Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

random ads brought by doc and redirection of webpages to powered by doc


  • This topic is locked This topic is locked
6 replies to this topic

#1 ableben

ableben

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 02 July 2015 - 09:41 PM

when ever i open any of my web browsers firefox, chrome, even explore random ads will pop up all over the screen and they all say brought to you by doc. when i click on links or try to type in the address bar to go to a specified website it will randomly bring me to a new webpage that says powered by doc and will also sometimes open additional tabs that are also powered by doc. i have run malwaware bytes and windows security essential, along with rkillz, and the full scans have come up clean whenever i run them.

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by sky_b_000 (administrator) on ABLEBEN on 02-07-2015 19:30:01
Running from C:\Users\sky_b_000\Downloads
Loaded Profiles: sky_b_000 (Available Profiles: sky_b_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\Realtek\Audio\HDA\FMAPP.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_17_0_0_190.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13550152 2013-05-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [457616 2014-10-14] ()
HKLM\...\Run: [HotKeysCmds] => C:\Windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\Windows\system32\igfxpers.exe
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3016944 2013-04-10] (Synaptics Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-09-10] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-28] ()
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe
HKLM-x32\...\Run: [EKStatusMonitor] => C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-12-11] (Eastman Kodak Company)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKU\S-1-5-21-1176184171-858246872-3196634281-1001\...\Run: [Br Media Player] => C:\WINDOWS\system32\Br Media Player.exe
HKU\S-1-5-21-1176184171-858246872-3196634281-1001\...\MountPoints2: {92b93886-3bad-11e4-be86-089e01c522e0} - "D:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-18\...\Run: [] => [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2013-06-30]
ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1176184171-858246872-3196634281-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1176184171-858246872-3196634281-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-19] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-05-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-11-05] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{484F759B-C26F-4BF4-BCA5-851966E85F66}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{BDB1EC64-0D73-4368-A7AA-0255A6AF043F}: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\sky_b_000\AppData\Roaming\Mozilla\Firefox\Profiles\pmd6ywmi.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_17_0_0_190.dll [2015-06-23] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-16] (DivX, LLC.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [2014-11-05] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-23] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-16] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2013-10-28] (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.20 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-20] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll [2013-09-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-09-05] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-19] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-08] (VideoLAN)
FF Extension: vlcplaylisthelgatauscherde - C:\Users\sky_b_000\AppData\Roaming\Mozilla\Firefox\Profiles\pmd6ywmi.default\Extensions\vlcplaylist@helgatauscher.de [2015-06-23]
FF Extension: WebSlingPlayer - C:\Users\sky_b_000\AppData\Roaming\Mozilla\Firefox\Profiles\pmd6ywmi.default\Extensions\{9EB34849-81D3-4841-939D-666D522B889A} [2015-02-19]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR Profile: C:\Users\sky_b_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ekofpchjmoalonajopdeegdappocgcmj) - C:\Users\sky_b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekofpchjmoalonajopdeegdappocgcmj [2015-06-23]
CHR Extension: (SlingPlayer for DISH Anywhere) - C:\Users\sky_b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcnpmlegoehfgohpkmjhpohjchokamnn [2015-03-18]
CHR Extension: (BeFrugal.com Add-On) - C:\Users\sky_b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcdcneeneoifbeenbbnjodcflhdbaggp [2014-09-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\sky_b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-27]
CHR Extension: (Google Wallet) - C:\Users\sky_b_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-04-16] (Intel)
R3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2739888 2015-05-19] (Microsoft Corporation)
S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [329104 2014-10-14] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-03-20] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [156104 2013-05-16] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [182760 2013-04-15] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-03-20] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-03-14] (Acer Incorporate)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1366328 2013-03-28] (Motorola Solutions, Inc.)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [116168 2013-05-16] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-04-15] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-04-15] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-04-15] ()
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-09] (Acer Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-03-20] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew02.sys [3648480 2013-10-08] (Intel Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-09-27] (CACE Technologies, Inc.)
S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-09] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [455240 2013-03-05] (RTS Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31984 2013-04-10] (Synaptics Incorporated)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [207768 2013-04-16] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-07-02] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 19:30 - 2015-07-02 19:30 - 00019051 _____ C:\Users\sky_b_000\Downloads\FRST.txt
2015-07-02 19:29 - 2015-07-02 19:30 - 00000000 ____D C:\FRST
2015-07-02 19:29 - 2015-07-02 19:29 - 02112512 _____ (Farbar) C:\Users\sky_b_000\Downloads\FRST64.exe
2015-07-02 19:28 - 2015-07-02 19:29 - 01636352 _____ (Farbar) C:\Users\sky_b_000\Downloads\FRST.exe
2015-07-02 17:38 - 2015-07-02 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-07-02 17:36 - 2015-07-02 17:36 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2015-07-02 17:34 - 2015-07-02 17:34 - 00683440 _____ C:\WINDOWS\Minidump\070215-29656-01.dmp
2015-07-01 12:49 - 2015-07-01 12:51 - 00680488 _____ C:\WINDOWS\Minidump\070115-21937-01.dmp
2015-06-30 18:52 - 2015-06-30 18:52 - 00736336 _____ C:\WINDOWS\Minidump\063015-20546-01.dmp
2015-06-30 08:17 - 2015-06-30 08:17 - 00733984 _____ C:\WINDOWS\Minidump\063015-19140-01.dmp
2015-06-29 18:22 - 2015-06-29 18:22 - 00788600 _____ C:\WINDOWS\Minidump\062915-31656-01.dmp
2015-06-29 14:21 - 2015-06-29 14:21 - 00683304 _____ C:\WINDOWS\Minidump\062915-27312-01.dmp
2015-06-28 15:48 - 2015-06-28 15:48 - 00856760 _____ C:\WINDOWS\Minidump\062815-24859-01.dmp
2015-06-28 14:26 - 2015-06-28 16:09 - 00000000 ____D C:\AdwCleaner
2015-06-28 14:25 - 2015-06-28 14:25 - 02244096 _____ C:\Users\sky_b_000\Downloads\adwcleaner_4.207.exe
2015-06-28 13:16 - 2015-06-28 13:16 - 00001135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-28 13:16 - 2015-06-28 13:16 - 00001123 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-06-28 13:16 - 2015-06-28 13:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-28 13:15 - 2015-06-28 13:15 - 00243408 _____ C:\Users\sky_b_000\Downloads\Firefox Setup Stub 38.0.5.exe
2015-06-28 12:58 - 2015-07-02 17:36 - 00034752 _____ C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2015-06-28 12:56 - 2015-06-28 12:56 - 00709392 _____ C:\WINDOWS\Minidump\062815-25671-01.dmp
2015-06-27 20:54 - 2015-06-27 20:56 - 00707320 _____ C:\WINDOWS\Minidump\062715-21187-01.dmp
2015-06-24 11:30 - 2015-06-24 11:30 - 00709896 _____ C:\WINDOWS\Minidump\062415-22312-01.dmp
2015-06-23 18:23 - 2015-06-23 18:23 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\sky_b_000\Downloads\iExplore.exe
2015-06-23 17:33 - 2015-07-02 19:16 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-06-23 17:33 - 2015-06-23 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-06-23 17:33 - 2015-06-23 17:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-06-23 17:27 - 2015-06-23 17:27 - 03020968 _____ (Malwarebytes ) C:\Users\sky_b_000\Downloads\mbae-setup-1.06.1.1019.exe
2015-06-23 16:26 - 2015-06-23 16:27 - 00807400 _____ C:\WINDOWS\Minidump\062315-36765-01.dmp
2015-06-23 11:04 - 2015-06-23 11:06 - 00789040 _____ C:\WINDOWS\Minidump\062315-34687-01.dmp
2015-06-23 09:26 - 2015-06-23 09:27 - 00709392 _____ C:\WINDOWS\Minidump\062315-18578-01.dmp
2015-06-22 18:11 - 2015-06-22 18:12 - 00682904 _____ C:\WINDOWS\Minidump\062215-24859-01.dmp
2015-06-21 08:19 - 2015-06-21 08:19 - 00682856 _____ C:\WINDOWS\Minidump\062115-19453-01.dmp
2015-06-20 17:45 - 2015-06-20 17:45 - 00709816 _____ C:\WINDOWS\Minidump\062015-19843-01.dmp
2015-06-20 16:42 - 2015-06-20 16:43 - 00709344 _____ C:\WINDOWS\Minidump\062015-18015-01.dmp
2015-06-20 09:49 - 2015-06-20 09:50 - 00709344 _____ C:\WINDOWS\Minidump\062015-36546-01.dmp
2015-06-19 21:20 - 2015-06-19 21:20 - 00001118 _____ C:\Users\sky_b_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-19 20:46 - 2015-06-23 17:07 - 00000000 ____D C:\Program Files (x86)\8e993797-1957-4b34-99d4-a76d12f8bda2
2015-06-19 20:29 - 2015-06-23 17:07 - 00000000 ____D C:\Program Files (x86)\24bae3fe-244b-4525-9527-597392df4dff
2015-06-19 20:27 - 2015-06-19 20:46 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-19 20:19 - 2015-06-19 20:19 - 00000000 ____D C:\Users\sky_b_000\AppData\Local\CrashRpt
2015-06-19 20:13 - 2013-08-22 06:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-06-19 20:10 - 2015-06-19 20:10 - 00000000 ____D C:\Program Files (x86)\Br Media Player
2015-06-19 20:09 - 2015-06-19 20:09 - 00003696 _____ C:\WINDOWS\System32\Tasks\IEError
2015-06-19 20:09 - 2015-06-19 20:09 - 00003504 _____ C:\WINDOWS\System32\Tasks\AI_Updater
2015-06-19 07:34 - 2015-06-19 07:35 - 00735848 _____ C:\WINDOWS\Minidump\061915-25031-01.dmp
2015-06-18 17:19 - 2015-06-18 17:19 - 00709328 _____ C:\WINDOWS\Minidump\061815-20968-01.dmp
2015-06-18 09:48 - 2015-06-18 09:49 - 00000000 ____D C:\Users\sky_b_000\Desktop\DCIM
2015-06-18 06:34 - 2015-06-18 06:36 - 00683376 _____ C:\WINDOWS\Minidump\061815-23984-01.dmp
2015-06-18 04:01 - 2015-06-18 04:01 - 00709480 _____ C:\WINDOWS\Minidump\061815-20312-01.dmp
2015-06-17 09:01 - 2015-06-17 09:01 - 00805616 _____ C:\WINDOWS\Minidump\061715-21140-01.dmp
2015-06-16 20:43 - 2015-06-16 20:43 - 00683024 _____ C:\WINDOWS\Minidump\061615-20593-01.dmp
2015-06-16 07:42 - 2015-06-16 07:44 - 00683376 _____ C:\WINDOWS\Minidump\061615-23546-01.dmp
2015-06-15 17:57 - 2015-06-15 17:57 - 00709480 _____ C:\WINDOWS\Minidump\061515-18406-01.dmp
2015-06-15 07:53 - 2015-06-15 07:53 - 00683384 _____ C:\WINDOWS\Minidump\061515-19875-01.dmp
2015-06-14 11:57 - 2015-06-14 12:01 - 19730344 _____ C:\Users\sky_b_000\Downloads\[Satoshi Kishinosato] The Teacher's Counterattack [English] =LWB=.zip
2015-06-14 11:25 - 2015-06-14 11:26 - 00710248 _____ C:\WINDOWS\Minidump\061415-20406-01.dmp
2015-06-13 23:02 - 2015-06-13 23:03 - 00709792 _____ C:\WINDOWS\Minidump\061315-18343-01.dmp
2015-06-13 09:04 - 2015-06-13 09:05 - 00000000 ____D C:\Users\sky_b_000\Downloads\The Last Ship Season 1 Complete
2015-06-13 08:04 - 2015-06-13 08:05 - 00709376 _____ C:\WINDOWS\Minidump\061315-21609-01.dmp
2015-06-12 15:31 - 2015-06-12 15:31 - 00682888 _____ C:\WINDOWS\Minidump\061215-19046-01.dmp
2015-06-12 07:00 - 2015-06-12 07:02 - 00709832 _____ C:\WINDOWS\Minidump\061215-20593-01.dmp
2015-06-12 05:16 - 2015-06-12 05:17 - 00709776 _____ C:\WINDOWS\Minidump\061215-20281-01.dmp
2015-06-11 09:35 - 2015-06-11 09:37 - 00833784 _____ C:\WINDOWS\Minidump\061115-36796-01.dmp
2015-06-11 06:07 - 2015-04-08 15:07 - 00410336 _____ C:\WINDOWS\system32\ApnDatabase.xml
2015-06-11 06:07 - 2015-03-01 18:43 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastapi.dll
2015-06-11 06:07 - 2015-03-01 18:21 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastapi.dll
2015-06-11 06:06 - 2015-04-01 15:42 - 03097600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-06-11 06:06 - 2015-04-01 15:30 - 02483712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-06-11 05:58 - 2015-04-24 19:34 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-06-11 05:58 - 2015-04-24 19:33 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-06-11 05:58 - 2015-04-13 15:37 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2015-06-11 05:58 - 2015-04-13 15:34 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2015-06-11 05:58 - 2015-04-09 17:40 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-06-11 05:58 - 2015-04-09 17:17 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-06-11 05:57 - 2015-05-27 07:35 - 24917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-06-11 05:57 - 2015-05-27 07:08 - 19607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-06-11 05:57 - 2015-05-22 20:15 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-06-11 05:57 - 2015-05-22 20:14 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-06-11 05:57 - 2015-05-22 20:10 - 02278912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-06-11 05:57 - 2015-05-22 20:05 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-06-11 05:57 - 2015-05-22 20:04 - 00620032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2015-06-11 05:57 - 2015-05-22 19:48 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-06-11 05:57 - 2015-05-22 19:47 - 04305920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-06-11 05:57 - 2015-05-22 19:47 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-06-11 05:57 - 2015-05-22 19:47 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-06-11 05:57 - 2015-05-22 19:43 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-06-11 05:57 - 2015-05-22 19:38 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-06-11 05:57 - 2015-05-22 19:38 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-06-11 05:57 - 2015-05-22 19:37 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-06-11 05:57 - 2015-05-22 19:28 - 12829696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-06-11 05:57 - 2015-05-22 19:28 - 01042944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-06-11 05:57 - 2015-05-22 19:20 - 01950720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-06-11 05:57 - 2015-05-22 19:16 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-06-11 05:57 - 2015-05-22 19:14 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-06-11 05:57 - 2015-05-22 12:00 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-06-11 05:57 - 2015-05-22 12:00 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-06-11 05:57 - 2015-05-22 12:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-06-11 05:57 - 2015-05-22 11:52 - 06026240 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-06-11 05:57 - 2015-05-22 11:48 - 00633856 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2015-06-11 05:57 - 2015-05-22 11:47 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-06-11 05:57 - 2015-05-22 11:47 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2015-06-11 05:57 - 2015-05-22 11:24 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-06-11 05:57 - 2015-05-22 11:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-06-11 05:57 - 2015-05-22 11:21 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-06-11 05:57 - 2015-05-22 11:15 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-06-11 05:57 - 2015-05-22 11:09 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-06-11 05:57 - 2015-05-22 11:08 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-06-11 05:57 - 2015-05-22 11:06 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-06-11 05:57 - 2015-05-22 11:05 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-06-11 05:57 - 2015-05-22 10:57 - 14404096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-06-11 05:57 - 2015-05-22 10:50 - 02426880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-06-11 05:57 - 2015-05-22 10:49 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-06-11 05:57 - 2015-05-22 10:38 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-06-11 05:57 - 2015-05-22 10:26 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-06-11 05:57 - 2015-05-21 09:47 - 04177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-06-11 05:57 - 2015-04-15 23:17 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-06-11 05:57 - 2015-03-31 21:21 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-06-11 05:57 - 2015-03-31 21:18 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-06-11 05:57 - 2015-03-31 21:17 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-06-11 05:57 - 2015-03-31 21:08 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-06-11 05:57 - 2015-03-31 20:46 - 03633664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-06-11 05:57 - 2015-03-31 20:17 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-06-11 05:57 - 2015-03-31 20:17 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-06-11 05:57 - 2015-03-31 19:53 - 00391680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-06-11 05:57 - 2015-03-31 19:53 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-06-11 05:57 - 2015-03-31 19:45 - 02749952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-06-11 05:57 - 2015-03-31 19:45 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-06-11 05:57 - 2015-03-31 19:14 - 01920000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-06-11 05:57 - 2015-03-31 19:12 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-06-11 05:48 - 2015-06-11 05:50 - 00788624 _____ C:\WINDOWS\Minidump\061115-35218-01.dmp
2015-06-10 15:47 - 2015-06-10 15:47 - 00709776 _____ C:\WINDOWS\Minidump\061015-20984-01.dmp
2015-06-10 09:23 - 2015-06-10 09:23 - 00808168 _____ C:\WINDOWS\Minidump\061015-36078-01.dmp
2015-06-10 06:38 - 2015-06-10 06:39 - 00000000 ____D C:\Users\sky_b_000\Downloads\Incest Manga Collection (PACK 5)
2015-06-10 06:23 - 2015-06-10 06:24 - 00000000 ____D C:\Users\sky_b_000\Downloads\Translated Incest Manga Collection
2015-06-10 04:05 - 2015-06-10 04:05 - 00735848 _____ C:\WINDOWS\Minidump\061015-21437-01.dmp
2015-06-09 07:51 - 2015-06-09 07:53 - 00681848 _____ C:\WINDOWS\Minidump\060915-23421-01.dmp
2015-06-08 15:41 - 2015-06-08 15:42 - 00708904 _____ C:\WINDOWS\Minidump\060815-17953-01.dmp
2015-06-08 14:54 - 2015-06-08 14:54 - 00709480 _____ C:\WINDOWS\Minidump\060815-20984-01.dmp
2015-06-08 12:38 - 2015-06-08 12:40 - 00833424 _____ C:\WINDOWS\Minidump\060815-32671-01.dmp
2015-06-08 08:56 - 2015-06-08 08:58 - 00806168 _____ C:\WINDOWS\Minidump\060815-30906-01.dmp
2015-06-07 20:18 - 2015-06-07 20:18 - 00709832 _____ C:\WINDOWS\Minidump\060715-20437-01.dmp
2015-06-07 14:23 - 2015-06-07 14:24 - 00704048 _____ C:\WINDOWS\Minidump\060715-18937-01.dmp
2015-06-07 05:01 - 2015-06-07 05:01 - 00709464 _____ C:\WINDOWS\Minidump\060715-22312-01.dmp
2015-06-06 11:33 - 2015-06-06 11:34 - 00832632 _____ C:\WINDOWS\Minidump\060615-30031-01.dmp
2015-06-06 04:05 - 2015-06-06 04:06 - 00683408 _____ C:\WINDOWS\Minidump\060615-18609-01.dmp
2015-06-05 10:26 - 2015-06-05 10:27 - 00710200 _____ C:\WINDOWS\Minidump\060515-28406-01.dmp
2015-06-05 05:45 - 2015-06-05 05:45 - 00682888 _____ C:\WINDOWS\Minidump\060515-17828-01.dmp
2015-06-03 05:16 - 2015-06-28 13:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 12:14 - 2015-06-02 12:14 - 00000000 ____D C:\Users\sky_b_000\AppData\Local\GWX

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-02 19:04 - 2014-10-23 06:38 - 01139904 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-02 19:02 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-02 18:47 - 2014-11-07 08:17 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-02 17:57 - 2012-07-26 00:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-02 17:56 - 2014-11-01 17:05 - 00000000 ____D C:\ProgramData\Kodak
2015-07-02 17:54 - 2014-10-23 08:21 - 00000000 ___RD C:\Users\sky_b_000\OneDrive
2015-07-02 17:54 - 2013-09-04 08:15 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-02 17:51 - 2014-10-23 06:21 - 00000000 ____D C:\Users\sky_b_000
2015-07-02 17:40 - 2014-09-24 00:15 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-02 17:36 - 2013-08-22 07:46 - 00340106 _____ C:\WINDOWS\setupact.log
2015-07-02 17:36 - 2013-08-22 07:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-02 17:34 - 2014-10-23 19:42 - 00000000 ____D C:\WINDOWS\Minidump
2015-07-02 17:33 - 2014-10-23 19:42 - 1179685476 _____ C:\WINDOWS\MEMORY.DMP
2015-07-02 17:33 - 2014-09-24 00:03 - 00715826 _____ C:\WINDOWS\PFRO.log
2015-07-01 13:03 - 2013-09-04 08:08 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1176184171-858246872-3196634281-1001
2015-06-28 21:17 - 2014-08-14 14:29 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-28 21:16 - 2014-08-14 14:29 - 00001078 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-28 21:16 - 2014-08-14 14:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-28 21:16 - 2014-08-14 14:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-28 14:27 - 2013-08-22 08:36 - 00000000 ____D C:\Program Files\Common Files\System
2015-06-27 21:59 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\tracing
2015-06-23 17:08 - 2013-06-30 06:03 - 00000000 ____D C:\WINDOWS\NAPP_Dism_Log
2015-06-23 17:07 - 2013-06-30 05:24 - 00000000 ____D C:\Program Files (x86)\Acer Incorporated
2015-06-23 16:47 - 2015-04-14 09:47 - 18174128 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2015-06-23 16:47 - 2014-11-07 08:17 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-06-23 16:44 - 2013-09-04 08:26 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-06-22 18:16 - 2013-09-04 08:19 - 00002167 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-19 21:33 - 2013-09-04 08:15 - 00003894 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-19 21:33 - 2013-09-04 08:15 - 00003658 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-19 21:33 - 2013-09-04 08:15 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-19 21:29 - 2013-08-22 06:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-06-19 21:22 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-06-19 20:15 - 2013-06-30 05:27 - 00000000 ____D C:\ProgramData\Package Cache
2015-06-19 20:12 - 2015-02-02 18:28 - 00000000 __SHD C:\Users\sky_b_000\AppData\Local\EmieUserList
2015-06-19 20:12 - 2015-02-02 18:28 - 00000000 __SHD C:\Users\sky_b_000\AppData\Local\EmieSiteList
2015-06-19 20:12 - 2015-02-02 18:28 - 00000000 __SHD C:\Users\sky_b_000\AppData\Local\EmieBrowserModeList
2015-06-19 20:09 - 2014-01-04 00:46 - 00000000 ____D C:\Users\sky_b_000\AppData\Roaming\vlc
2015-06-19 20:02 - 2014-09-24 02:55 - 00792568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-06-19 20:02 - 2014-09-24 02:55 - 00178168 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-19 08:17 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\rescache
2015-06-18 08:42 - 2014-08-14 14:29 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-06-18 08:41 - 2014-08-14 14:29 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-06-18 08:41 - 2014-08-14 14:29 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-06-16 20:47 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-06-13 21:56 - 2013-12-22 17:24 - 00000000 ____D C:\Users\sky_b_000\AppData\Roaming\uTorrent
2015-06-12 15:37 - 2013-08-22 07:44 - 00493176 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-06-11 12:16 - 2013-11-24 19:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-06-11 12:09 - 2013-11-24 19:54 - 140135120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-06-09 17:04 - 2015-02-02 18:28 - 00003938 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E8D89A0D-2DDA-4C6A-B33F-CA24586D9951}

==================== Files in the root of some directories =======

2013-11-23 15:59 - 2013-11-23 15:59 - 50053120 _____ () C:\Program Files (x86)\GUT544C.tmp
2014-11-01 20:19 - 2014-11-01 20:19 - 0000236 _____ () C:\Users\sky_b_000\AppData\Local\LaunchHomeCenter.log
2013-06-30 05:48 - 2013-06-30 05:48 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-09-04 08:14 - 2014-07-17 08:09 - 0000193 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

Some files in TEMP:
====================
C:\Users\sky_b_000\AppData\Local\Temp\14D7EC85-2E83-98FA-8C0B-AB8B6EF46D02.dll
C:\Users\sky_b_000\AppData\Local\Temp\14D7EC85-2E83-98FA-8C0B-AB8B6EF46D02.exe
C:\Users\sky_b_000\AppData\Local\Temp\7E60F7EF-8C43-63C5-8D5D-76878EB20572.exe
C:\Users\sky_b_000\AppData\Local\Temp\B1YCF5gsLg.exe
C:\Users\sky_b_000\AppData\Local\Temp\BackupSetup.exe
C:\Users\sky_b_000\AppData\Local\Temp\BruKEp0CV1.exe
C:\Users\sky_b_000\AppData\Local\Temp\fsd756E.exe
C:\Users\sky_b_000\AppData\Local\Temp\instsl.exe
C:\Users\sky_b_000\AppData\Local\Temp\kyX7SyxKoy.exe
C:\Users\sky_b_000\AppData\Local\Temp\libmfxsw32.dll
C:\Users\sky_b_000\AppData\Local\Temp\oi_{C2D740E1-85EA-4FCD-91F8-3D57933C3B4E}.exe
C:\Users\sky_b_000\AppData\Local\Temp\setup_vodburner.exe
C:\Users\sky_b_000\AppData\Local\Temp\SkypeSetup.exe
C:\Users\sky_b_000\AppData\Local\Temp\SpOrder.dll
C:\Users\sky_b_000\AppData\Local\Temp\tu17p84.exe
C:\Users\sky_b_000\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\sky_b_000\AppData\Local\Temp\vVvABBvJTr.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-02 17:47

==================== End of log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 05 July 2015 - 08:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKU\S-1-5-18\...\Run: [] => [X]
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1176184171-858246872-3196634281-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Task: {09E3DA85-54D7-4A23-9BC3-DED663018614} - \SMWUpd No Task File <==== ATTENTION
Task: {23F488A2-A094-44E7-98D9-152EC47C9A7C} - \SMW_UpdateTask_Time_3735323530373739302d345b413455412a45235a6c6c No Task File <==== ATTENTION
Task: {4C8D9FBC-5C43-4312-804F-39635D67B4AE} - \boosterpop No Task File <==== ATTENTION
Task: {59347864-7E7D-4ED1-ACB7-691F9955D6BD} - \Microsoft\Windows\Maintenance\Web Tool Updater No Task File <==== ATTENTION
Task: {59E24EA0-87AC-42A1-A833-C036A5F72212} - \Web Tool Runner No Task File <==== ATTENTION
Task: {9E56DD4C-85A5-4D02-BE79-25E4AB510A5B} - System32\Tasks\DYFPAF => C:\ProgramData\cc418c9125014c0e8e15c8c384d8bbef\cc418c9125014c0e8e15c8c384d8bbef.exe <==== ATTENTION
Task: {BB7AA892-4B74-41A0-90D3-CB548B1FC526} - \Installer_shopperpro No Task File <==== ATTENTION
Task: {E3C0D682-D79A-490F-B9D3-04B42C0854D5} - \PCPrivacyDock_Popup3 No Task File <==== ATTENTION
C:\ProgramData\cc418c9125014c0e8e15c8c384d8bbef\cc418c9125014c0e8e15c8c384d8bbef.exe

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#3 ableben

ableben
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 05 July 2015 - 04:54 PM

still having the exact same problems nasdaq, it looked ok for a few minutes when i tried going to google, yahoo, facebook just to see if the ads and the redirect was gone, but sadly when i tried going to facebook then here to post my reply everything that was happing before just came flooding back like the dam just broke and im on a tiny tiny raft.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Toolarrow-10x10.png (JRT) by Malwarebytesarrow-10x10.png
Version: 7.3.1 (07.05.2015:1)
OS: Windows 8arrow-10x10.png.1 x64
Ran by sky_b_000 on Sun 07/05/2015 at 14:26:16.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\AI_Updater
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\IEError



~~~ Registry Valuesarrow-10x10.png



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\Update Box Rock



~~~ Files

Successfully deleted: [File] C:\Program Files (x86)\GUT544C.tmp



~~~ Folders

Successfully deleted: [Folder] C:\Program Files (x86)\br media player
Successfully deleted: [Folder] C:\Users\sky_b_000\appdata\local\crashrpt
Successfully deleted: [Folder] C:\Users\sky_b_000\appdata\local\installer
Successfully deleted: [Folder] C:\Users\sky_b_000\appdata\locallow\company
Successfully deleted: [Folder] C:\WINDOWS\syswow64\ai_recyclebin



~~~ FireFox

Emptied folder: C:\Users\sky_b_000\AppData\Roaming\mozilla\firefox\profiles\pmd6ywmi.default\minidumps [11 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\sky_b_000\appdata\local\Google\Chrome\User Data\Default\Extensions\kcdcneeneoifbeenbbnjodcflhdbaggp

[C:\Users\sky_b_000\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\sky_b_000\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
kcdcneeneoifbeenbbnjodcflhdbaggp

[C:\Users\sky_b_000\appdata\local\Google\Chrome\User Data\Default Securearrow-10x10.png Preferences] - default search provider reset

[C:\Users\sky_b_000\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
  booedmolknjekdopkepjjeckmjkdpfgl,
  flpcjncodpafbgdpnkljologafpionhb,
  kcdcneeneoifbeenbbnjodcflhdbaggp
]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 07/05/2015 at 14:30:21.22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v4.207 - Logfile created 05/07/2015 at 14:34:48
# Updated 21/06/2015 by Xplode
# Database : 2015-07-05.2 Serverarrow-10x10.png]
# Operating system : Windows 8arrow-10x10.png.1  (x64)
# Username : sky_b_000 - ABLEBEN
# Running from : C:\Users\sky_b_000\Desktop\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
Key Deleted : HKLM\SOFTWARE\Br MediaPlayer
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E

***** [ Web browsersarrow-10x10.png ] *****

-\\ Internet Explorerarrow-10x10.png v11.0.9600.17840


-\\ Mozilla Firefox v38.0.5 (x86 en-US)


-\\ Google Chromearrow-10x10.png v43.0.2357.130

[C:\Users\sky_b_000\AppData\Local\Google\Chrome\User Data\Default Securearrow-10x10.png Preferences] - Deleted [Homepage] : hxxp://www.trovi.com/?gd=&ctid=CT3333887&octid=EB_ORIGINAL_CTID&ISID=M05A00A22-3976-4B57-A747-74E8CA186DEC&SearchSource=55&CUI=&UM=8&UP=SP46D681A4-EC22-4001-B7B9-F662D9448AF2&D=062015&SSPV=

*************************

AdwCleaner[R0].txt - [15251 bytes] - [28/06/2015 14:26:30]
AdwCleaner[R1].txt - [1393 bytes] - [28/06/2015 16:08:30]
AdwCleaner[R2].txt - [1876 bytes] - [05/07/2015 14:32:12]
AdwCleaner[S0].txt - [14654 bytes] - [28/06/2015 14:27:23]
AdwCleaner[S1].txt - [1813 bytes] - [05/07/2015 14:34:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1872  bytes] ##########
 

 

 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 06 July 2015 - 07:27 AM

Reset the browsers.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.

====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===

#5 ableben

ableben
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:56 PM

Posted 06 July 2015 - 12:18 PM

everything seems to be working ok now nasdaq. i thank you and appreciate your time in helping me with this little problem, hope you have a wonderful rest of your week.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 06 July 2015 - 12:19 PM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 PM

Posted 12 July 2015 - 06:55 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users