and empty the Recycle Bin.


----------



## cheekyninja (Dec 14, 2014)

Hi



> # DelFix v10.8 - Logfile created 21/01/2015 at 21:20:32
> # Updated 29/07/2014 by Xplode
> # Username : Luke - LUKE-PC
> # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
> ...


----------



## Dakeyras (Nov 27, 2008)

Hi. 

Congratulations your computer appears to be malware free!

*Importance of Regular System Maintenance:*

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Slow Computer/browser?

Also so is this:

What to do if your Computer is running slowly

*Now some advice for on-line safety:*

*Malwarebyte's Anti-Malware:*

This is a excellent application and I advise you keep this installed. Check for updates and run a scan at least once per week.

*Install a Anti-Virus:*

I strongly advise you consider installing one of the below as this will go a long way towards protecting your machine whilst online

Avast 2015 

Microsoft Security Essentials

If you opt for either of the above, once installed will automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with whatever installed also at least once per week.

*Keep Your System Updated:*

Microsoft releases patches for Windows and other products regularly:


Click on *Start*(Windows 7 Orb) >> *All Programs* >> *Windows Update*.
In the navigation pane, click *Check for updates*.
After Windows Update has finished checking for updates, click *View available updates*. 
Click to select the check box for any found, then click *Install*. 
When completed *Reboot*(restart) your computer if not prompted to do so.
Plus check Automatic Updates is enabled.

*Update to Internet Explorer v11:*

IE8 is way out of date for a Windows 7 based machine. I strongly advise you download and install the new browser from here. This will increase overall security whist browsing online.

Even if you do not use IE often having the latest version installed will still increase your machines overall security. This web-page is worth bookmarking/reading for future reference:-

Securing Your Web Browser

*Be careful when opening attachments and downloading files:*

1 - Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.

2 - Never open emails from unknown senders.

4 - Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.

5 - Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives at MajorGeeks.

*Stop malicious scripts:*

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

*Avoid Peer to Peer software:*

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Limewire, Vuze. Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Virtually all of these recent infections will compromise your Security, and some can turn your machine into a useless "doorstop".

I will further add; P2P software has the ability to create a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their infected dross onto your computer. Further to that, if your P2P software is not configured correctly you may be sharing more files than you realise. There have been cases where people's address books, passwords, other personal, private and financial details have been exposed to the file sharing network by a badly configured P2P applications

My friendly advice is to avoid these types of software applications.

*Consider the below extra/layered security for your machine:*

*CryptoPrevent Tool:*

How to prevent your computer from becoming infected by CryptoLocker

*WinPatrol:*

WinPatrol alerts you about possible system hijacks, malware attacks and critical changes made to your computer without your permission.

Download it from here.

You can find information about how WinPatrol works here.

*Next:*

Any questions? Feel free to ask, if not stay safe!


----------



## cheekyninja (Dec 14, 2014)

Thanks, take care.


----------



## Dakeyras (Nov 27, 2008)

You're most welcome!


----------

