Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

http://kb-ribaki.org pop-ups issue


  • This topic is locked This topic is locked
3 replies to this topic

#1 fooffstarr

fooffstarr

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:14 AM

Posted 23 August 2016 - 10:41 PM

Hi guys,

 

So as the title suggests, I am getting this website popping up in chrome on every restart, and the system as a whole seems to have been grinding since this started. 

I've gone through previous threads about this and tried several anti-malware programs but it keeps coming back. It looks like it needs a response tailored to the user from previous threads, so here I am. 

 

FRST: 
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by Andrew (administrator) on DISQUE (24-08-2016 13:25:04)
Running from C:\Users\Andrew\Downloads
Loaded Profiles: Andrew &  (Available Profiles: Andrew)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
() C:\Program Files (x86)\OSD Server\RTSS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(Spotify Ltd) C:\Users\Andrew\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Andrew\AppData\Roaming\Spotify\Spotify.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Andrew\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Andrew\AppData\Roaming\Spotify\Spotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13538376 2013-05-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1307720 2013-04-24] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-17] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-04-28] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016432 2013-03-07] (Synaptics Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareTray.exe [9581280 2016-01-28] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [132224 2013-02-28] (Qualcomm Atheros Commnucations)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [10748656 2015-10-16] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002\...\Run: [Octoshape Streaming Services] => C:\Users\Andrew\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002\...\Run: [Spotify Web Helper] => C:\Users\Andrew\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-10] (Spotify Ltd)
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002\...\Run: [Spotify] => C:\Users\Andrew\AppData\Roaming\Spotify\Spotify.exe [6937200 2016-08-10] (Spotify Ltd)
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002\...\Run: [Andrew] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002\...\MountPoints2: {2e62ca3f-f399-11e3-be94-3c77e6af92d6} - "G:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002\...\MountPoints2: {2e62cb6c-f399-11e3-be94-3c77e6af92d6} - "E:\HPLauncher.exe" 
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Octoshape Streaming Services] => C:\Users\Andrew\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Sony PC Companion] => C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony)
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Users\Andrew\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-10] (Spotify Ltd)
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify] => C:\Users\Andrew\AppData\Roaming\Spotify\Spotify.exe [6937200 2016-08-10] (Spotify Ltd)
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Andrew] => explorer.exe hxxp://kb-ribaki.org <===== ATTENTION
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2e62ca3f-f399-11e3-be94-3c77e6af92d6} - "G:\HTC_Sync_Manager_PC.exe" 
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {2e62cb6c-f399-11e3-be94-3c77e6af92d6} - "E:\HPLauncher.exe" 
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [10748656 2015-10-16] (Avira Operations GmbH & Co. KG)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175368 2015-12-17] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [175368 2015-12-17] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [153392 2015-12-17] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2014-02-24]
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar323.lnk [2016-08-24]
ShortcutTarget: Sidebar323.lnk -> C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{34F14887-E730-4A3D-B9D5-3D58A769A216}: [DhcpNameServer] 40.34.1.55
Tcpip\..\Interfaces\{94A2EED6-8B90-4B21-89C3-F632A1C5D54D}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://rockmelt.com/?via=acer&mt=preload
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1556042821-4184829808-2108755071-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://rockmelt.com/?via=acer&mt=preload
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1556042821-4184829808-2108755071-1002 -> DefaultScope {0D75F6BB-1FE6-4990-8C72-93E9A1BD6094} URL = 
SearchScopes: HKU\S-1-5-21-1556042821-4184829808-2108755071-1002 -> {0D75F6BB-1FE6-4990-8C72-93E9A1BD6094} URL = 
SearchScopes: HKU\S-1-5-21-1556042821-4184829808-2108755071-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0D75F6BB-1FE6-4990-8C72-93E9A1BD6094} URL = 
SearchScopes: HKU\S-1-5-21-1556042821-4184829808-2108755071-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0D75F6BB-1FE6-4990-8C72-93E9A1BD6094} URL = 
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll [2013-02-28] (Qualcomm Atheros Commnucations)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-29] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-29] (Oracle Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-13] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-29] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-03-20] (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1556042821-4184829808-2108755071-1002: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Andrew\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1503240-0-npoctoshape.dll [2015-03-25] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-1556042821-4184829808-2108755071-1002: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-03-20] (Pando Networks)
FF Plugin HKU\S-1-5-21-1556042821-4184829808-2108755071-1002: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll [No File]
FF Plugin HKU\S-1-5-21-1556042821-4184829808-2108755071-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Andrew\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1503240-0-npoctoshape.dll [2015-03-25] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-1556042821-4184829808-2108755071-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [2014-03-20] (Pando Networks)
FF Plugin HKU\S-1-5-21-1556042821-4184829808-2108755071-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Users\Andrew\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-11-23] (Octoshape ApS)
 
Chrome: 
=======
CHR HomePage: Default -> search.ask.com/?gct=hp
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.197\pepflashplayer.dll => No File
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Flash Video Downloader) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-08-21]
CHR Extension: (Google Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-06]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (AdBlock) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-08-24]
CHR Extension: (QuickStreamer) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioegnnjonphieiamlnmfaacafcdfbccm [2016-03-16]
CHR Extension: (Momentum) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2016-08-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Twitch Buffering Fix) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnahmgokconolakhpdmgnmgaokhjcncb [2016-08-05]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-24]
CHR HKLM\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx <not found>
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1556042821-4184829808-2108755071-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1556042821-4184829808-2108755071-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [aaaaaiabcopkplhgaedhbloeejhhankf] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaaiabcopkplhgaedhbloeejhhankf.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [227968 2013-02-28] (Qualcomm Atheros Commnucations) [File not signed]
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-27] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [660040 2013-01-18] (Acer Incorporated)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.10.767.8917\AdAwareService.exe [712432 2016-01-28] ()
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-04-26] (Acer Incorporate)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [524800 2014-10-29] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [310984 2015-04-29] ()
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1600512 2016-01-05] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [282000 2016-01-05] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [775424 2016-01-05] (BitDefender)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2015-01-06] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2015-01-06] (BitDefender LLC)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-02-28] (Qualcomm Atheros)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-02-06] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.99.0\gzflt.sys [155912 2015-12-09] (BitDefender LLC)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [42696 2015-04-29] ()
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-10] (Acer Incorporated)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-24] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-10] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-03-07] (Synaptics Incorporated)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-12-09] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-24 13:25 - 2016-08-24 13:25 - 00027479 _____ C:\Users\Andrew\Downloads\FRST.txt
2016-08-24 13:24 - 2016-08-24 13:25 - 00000000 ____D C:\FRST
2016-08-24 13:24 - 2016-08-24 13:24 - 02396672 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2016-08-24 13:16 - 2016-08-24 13:16 - 00001122 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-24 13:10 - 2016-08-24 13:10 - 00000159 _____ C:\Users\Andrew\Desktop\fixme.reg
2016-08-24 12:56 - 2016-08-24 13:01 - 00000000 ____D C:\AdwCleaner
2016-08-24 12:56 - 2016-08-24 12:56 - 03784256 _____ C:\Users\Andrew\Downloads\AdwCleaner.exe
2016-08-23 18:53 - 2016-08-24 05:28 - 00082225 _____ C:\Users\Andrew\Downloads\Nocturnus-revision.gpx
2016-08-22 05:45 - 2016-08-22 05:45 - 00746080 _____ C:\Users\Andrew\Desktop\killick-j.pdf
2016-08-22 05:45 - 2016-08-22 05:45 - 00707438 _____ C:\Users\Andrew\Desktop\mchoul-a.pdf
2016-08-21 19:44 - 2016-08-22 18:14 - 00024394 _____ C:\Users\Andrew\Desktop\Wolves2.gpx
2016-08-21 19:08 - 2016-08-21 19:21 - 00023468 _____ C:\Users\Andrew\Downloads\Wolves.gpx
2016-08-21 10:19 - 2016-08-21 10:19 - 00000221 _____ C:\Users\Andrew\Desktop\Warhammer 40,000 Dawn of War II  Retribution.url
2016-08-20 17:07 - 2016-08-23 05:52 - 00074191 _____ C:\Users\Andrew\Desktop\Nocturnus - live.gpx
2016-08-17 08:59 - 2016-08-17 08:59 - 39553287 _____ C:\Users\Andrew\Downloads\audio-vga.m4v
2016-08-16 13:07 - 2016-08-16 16:58 - 00000000 ____D C:\Users\Andrew\Documents\M22_Saves
2016-08-16 10:52 - 2016-08-16 10:52 - 00021790 _____ C:\Users\Andrew\Downloads\Transcript exported Tue, 16 Aug 2016 00-51-51 GMT.md
2016-08-16 10:51 - 2016-08-16 10:51 - 00021810 _____ C:\Users\Andrew\Downloads\Transcript exported Tue, 16 Aug 2016 00-51-52 GMT.txt
2016-08-15 06:47 - 2016-08-15 06:47 - 11343005 _____ C:\Users\Andrew\Downloads\Chapter 5 PowerPoint - PSY304 - 201660 WI.pptx
2016-08-11 05:38 - 2016-08-11 05:38 - 01519914 _____ C:\Users\Andrew\Downloads\New Recording 2.m4a
2016-08-03 12:38 - 2016-08-03 12:38 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Titan Quest
2016-08-01 18:49 - 2016-08-01 18:49 - 00000000 ____D C:\Users\Andrew\Documents\Ubisoft
2016-08-01 14:00 - 2016-08-01 14:00 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2016-08-01 14:00 - 2016-08-01 14:00 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2016-08-01 14:00 - 2016-08-01 14:00 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2016-08-01 14:00 - 2016-08-01 14:00 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2016-08-01 14:00 - 2016-08-01 14:00 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Heroes of Might & Magic III - HD Edition
2016-08-01 14:00 - 2016-08-01 14:00 - 00000000 ____D C:\Program Files (x86)\OpenAL
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-24 13:21 - 2014-02-06 15:20 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1556042821-4184829808-2108755071-1002
2016-08-24 13:19 - 2014-11-07 16:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-24 13:16 - 2014-11-07 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-24 13:16 - 2014-11-07 16:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-24 13:05 - 2016-05-07 12:28 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Spotify
2016-08-24 13:04 - 2016-05-07 12:29 - 00000000 ____D C:\Users\Andrew\AppData\Local\Spotify
2016-08-24 13:04 - 2014-09-11 11:18 - 00000000 ___RD C:\Users\Andrew\Google Drive
2016-08-24 13:03 - 2014-04-25 22:34 - 00000000 __RDO C:\Users\Andrew\OneDrive
2016-08-24 13:02 - 2014-02-06 15:18 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-24 13:02 - 2013-08-23 00:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-24 13:00 - 2013-10-06 15:47 - 00000000 ____D C:\Program Files (x86)\Amazon
2016-08-24 12:58 - 2014-04-06 20:42 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-24 12:47 - 2013-08-22 23:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-24 12:46 - 2014-02-21 12:18 - 00000000 ____D C:\Users\Andrew\Desktop\Docs
2016-08-24 12:33 - 2014-02-06 15:18 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-24 11:30 - 2014-05-02 17:20 - 00003922 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C5AEC13D-F2C7-461F-97D9-23FCB0945998}
2016-08-24 07:43 - 2014-02-21 12:18 - 00000000 ____D C:\Users\Andrew\Desktop\Games
2016-08-24 05:28 - 2014-02-08 15:32 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\vlc
2016-08-23 05:48 - 2014-03-04 09:56 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\uTorrent
2016-08-22 17:32 - 2014-03-10 18:15 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Audacity
2016-08-21 17:21 - 2014-03-18 20:03 - 00876144 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-21 17:21 - 2013-08-22 23:36 - 00000000 ____D C:\WINDOWS\Inf
2016-08-21 10:58 - 2016-03-18 04:41 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-08-20 12:06 - 2014-02-07 11:26 - 00000000 ____D C:\Users\Andrew\Documents\My Games
2016-08-18 17:53 - 2016-04-25 10:39 - 00000000 ____D C:\Users\Andrew\AppData\Local\SmartView2
2016-08-17 05:35 - 2014-09-11 11:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-16 13:03 - 2014-10-15 12:16 - 00000000 ____D C:\Games
2016-08-15 08:37 - 2016-03-27 05:36 - 00000000 ____D C:\Users\Andrew\Desktop\Convex - Last Man Standing EP
2016-08-11 06:31 - 2013-08-23 01:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-11 06:31 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-10 19:29 - 2014-03-10 16:36 - 00000000 ____D C:\Users\Andrew\AppData\Local\Battle.net
2016-08-10 18:12 - 2014-03-15 06:20 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-08-10 17:54 - 2014-03-11 10:43 - 00000000 ____D C:\Users\Andrew\AppData\Local\Blizzard Entertainment
2016-08-10 17:12 - 2014-03-10 16:43 - 00000000 ____D C:\Program Files (x86)\Diablo III
2016-08-10 16:42 - 2014-08-15 07:46 - 00000000 ____D C:\Program Files (x86)\Heroes of the Storm
2016-08-10 16:40 - 2014-03-12 05:56 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-08-10 15:41 - 2016-01-26 08:39 - 00000000 ____D C:\Users\Andrew\Downloads\TV To Move
2016-08-10 15:41 - 2016-01-26 08:38 - 00000000 ____D C:\Users\Andrew\Downloads\Movies To Move
2016-08-10 15:35 - 2014-03-10 16:36 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-08-09 05:33 - 2014-02-06 15:20 - 00002219 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 12:02 - 2015-06-21 17:25 - 00000150 _____ C:\Users\Andrew\Desktop\Show List.txt
2016-08-06 06:43 - 2016-03-17 19:38 - 00003842 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1458207494
2016-08-06 06:43 - 2016-03-17 19:38 - 00001067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-08-06 06:43 - 2016-03-17 19:36 - 00000000 ____D C:\Program Files (x86)\Opera
2016-08-03 12:38 - 2014-03-30 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-08-02 18:11 - 2014-09-17 15:57 - 00000132 _____ C:\Users\Andrew\AppData\Roaming\Adobe PNG Format CS5 Prefs
2016-08-02 17:09 - 2016-07-12 20:06 - 00000000 ____D C:\Users\Andrew\Desktop\Pokemon
2016-08-01 14:00 - 2014-10-27 07:51 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-01 08:19 - 2013-10-06 15:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-01 08:17 - 2016-06-26 17:59 - 00000000 ____D C:\Users\Andrew\AppData\LocalLow\Texel Raptor
2016-08-01 08:17 - 2014-07-17 07:56 - 00000000 ____D C:\GOG Games
2016-07-29 06:28 - 2014-02-06 15:18 - 00003892 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 06:28 - 2014-02-06 15:18 - 00003656 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2013-02-17 13:27 - 2013-02-17 13:27 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-09-17 15:57 - 2016-08-02 18:11 - 0000132 _____ () C:\Users\Andrew\AppData\Roaming\Adobe PNG Format CS5 Prefs
2014-03-17 11:02 - 2014-04-01 17:52 - 0000123 _____ () C:\Users\Andrew\AppData\Roaming\System Monitor II_UptimeRecord.ini
2014-05-13 09:57 - 2015-03-25 13:36 - 0005632 _____ () C:\Users\Andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-03 09:39 - 2014-04-03 09:39 - 0000000 ___SH () C:\Users\Andrew\AppData\Local\LumaEmu
2016-02-22 17:09 - 2016-02-22 17:33 - 0007601 _____ () C:\Users\Andrew\AppData\Local\Resmon.ResmonCfg
2013-10-06 15:29 - 2013-10-06 15:29 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\aoe3-113-english.exe
C:\Users\Andrew\AppData\Local\Temp\aoe3x-105-english.exe
C:\Users\Andrew\AppData\Local\Temp\aoe3y-102-english.exe
C:\Users\Andrew\AppData\Local\Temp\APNSetup.exe
C:\Users\Andrew\AppData\Local\Temp\avgnt.exe
C:\Users\Andrew\AppData\Local\Temp\AviraSetup155984.exe
C:\Users\Andrew\AppData\Local\Temp\AviraSetup77472343.exe
C:\Users\Andrew\AppData\Local\Temp\bitool.dll
C:\Users\Andrew\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Andrew\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Andrew\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Andrew\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Andrew\AppData\Local\Temp\libeay32.dll
C:\Users\Andrew\AppData\Local\Temp\msvcr120.dll
C:\Users\Andrew\AppData\Local\Temp\sqlite3.dll
C:\Users\Andrew\AppData\Local\Temp\SRLDetectionLibrary8195983425627502524.dll
C:\Users\Andrew\AppData\Local\Temp\standalonepatcher.exe
C:\Users\Andrew\AppData\Local\Temp\standalonepatcherX.exe
C:\Users\Andrew\AppData\Local\Temp\standalonepatcherY.exe
C:\Users\Andrew\AppData\Local\Temp\ubi795C.tmp.exe
C:\Users\Andrew\AppData\Local\Temp\vlc-2.2.1-win32.exe
C:\Users\Andrew\AppData\Local\Temp\_isA06E.exe
C:\Users\Andrew\AppData\Local\Temp\_isDB7F.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-22 05:29
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:14 PM

Posted 24 August 2016 - 06:26 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

frst.pngfrstfix.png

Press thew8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM\...\Run: [] => [X]
    HKU\S-1-5-21-1556042821-4184829808-2108755071-1002\...\Run: [Andrew] => explorer.exe hxxp://kb-ribaki.org 
    HKU\S-1-5-21-1556042821-4184829808-2108755071-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Andrew] => explorer.exe hxxp://kb-ribaki.org 
    Task: {4DD6BC71-9BBF-4521-B0C3-D157E5B366CF} - System32\Tasks\Andrew => /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v Andrew /t REG_SZ /d "explorer.exe " 
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:14 PM

Posted 30 August 2016 - 11:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:14 PM

Posted 30 August 2016 - 11:47 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users