Jump to content

Weird pop up ad suddenly appearing on different browsers

Ezz

By Ezz
in Resolved Malware Removal Logs

 Share

Recommended Posts

Ezz

Ezz

Posted
Posted

Suddenly i started seeing a Pop up square ad in the middle of the screen usually white/Empty (probably because of Adblocker?) and it messed up lots of site specially youtube.com

when the Ad appear the flash player stops responding then i have to clean cookies and cache for it to work again -few minutes- before happening again
also whats REALLY weird is that the layout it 'completely' messed up when i Sign into youtube! when i sign out the layout becomes normal again

I been using Bitdifender for years now and this is my first weird problem im unable to solve
I Scanned with Bitdefender full system scan then on demand scan got nothing related
Then did malewarebytes 
Kasper's tdsskiller
ComboFix
JRT
HitmanPro

Link to post
Share on other sites
Ezz

Ezz

Posted
  • Author
Posted

Sorry i accidentally clicked stuff+Enter which posted the topic and now i can't Edit it ._. 

example:
http://i.imgur.com/RuB045g.jpg
http://i.imgur.com/3DPmtrw.jpg

This is what happens to Youtube.com
http://i.imgur.com/HmJMEeB.jpg (Not signed in)
http://i.imgur.com/mLn8IRh.jpg (Signed in here)

FRST.txt
-------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-10-2014 01
Ran by M-Ezz (administrator) on M-EZZ-PC on 13-10-2014 13:34:37
Running from C:\Users\M-Ezz\Downloads
Loaded Profile: M-Ezz (Available profiles: M-Ezz)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSrv.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version9\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(SoftPerfect Research) C:\Program Files\NetWorx\networx.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Drive Software Company) C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Ditto\Ditto.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdparentalsystray.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
(CyberLink) C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
() C:\MyImgur\MyImgur.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxcrnmh.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [499768 2009-09-01] (Hewlett-Packard)
HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888 2010-01-20] ()
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [NetWorx] => C:\Program Files\NetWorx\networx.exe [4460240 2014-10-01] (SoftPerfect Research)
HKLM\...\Run: [bdagent] => C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1837336 2014-08-13] (Bitdefender)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [282624 2009-05-14] (Alps Electric Co., Ltd.)
HKU\S-1-5-21-1936142437-152300033-1077055761-1000\...\Run: [Mal Updater 2] => C:\Program Files\Mal Updater 2\MalUpdater.exe [2300416 2001-01-01] (eden.fm)
HKU\S-1-5-21-1936142437-152300033-1077055761-1000\...\Run: [AtomicAlarmClock6] => C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [3617792 2013-08-06] (Drive Software Company)
HKU\S-1-5-21-1936142437-152300033-1077055761-1000\...\Run: [MyImgur] => C:\MyImgur\MyImgur.exe [3061248 2014-10-04] ()
HKU\S-1-5-21-1936142437-152300033-1077055761-1000\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [1433200 2012-11-08] ()
HKU\S-1-5-21-1936142437-152300033-1077055761-1000\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-21-1936142437-152300033-1077055761-1000\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2014-08-13] (Bitdefender)
HKU\S-1-5-21-1936142437-152300033-1077055761-1000\...\Run: [Pando Media Booster] => C:\Program Files\Pando Networks\Media Booster\PMB.exe [4287536 2013-09-16] ()
HKU\S-1-5-21-1936142437-152300033-1077055761-1000\...\Run: [MP3 Skype recorder] => C:\Users\M-Ezz\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe [1551872 2014-02-10] ()
HKU\S-1-5-21-1936142437-152300033-1077055761-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [482392 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [bitdefender Wallet] => C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901608 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\Run: [bitdefender Wallet Application Agent] => C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [615256 2014-08-13] (Bitdefender)
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-04-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=U219DHP&pc=U219
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MSN_WCP
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 31.3.252.86 31.3.252.80
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @real.com/nppl3260;version=6.0.12.450 -> C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.448 -> C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\M-Ezz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\M-Ezz\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-12-26]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "about:blank", "hxxp://www.google.com/"
CHR Profile: C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-13]
CHR Extension: (Reverse Youtube Playlist) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajhonbaagcobjdmbocblbebcmbmmbfmi [2014-10-13]
CHR Extension: (Google Docs) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-13]
CHR Extension: (Google Drive) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-13]
CHR Extension: (IMDB Watch Trailer on YouTube) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcgckdfdcmpfidoamhnmomhlhmkblhli [2014-10-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-13]
CHR Extension: (YouTube) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-13]
CHR Extension: (Bitdefender Wallet) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccahoghmggldkcdjiebjkidpfongdfbl [2014-10-13]
CHR Extension: (Ratings Preview for YouTube™) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbhdenfmgbagncdmgbholejjpmmiank [2014-10-13]
CHR Extension: (Download FB Album mod) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2014-10-13]
CHR Extension: (OneTab) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2014-10-13]
CHR Extension: (Google Search) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-13]
CHR Extension: (New Tab Plus(APP)) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmmfcbpgflaeiipmbhelananakfcodj [2014-10-13]
CHR Extension: (Google Calendar) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-10-13]
CHR Extension: (Google Sheets) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-13]
CHR Extension: (AdBlock) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-10-13]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-10-13]
CHR Extension: (Bitly | Unleash the power of the link) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic [2014-10-13]
CHR Extension: (Social Fixer for Facebook) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifmhoabcaeehkljcfclfiieohkohdgbb [2014-10-13]
CHR Extension: (Streamus™ (Beta!)) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbnkffmindojffecdhbbmekbmkkfpmjd [2014-10-13]
CHR Extension: (Auto Replay for YouTube™) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb [2014-10-13]
CHR Extension: (JDownloader Integration for Google Chrome™) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\laeghehalempfenbefbjbhccjcoakpmm [2014-10-13]
CHR Extension: (Facebook Album & Photo Manager) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgiedegfmekolcplboelnmfoiefpcpfg [2014-10-13]
CHR Extension: (Lyrics Here by Rob W) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifkpflabnobkgbjpcmocmgcajlecbcp [2014-10-13]
CHR Extension: (Ashish Mishra) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnkdbjbjpnpjeciipoaflmpcddinpjjp [2014-10-13]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-13]
CHR Extension: (Facebook Chat Pop-Outs) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnocoggcoknkjehhjjpanophojgknbpd [2014-10-13]
CHR Extension: (Hover Zoom) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2014-10-13]
CHR Extension: (SoundCloud Repeat for Chrome) - C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocbelgmifabpckobkjeipjndggnflmlo [2014-10-13]
CHR HKLM\...\Chrome\Extension: [ccahoghmggldkcdjiebjkidpfongdfbl] - C:\Program Files\Bitdefender\Bitdefender\pmbxcr.crx [2014-03-27]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 AtomicAlarmClock; C:\Program Files\Atomic Alarm Clock\timeserv.exe [2007040 2013-04-24] () [File not signed]
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1680088 2013-10-28] (Broadcom Corporation.)
R2 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [69880 2014-08-13] (Bitdefender)
S4 HP Support Assistant Service; C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
S4 PanService; C:\Program Files\PANDORA.TV\PanService\KMPService.exe [1922600 2013-07-08] (Pandora.TV)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [311378 2013-05-16] (IDT, Inc.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [1699680 2012-09-17] (TuneUp Software)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [54424 2014-08-13] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1251808 2014-08-13] (Bitdefender)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1060312 2014-08-13] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [528248 2014-08-13] (BitDefender)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [175320 2013-10-28] (Broadcom Corporation.)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [77632 2014-05-22] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)
R1 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [108008 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2014-10-04] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
S3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [144600 2013-08-09] (Broadcom Corporation.)
S3 DrvAgent32; C:\Windows\system32\Drivers\DrvAgent32.sys [23456 2013-09-26] (Phoenix Technologies) [File not signed]
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2010-06-14] () [File not signed]
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-08-23] (BitDefender LLC)
R0 iaStorA; C:\Windows\System32\DRIVERS\iaStorA.sys [527344 2013-03-05] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [26096 2013-03-05] (Intel Corporation)
R0 iusb3hcs; C:\Windows\System32\DRIVERS\iusb3hcs.sys [16880 2013-02-22] (Intel Corporation)
S3 mcdbus; C:\Windows\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwNs32.sys [7530736 2013-07-11] (Intel Corporation)
R1 networx; C:\Windows\System32\drivers\networx.sys [55288 2014-08-01] (NetFilterSDK.com)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [114408 2013-12-16] (Power Software Ltd)
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2009-09-19] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2009-09-19] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2009-09-19] (MCCI Corporation)
U3 TrueSight; C:\Windows\system32\TrueSight.sys [26624 2013-09-24] () [File not signed]
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [10088 2012-08-29] (TuneUp Software)
R2 VBoxDrv; C:\Program Files\YouWave Android\vb\VBoxDrv.sys [142720 2014-03-30] (Oracle Corporation)
S3 BHipsEx; \??\C:\Windows\System32\drivers\BHipsEx.sys [X]
S3 BprotectEx; \??\C:\Windows\System32\drivers\BprotectEx.sys [X]
S3 catchme; \??\C:\Users\M-Ezz\AppData\Local\Temp\catchme.sys [X]
U4 eabfiltr; No ImagePath
S3 PCFApiUtil; \??\C:\Program Files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 XDva404; \??\C:\Windows\system32\XDva404.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-13 13:34 - 2014-10-13 13:35 - 00022235 _____ () C:\Users\M-Ezz\Downloads\FRST.txt
2014-10-13 13:34 - 2014-10-13 13:34 - 00000000 ____D () C:\FRST
2014-10-13 13:24 - 2014-10-13 13:24 - 01101824 _____ (Farbar) C:\Users\M-Ezz\Downloads\FRST.exe
2014-10-13 12:47 - 2014-10-13 12:49 - 09345117 _____ (Eden.fm ) C:\Users\M-Ezz\Downloads\MyImgur375.exe
2014-10-13 12:43 - 2014-10-13 12:44 - 00685825 _____ (Eden.fm ) C:\Users\M-Ezz\Downloads\Unconfirmed 543696.crdownload
2014-10-13 12:01 - 2014-10-13 12:01 - 00024394 _____ () C:\ComboFix.txt
2014-10-13 11:41 - 2014-10-13 11:41 - 00000629 _____ () C:\Users\M-Ezz\Desktop\JRT.txt
2014-10-13 08:32 - 2014-10-13 08:32 - 00000307 ____H () C:\bdr-cf01
2014-10-13 07:20 - 2014-10-13 07:20 - 00002164 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-13 07:20 - 2014-10-13 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-13 07:16 - 2014-10-13 12:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-10-13 07:16 - 2014-10-13 07:16 - 00000000 ____D () C:\Program Files\HitmanPro
2014-10-13 07:15 - 2014-10-13 07:18 - 05582915 ____R (Swearware) C:\Users\M-Ezz\Downloads\ComboFix.exe
2014-10-13 07:15 - 2014-10-13 07:17 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\M-Ezz\Downloads\tdsskiller.exe
2014-10-13 07:13 - 2014-10-13 07:13 - 00000000 ____D () C:\Windows\ERUNT
2014-10-13 07:11 - 2014-10-13 07:11 - 01705755 _____ (Thisisu) C:\Users\M-Ezz\Downloads\JRT.exe
2014-10-13 07:10 - 2014-10-13 07:10 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-13 07:10 - 2014-10-13 07:10 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-13 07:10 - 2014-10-13 07:10 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-10-13 07:10 - 2014-10-13 07:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-10-13 07:08 - 2014-10-13 07:12 - 10280824 _____ (SurfRight B.V.) C:\Users\M-Ezz\Downloads\HitmanPro.exe
2014-10-13 07:01 - 2014-10-13 07:01 - 00001087 _____ () C:\Users\Public\Desktop\Opera.lnk
2014-10-13 07:01 - 2014-10-13 07:01 - 00001087 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2014-10-13 07:01 - 2014-10-13 07:01 - 00000000 ____D () C:\Users\M-Ezz\AppData\Roaming\Opera Software
2014-10-13 07:01 - 2014-10-13 07:01 - 00000000 ____D () C:\Users\M-Ezz\AppData\Local\Opera Software
2014-10-13 07:01 - 2014-10-13 07:01 - 00000000 ____D () C:\Program Files\Opera
2014-10-13 06:58 - 2014-10-13 06:58 - 00005394 _____ () C:\Windows\IE11_main.log
2014-10-13 06:58 - 2014-10-13 06:58 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-10-13 06:34 - 2014-10-13 06:34 - 00385096 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-10-11 19:20 - 2014-10-11 19:21 - 00017415 _____ () C:\Users\M-Ezz\Downloads\[AnchanZ] D-Frag! OVAv2 (DVD 1024x576 AVC AAC).mkv.torrent
2014-10-11 00:57 - 2014-10-11 00:57 - 00000000 ____D () C:\Users\M-Ezz\AppData\Roaming\LavasoftStatistics
2014-10-10 17:02 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-10-10 17:00 - 2014-10-13 06:54 - 00000000 ____D () C:\AdwCleaner
2014-10-10 13:11 - 2014-10-10 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-10 13:11 - 2014-10-10 13:11 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-10 13:11 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-10 13:11 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-10 13:11 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-10 12:49 - 2014-10-13 06:14 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-10-10 12:49 - 2014-10-10 13:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-10 12:49 - 2014-10-10 12:49 - 00000000 ____D () C:\Users\M-Ezz\AppData\Roaming\Malwarebytes
2014-10-08 08:52 - 2014-10-08 08:52 - 05690747 _____ () C:\Users\M-Ezz\Downloads\Voice 002.3ga
2014-10-07 14:33 - 2014-10-07 14:33 - 00026702 _____ () C:\Users\M-Ezz\Downloads\[DeadFish] Amagi Brilliant Park - 01 [720p][AAC].mp4.torrent
2014-10-07 04:28 - 2014-10-07 04:28 - 00018248 _____ () C:\Users\M-Ezz\Downloads\[ZenSub] Gokukoku no Brynhildr 11.5 OVA [01635B8B].mkv.torrent
2014-10-07 04:17 - 2014-10-07 04:17 - 00002190 _____ () C:\Users\M-Ezz\Downloads\[HorribleSubs] Danna ga Nani wo Itteiru ka Wakaranai Ken - 01 [480p].mkv.torrent
2014-10-07 04:13 - 2014-10-07 04:13 - 00001203 _____ () C:\Users\M-Ezz\Downloads\[Vivid-Asenshi] Akame ga Kill Theater - 14 [53B1197D].mkv.torrent
2014-10-06 10:52 - 2014-10-06 10:52 - 00018850 _____ () C:\Users\M-Ezz\Downloads\[WCP] Naruto Shippuden - Sunny Side Battle Jump Festa OVA [480p].mkv.torrent
2014-10-04 20:00 - 2014-10-04 20:00 - 00066832 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2014-10-04 19:20 - 2014-10-04 19:20 - 00001316 _____ () C:\Users\M-Ezz\Downloads\[Over-Time] Monthly Girls Nozaki-kun - Special Anime First Issue [b3FD97A7].mkv (1).torrent
2014-10-04 19:01 - 2014-10-04 19:01 - 00000020 _____ () C:\ProgramData\bc.ini
2014-10-04 14:23 - 2014-10-04 14:23 - 00001316 _____ () C:\Users\M-Ezz\Downloads\[Over-Time] Monthly Girls Nozaki-kun - Special Anime First Issue [b3FD97A7].mkv.torrent
2014-10-04 09:59 - 2014-10-04 09:59 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-10-04 09:18 - 2014-10-04 09:18 - 00000000 ___RD () C:\Program Files\Skype
2014-10-04 09:18 - 2014-10-04 09:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-10-04 09:18 - 2014-10-04 09:18 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-10-04 09:05 - 2014-10-04 09:05 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-10-04 09:05 - 2014-10-04 09:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-10-04 09:05 - 2014-10-04 09:05 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-10-04 09:05 - 2014-10-04 09:05 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-10-04 09:05 - 2014-10-04 09:05 - 00000000 ____D () C:\ProgramData\Sun
2014-10-04 09:05 - 2014-10-04 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-04 09:05 - 2014-10-04 09:05 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-10-04 03:34 - 2014-10-11 19:27 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-10-04 03:30 - 2014-10-13 12:50 - 00000000 ____D () C:\MyImgur
2014-10-04 03:24 - 2014-10-04 03:24 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-04 03:21 - 2014-10-04 03:21 - 00000000 ____D () C:\Users\M-Ezz\AppData\Roaming\0F1L1I1P0H1L1E1E1F
2014-10-04 03:13 - 2014-10-04 03:13 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-10-04 02:52 - 2014-10-13 12:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyImgur
2014-10-03 06:30 - 2014-10-03 06:30 - 00000000 ____D () C:\Users\M-Ezz\Documents\My Art
2014-10-03 06:29 - 2014-10-03 06:29 - 00000000 ____D () C:\Users\M-Ezz\Documents\NPS
2014-10-03 06:03 - 2014-10-03 06:29 - 00000000 ____D () C:\Users\M-Ezz\Desktop\messages Samsung GT
2014-10-03 05:47 - 2014-10-03 05:47 - 00000000 ____D () C:\Users\M-Ezz\Documents\My NPS Files
2014-10-03 05:47 - 2010-07-04 19:07 - 00238952 _____ (Teruten) C:\Windows\system32\FsUsbExService.Exe
2014-10-03 05:47 - 2010-06-14 09:32 - 00110592 _____ () C:\Windows\system32\FsUsbExDevice.Dll
2014-10-03 05:47 - 2010-06-14 09:32 - 00036608 _____ () C:\Windows\system32\FsUsbExDisk.Sys
2014-10-03 03:27 - 2014-10-03 03:27 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-10-03 03:15 - 2014-10-10 12:55 - 00000000 ____D () C:\Users\M-Ezz\AppData\Roaming\Samsung
2014-10-03 03:15 - 2014-10-10 12:55 - 00000000 ____D () C:\Users\M-Ezz\AppData\Local\Samsung
2014-10-03 03:15 - 2014-10-03 05:47 - 00000000 ____D () C:\Users\M-Ezz\Documents\samsung
2014-10-03 02:35 - 2014-10-05 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-10-03 02:16 - 2014-10-10 12:55 - 00000000 ____D () C:\ProgramData\Samsung
2014-10-03 02:16 - 2014-10-10 12:55 - 00000000 ____D () C:\Program Files\Samsung
2014-10-03 02:16 - 2014-04-30 19:47 - 00821824 _____ (Devguru Co., Ltd.) C:\Windows\system32\dgderapi.dll
2014-10-03 02:16 - 2014-04-30 19:43 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\system32\Redemption.dll
2014-10-03 02:16 - 2014-04-30 19:43 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\system32\secman.dll
2014-10-01 21:51 - 2014-09-25 03:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 18:06 - 2014-10-01 18:06 - 00001102 _____ () C:\Users\M-Ezz\Downloads\[Vivid-Asenshi] Akame ga Kill Theater - 13 [FDC7D5E3].mkv.torrent
2014-09-28 04:11 - 2014-09-28 04:11 - 00012021 _____ () C:\Users\M-Ezz\Downloads\[HorribleSubs] One Piece - 663 [480p].mkv.torrent
2014-09-27 19:02 - 2014-09-27 19:02 - 00032229 _____ () C:\Users\M-Ezz\Downloads\[JnMBS] Ano Natsu de Matteru Tokubetsu-hen - 1v0 [A7301DC6].mkv.torrent
2014-09-25 03:12 - 2014-09-09 23:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-23 17:07 - 2014-09-23 17:07 - 00001243 _____ () C:\Users\M-Ezz\Downloads\[Vivid-Asenshi] Akame ga Kill Theater - 12 [3D83E729].mkv.torrent
2014-09-23 05:30 - 2014-09-23 05:30 - 00012332 _____ () C:\Users\M-Ezz\Downloads\[Hien] Chuunibyou Demo Koi ga Shitai! Ren - Special 5 [bD 1080p H.264 10-bit AAC][E72F27BF].mkv.torrent
2014-09-15 13:04 - 2014-09-15 13:04 - 00001223 _____ () C:\Users\M-Ezz\Downloads\[Vivid-Asenshi] Akame ga Kill Theater - 11 [8DE02377].mkv.torrent
2014-09-14 22:17 - 2014-09-14 22:17 - 00015381 _____ () C:\Users\M-Ezz\Downloads\[anon] No Game No Life Specials - 02 [1080p].mkv.torrent
2014-09-13 18:31 - 2014-09-13 18:31 - 00001424 _____ () C:\Users\M-Ezz\Downloads\[Vivid-Asenshi] Akame ga Kill Theater - 10 [4A97BE6C].mkv.torrent
2014-09-13 18:31 - 2014-09-13 18:31 - 00001424 _____ () C:\Users\M-Ezz\Downloads\[Vivid-Asenshi] Akame ga Kill Theater - 10 [4A97BE6C].mkv (1).torrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-13 13:31 - 2014-02-07 14:36 - 00000000 ____D () C:\Users\M-Ezz\AppData\Roaming\Ditto
2014-10-13 13:25 - 2014-07-10 21:38 - 00000000 ____D () C:\Users\M-Ezz\AppData\Roaming\uTorrent
2014-10-13 12:38 - 2013-04-17 23:13 - 01764250 _____ () C:\Windows\WindowsUpdate.log
2014-10-13 12:34 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-13 12:28 - 2013-04-17 23:17 - 00625178 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-13 12:27 - 2009-07-14 06:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-13 12:27 - 2009-07-14 06:34 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-13 12:22 - 2013-12-26 05:19 - 00000000 ____D () C:\Users\M-Ezz\AppData\Roaming\Mal Updater
2014-10-13 12:21 - 2014-02-09 00:43 - 00042201 _____ () C:\Windows\setupact.log
2014-10-13 12:21 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-13 12:03 - 2014-02-09 00:43 - 02035936 _____ () C:\Windows\PFRO.log
2014-10-13 12:01 - 2013-09-24 07:57 - 00000000 ____D () C:\Qoobox
2014-10-13 11:59 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini
2014-10-13 11:33 - 2013-08-05 06:08 - 00000000 ____D () C:\Windows\pss
2014-10-13 11:12 - 2013-04-18 02:11 - 00000376 _____ () C:\Users\M-Ezz\AppData\Roamingprivacy.xml
2014-10-13 08:32 - 2013-12-26 12:02 - 00253404 ____H () C:\bdr-ld01
2014-10-13 08:32 - 2013-12-26 12:02 - 00009216 ____H () C:\bdr-ld01.mbr
2014-10-13 07:50 - 2014-02-25 06:10 - 00000000 ____D () C:\Users\M-Ezz890sdfg
2014-10-13 07:50 - 2014-02-25 06:08 - 00000000 ____D () C:\Users\M-Ezz890
2014-10-13 07:44 - 2013-04-17 23:14 - 00000000 ____D () C:\Users\M-Ezz
2014-10-13 07:19 - 2013-04-17 23:28 - 00000000 ____D () C:\Program Files\Google
2014-10-13 06:59 - 2013-05-19 10:53 - 00000000 ____D () C:\Users\M-Ezz\AppData\Roaming\MyImgur
2014-10-13 06:58 - 2013-11-10 01:22 - 00000000 ____D () C:\Users\M-Ezz\AppData\Roaming\Free Download Manager
2014-10-13 06:48 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\security
2014-10-12 12:43 - 2013-04-18 01:53 - 00000000 ____D () C:\Users\M-Ezz\AppData\Roaming\Skype
2014-10-10 12:55 - 2013-04-18 00:39 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-10-10 12:53 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-10-10 12:28 - 2013-04-17 23:28 - 00000000 ____D () C:\Users\M-Ezz\AppData\Local\Google
2014-10-10 11:34 - 2013-04-22 10:57 - 00000000 ____D () C:\Users\M-Ezz\AppData\Roaming\Mozilla
2014-10-10 02:00 - 2013-04-24 17:59 - 00000000 ____D () C:\Users\M-Ezz\AppData\Local\Adobe
2014-10-09 02:01 - 2014-01-30 22:31 - 00000000 ____D () C:\Users\M-Ezz\AppData\Local\JDownloader v2.0
2014-10-05 01:44 - 2013-10-07 05:22 - 00000000 ____D () C:\Users\M-Ezz\AppData\Local\Downloaded Installations
2014-10-04 14:28 - 2013-04-18 01:55 - 00073320 _____ () C:\Users\M-Ezz\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-04 14:25 - 2009-07-14 06:33 - 03725832 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-04 09:58 - 2014-02-07 14:57 - 00000000 ____D () C:\Program Files\OpenOffice 4
2014-10-04 09:19 - 2013-04-17 23:44 - 00000000 ____D () C:\ProgramData\Skype
2014-10-04 09:13 - 2013-04-17 23:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-10-04 09:11 - 2013-12-07 23:30 - 00001132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-10-04 09:07 - 2013-12-16 02:07 - 00001127 _____ () C:\Users\M-Ezz\Desktop\Auslogics DiskDefrag.lnk
2014-10-04 09:05 - 2013-04-17 23:31 - 00000000 ____D () C:\Program Files\Java
2014-10-04 06:05 - 2013-05-15 22:51 - 00000000 ____D () C:\Users\M-Ezz\AppData\Local\Captcha_Brotherhood
2014-10-04 03:22 - 2013-08-24 10:44 - 00000000 ____D () C:\Program Files\Notepad++
2014-10-04 03:08 - 2013-09-13 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWorx
2014-10-04 03:08 - 2013-09-13 19:47 - 00000000 ____D () C:\Program Files\NetWorx
2014-10-04 03:05 - 2013-04-18 00:39 - 00000000 ____D () C:\Program Files\IDT
2014-10-03 06:04 - 2013-06-08 03:02 - 00000000 ____D () C:\Users\M-Ezz\AppData\Local\Windows Live
2014-09-30 01:56 - 2013-05-06 19:10 - 00000320 _____ () C:\Windows\Tasks\HPCeeScheduleForM-Ezz.job
2014-09-29 22:58 - 2009-07-14 06:53 - 00032648 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-26 00:45 - 2014-05-10 19:31 - 385268793 _____ () C:\Windows\MEMORY.DMP
2014-09-26 00:45 - 2013-05-28 03:50 - 00000000 ____D () C:\Windows\Minidump
2014-09-25 03:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\fr-FR
2014-09-25 03:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-09-23 19:40 - 2013-07-12 22:16 - 00000000 ____D () C:\Windows\system32\MRT
 
Files to move or delete:
====================
C:\ProgramData\FileSplitUpLoad.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-12 21:00
 
==================== End Of Log ============================




Addition.txt
-------------------------
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-10-2014 01
Ran by M-Ezz at 2014-10-13 13:36:23
Running from C:\Users\M-Ezz\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.3.1.29812 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Alps Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version:  - ALPS ELECTRIC CO., LTD.)
Atomic Alarm Clock 6.13 (HKLM\...\Atomic Alarm Clock_is1) (Version:  - Drive Software Company)
Auslogics DiskDefrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)
Bitdefender Internet Security (HKLM\...\Bitdefender) (Version: 17.23.0.996 - Bitdefender)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.60.350.6 - Broadcom Corporation)
Captcha Brotherhood (HKLM\...\{CCD438F0-5D72-4945-9E72-6560C7E5E0D0}) (Version: 1.2.0 - Brotherhood Software)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Digsby (HKLM\...\Digsby) (Version:  - dotSyntax, LLC)
Ditto (HKLM\...\Ditto_is1) (Version:  - Scott Brogden)
ENE CIR Receiver Driver (HKLM\...\5B73F775A90397BAF80173B8A6C0B327BE3872FB) (Version: 2.7.3.519 - ENE)
Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.1.1031 - Foxit Corporation)
Free Desktop Clock 3.0 (HKLM\...\Free Desktop Clock_is1) (Version:  - Drive Software Company)
Free Download Manager 3.9.3 (HKLM\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Google Chrome (HKLM\...\{AECB34FF-0E9B-38CB-910C-5479A5A52CEA}) (Version: 66.19.16485 - Google, Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP Drive Key Boot Utility (HKLM\...\HP Drive Key Boot Utility) (Version:  - )
HP MediaSmart DVD (HKLM\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 4.0.3822 - Hewlett-Packard)
HP MediaSmart DVD (Version: 4.0.3822 - Hewlett-Packard) Hidden
HP MediaSmart Movie Themes (HKLM\...\InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}) (Version: 3.0.3102 - Hewlett-Packard)
HP MediaSmart Movie Themes (Version: 3.0.3102 - Hewlett-Packard) Hidden
HP MediaSmart Music/Photo/Video (HKLM\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 3.0.3316 - Hewlett-Packard)
HP MediaSmart Music/Photo/Video (Version: 3.0.3316 - Hewlett-Packard) Hidden
HP MediaSmart Video (HKLM\...\InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}) (Version: 4.0.4007 - Hewlett-Packard)
HP MediaSmart Video (Version: 4.0.4007 - Hewlett-Packard) Hidden
HP MediaSmart Webcam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.0.2626 - Hewlett-Packard)
HP MediaSmart Webcam (Version: 4.0.2626 - Hewlett-Packard) Hidden
HP Product Detection (HKLM\...\{879F7C80-BCA3-4A11-BDB1-658252ECD7E0}) (Version: 11.15.0005 - HP)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.16.1 - Hewlett-Packard Company)
IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6225.0 - IDT)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)
Java 7 Update 67 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (Version: 2.1.67.1 - Oracle, Inc.) Hidden
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JMicron Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.32.1 - JMicron Technology Corp.)
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
K-Lite Mega Codec Pack 10.1.9 (HKLM\...\KLiteCodecPack_is1) (Version: 10.1.9 - )
LastPass (uninstall only) (HKLM\...\LastPass) (Version:  - LastPass)
Mal Updater 2.96 (HKLM\...\{07E900C8-D1E3-4C24-AC9F-7FE3C1AE19A2}_is1) (Version:  - Eden.fm)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (ARA) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MP3 Skype recorder (HKLM\...\{2950ED4F-18AD-4571-9045-27D6EBF62320}) (Version: 4.3.0.0 - Alexander Nikiforov)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyImgur 3.75 (HKLM\...\{2C08A2AE-BF6F-4100-95AF-8A6CCF379EF1}_is1) (Version: 3.75 - Eden.fm)
NetWorx 5.3.3 (HKLM\...\NetWorx_is1) (Version:  - Softperfect Research)
Notepad++ (HKLM\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
Notepad++ Packages (HKCU\...\Notepad++ Packages) (Version:  - ) <==== ATTENTION
OpenOffice 4.1.1 (HKLM\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Opera Stable 24.0.1558.64 (HKLM\...\Opera 24.0.1558.64) (Version: 24.0.1558.64 - Opera Software ASA)
Pando Media Booster (HKLM\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
Pandora Service (HKLM\...\4F6D5E84-5826-4394-9F40-3A9A19165651_is1) (Version:  - Pandora.TV)
PDF Settings CS6 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerISO (HKLM\...\PowerISO) (Version: 5.8 - Power Software Ltd)
QT Lite 4.1.0 (HKLM\...\quicktime_lite_is1) (Version: 4.1.0 - )
Real Alternative 2.0.2 (HKLM\...\RealAlt_is1) (Version: 2.0.2 - )
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0009 - Realtek)
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.20 (HKLM\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.20.104 - Skype Technologies S.A.)
TeamViewer 9 (HKLM\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
The KMPlayer (remove only) (HKLM\...\The KMPlayer) (Version: 3.5.0.77 - KMP Media co., Ltd)
TuneUp Utilities 2013 (HKLM\...\TuneUp Utilities 2013) (Version: 13.0.2013.194 - TuneUp Software)
TuneUp Utilities 2013 (Version: 13.0.2013.194 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (en-US) (Version: 13.0.2013.194 - TuneUp Software) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Yahoo! Messenger (HKLM\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
YouWave for Android (HKLM\...\YouWave) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1936142437-152300033-1077055761-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\M-Ezz\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1936142437-152300033-1077055761-1000_Classes\CLSID\{31261F21-2B16-45EE-BEAB-07C4CFA18B65}\InprocServer32 -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CustomCLSID: HKU\S-1-5-21-1936142437-152300033-1077055761-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\M-Ezz\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1936142437-152300033-1077055761-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\M-Ezz\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1936142437-152300033-1077055761-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\M-Ezz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:04 - 2014-10-13 07:46 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {52CF577E-6525-4341-9D32-20ECC1D8F2E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {5F895B4D-B46B-435A-97D3-9194A9C6642F} - System32\Tasks\Google Updater and Installer => C:\Users\M-Ezz\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {62D07089-40B2-4BA8-BD47-F53461626380} - System32\Tasks\CLMLSvc => c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2009-09-16] (CyberLink)
Task: {7A6921B8-9F06-4AE8-9EFA-BC2555C5A7BA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-17] (Google Inc.)
Task: {823D3E46-64D4-4F00-AA47-E1E432437D11} - System32\Tasks\{A974080B-6633-4F44-9328-0C04FD5D0D42} => Chrome.exe http://ui.skype.com/ui/0/6.11.59.102/en/go/help.faq.installer?LastError=1638
Task: {8602FECC-7AA0-43F4-A42E-FCA08BC1069E} - System32\Tasks\DivX online update program => C:\Program Files\DivX\DivX Update\DivXUpdate.exe
Task: {9B75F258-3B45-4E5F-9D50-3A686411061B} - System32\Tasks\{AB4A113C-1BD5-4F9A-B4A0-7144B88F1456} => Chrome.exe http://ui.skype.com/ui/0/6.11.0.102/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {9BF4900F-BE5F-4F18-ADD2-A5794A087503} - System32\Tasks\Opera scheduled Autoupdate 1413176495 => C:\Program Files\Opera\launcher.exe [2014-09-25] (Opera Software)
Task: {A305B62F-18E9-47AC-8FC5-9CEDADB04565} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {A5668368-4A10-4A09-92A5-211FF1382001} - System32\Tasks\AdobeAAMUpdater-1.0-M-Ezz-PC-M-Ezz => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {AFED4829-3C2B-4A9E-ACFF-894E2D373E46} - System32\Tasks\HPCeeScheduleForM-Ezz => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {BE16F02E-DE54-435F-84A7-646C4E02ADEE} - System32\Tasks\DVDAgent => C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
Task: {C1DA7362-1062-40CE-B827-9CC07F8EA7A2} - System32\Tasks\{19A03CFE-5F79-42F0-B1C4-FB41C707975C} => Chrome.exe http://ui.skype.com/ui/0/6.11.59.102/en/go/help.faq.installer?LastError=1638
Task: {DFD274A9-9949-4C2A-9A1E-92D86D8A917F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1936142437-152300033-1077055761-1000UA => C:\Users\M-Ezz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-29] (Facebook Inc.)
Task: {E1B2B64F-30FB-4A39-8D17-8870E8F96AA7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1936142437-152300033-1077055761-1000Core => C:\Users\M-Ezz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-07-29] (Facebook Inc.)
Task: {E94455EE-EDEE-4FE5-A923-8A1C0EC2A5BC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F09AB4A7-F088-40D8-A1EA-051F0FE272FA} - System32\Tasks\{5BA794F2-0AAA-4C20-9C2A-7289AC231A40} => Chrome.exe http://ui.skype.com/ui/0/6.11.0.102/en/go/help.faq.installer?source=lightinstaller&LastError=1638
Task: {F4152196-4A91-4B60-8FBD-57081E896254} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-17] (Google Inc.)
Task: {F95A9BAB-58EC-4244-87EB-5A3FCCAAA79C} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files\TuneUp Utilities 2013\OneClick.exe [2012-09-17] (TuneUp Software)
Task: {FCDCECDD-F2CC-4361-919B-F5FDE3334B11} - System32\Tasks\{EB6CC482-57D1-4DA2-BA31-149FC2256633} => Chrome.exe http://ui.skype.com/ui/0/6.11.59.102/en/go/help.faq.installer?LastError=1638
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1936142437-152300033-1077055761-1000Core.job => C:\Users\M-Ezz\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1936142437-152300033-1077055761-1000UA.job => C:\Users\M-Ezz\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForM-Ezz.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-26 08:42 - 2014-08-13 11:47 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender\txmlutil.dll
2013-12-26 08:42 - 2014-08-13 11:38 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\accessl.ui
2013-12-26 08:42 - 2011-11-14 19:17 - 00132176 _____ () C:\Program Files\Bitdefender\Bitdefender\bdfwcore.dll
2013-12-26 08:42 - 2014-08-13 11:38 - 00004608 _____ () C:\Program Files\Bitdefender\Bitdefender\UI\IMSecurityAL.ui
2014-07-24 10:02 - 2014-07-24 10:02 - 00676568 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00040_016\ashttpbr.mdl
2014-07-24 10:02 - 2014-07-24 10:02 - 00490144 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00040_016\ashttpdsp.mdl
2014-07-24 10:02 - 2014-07-24 10:02 - 02138096 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00040_016\ashttpph.mdl
2014-07-24 10:02 - 2014-07-24 10:02 - 01128744 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00040_016\ashttprbl.mdl
2014-07-24 10:02 - 2014-07-24 10:02 - 02496560 _____ () C:\Program Files\Bitdefender\Bitdefender\otengines_00040_016\ashttpf.mdl
2013-05-09 03:30 - 2013-06-07 03:06 - 01147392 _____ () C:\Program Files\Atomic Alarm Clock\Clock.dll
2010-01-20 16:20 - 2010-01-20 16:20 - 00568888 ____N () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
2013-09-13 19:47 - 2014-06-06 15:40 - 00559104 _____ () C:\Program Files\NetWorx\sqlite.dll
2013-09-21 19:11 - 2013-09-13 09:41 - 00105344 _____ () C:\Program Files\NetWorx\nfapi.dll
2013-12-26 08:41 - 2014-08-13 11:41 - 00095088 _____ () C:\Program Files\Bitdefender\Bitdefender\bdmetrics.dll
2014-02-07 14:36 - 2012-11-08 20:17 - 01433200 _____ () C:\Program Files\Ditto\Ditto.exe
2009-09-16 17:42 - 2009-09-16 17:42 - 00931112 _____ () c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
2014-10-04 03:30 - 2014-10-04 08:11 - 03061248 _____ () c:\MyImgur\MyImgur.exe
2014-10-13 07:19 - 2014-10-01 07:54 - 01042760 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.101\libglesv2.dll
2014-10-13 07:19 - 2014-10-01 07:54 - 00211272 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.101\libegl.dll
2014-10-13 07:19 - 2014-10-01 07:54 - 08911176 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.101\pdf.dll
2014-10-13 07:19 - 2014-10-01 07:54 - 01681224 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.101\ffmpegsumo.dll
2014-10-13 07:19 - 2014-10-01 07:54 - 14891848 _____ () C:\Program Files\Google\Chrome\Application\38.0.2125.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\M-Ezz\Downloads\ComboFix.exe:BDU
AlternateDataStreams: C:\Users\M-Ezz\Downloads\FRST.exe:BDU
AlternateDataStreams: C:\Users\M-Ezz\Downloads\HitmanPro.exe:BDU
AlternateDataStreams: C:\Users\M-Ezz\Downloads\JRT.exe:BDU
AlternateDataStreams: C:\Users\M-Ezz\Downloads\MyImgur375.exe:BDU
AlternateDataStreams: C:\Users\M-Ezz\Downloads\tdsskiller.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1936142437-152300033-1077055761-500 - Administrator - Disabled)
Guest (S-1-5-21-1936142437-152300033-1077055761-501 - Limited - Enabled)
M-Ezz (S-1-5-21-1936142437-152300033-1077055761-1000 - Administrator - Enabled) => C:\Users\M-Ezz
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/13/2014 00:44:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 38.0.2125.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 17fc
 
Start Time: 01cfe6cfc32045f4
 
Termination Time: 37
 
Application Path: C:\Program Files\Google\Chrome\Application\chrome.exe
 
Report Id: f43dfdf6-52c5-11e4-bcc9-00247e57fd23
 
Error: (10/13/2014 11:50:20 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x8007043c, This service cannot be started in Safe Mode
.
 
 
Operation:
   Instantiating VSS server
 
Error: (10/13/2014 11:50:20 AM) (Source: VSS) (EventID: 18) (User: )
Description: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name IVssCoordinatorEx2 cannot be started during Safe Mode.
The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c, This service cannot be started in Safe Mode
]
 
 
Operation:
   Instantiating VSS server
 
 
System errors:
=============
Error: (10/13/2014 00:22:05 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/13/2014 00:20:34 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Security Center service terminated with the following error: 
%%1747
 
Error: (10/13/2014 00:18:32 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/13/2014 00:04:36 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/13/2014 00:01:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (10/13/2014 00:01:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (10/13/2014 00:01:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (10/13/2014 00:01:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (10/13/2014 00:01:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (10/13/2014 00:01:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
 
Microsoft Office Sessions:
=========================
Error: (10/13/2014 00:44:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe38.0.2125.10117fc01cfe6cfc32045f437C:\Program Files\Google\Chrome\Application\chrome.exef43dfdf6-52c5-11e4-bcc9-00247e57fd23
 
Error: (10/13/2014 11:50:20 AM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x8007043c, This service cannot be started in Safe Mode
 
 
Operation:
   Instantiating VSS server
 
Error: (10/13/2014 11:50:20 AM) (Source: VSS) (EventID: 18) (User: )
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x8007043c, This service cannot be started in Safe Mode
 
 
Operation:
   Instantiating VSS server
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-10-13 13:33:40.607
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-13 13:33:33.835
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-13 13:16:40.699
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-13 13:16:09.962
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-13 13:14:23.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-13 13:12:37.007
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-13 13:11:48.980
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-13 13:11:00.492
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-13 13:02:59.681
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-10-13 13:02:28.758
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aestaren.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core2 Duo CPU P7450 @ 2.13GHz
Percentage of memory in use: 65%
Total physical RAM: 3002.96 MB
Available physical RAM: 1043.44 MB
Total Pagefile: 6004.21 MB
Available Pagefile: 3484.14 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.15 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:77.56 GB) (Free:46.61 GB) NTFS
Drive d: () (Fixed) (Total:416.93 GB) (Free:43.4 GB) NTFS
Drive e: () (Fixed) (Total:416.93 GB) (Free:14.6 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A8DB17AC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=77.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=416.9 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=436.9 GB) - (Type=OF Extended)
 
==================== End Of Log ============================
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

1. Please run a Threat Scan with Malwarebytes

Start Malwarebytes 2.0..........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

2. Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button and post the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running. Create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

If I don't respond within 24 hours, please send me a PM

Link to post
Share on other sites
Ezz

Ezz

Posted
  • Author
Posted
I use Utorrent yes i will exit it completely i guess. I use it to keep updated with RSS feeds though i can't run it at all till we finish? 
 
and i use open office and free alternative's anyway so there is nothing of that sort here.
 
here is Malwarebytes Log
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/13/2014
Scan Time: 11:34:31 PM
Logfile: MalwareBytes txt Log.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.13.09
Rootkit Database: v2014.10.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: M-Ezz
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335797
Time Elapsed: 27 min, 35 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
-----------------
 
going to do the other scan now, couldn't Turn off bitdefender , do i redo the scan again while turning off firewall and stuff?
also tuneup is running, Bluetooth and wifi and touchpad software 

----------------------
RogueKiller V10.0.1.0 [Oct 10 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : M-Ezz [Administrator]
Mode : Scan -- Date : 10/14/2014  00:51:59
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 17 ¤¤¤
[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\M-Ezz\AppData\Local\Temp\catchme.sys) -> Found
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\M-Ezz\AppData\Local\Temp\catchme.sys) -> Found
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\catchme (\??\C:\Users\M-Ezz\AppData\Local\Temp\catchme.sys) -> Found
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-1936142437-152300033-1077055761-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 31.3.252.86 31.3.252.80  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 31.3.252.86 31.3.252.80  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 31.3.252.86 31.3.252.80  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D2D8D6EB-7D29-4F0B-9194-5604A31F6D2C} | DhcpNameServer : 31.3.252.86 31.3.252.80  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{D2D8D6EB-7D29-4F0B-9194-5604A31F6D2C} | DhcpNameServer : 31.3.252.86 31.3.252.80  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{D2D8D6EB-7D29-4F0B-9194-5604A31F6D2C} | DhcpNameServer : 31.3.252.86 31.3.252.80  -> Found
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ATA WDC WD10JPVT-75A SCSI Disk Device +++++
--- User ---
[MBR] d11a970097cbae3af06efd14d3dd430a
[bSP] 23c89e734a63f10d6ead8562213cbf02 : Linux MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 79419 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 162859832 | Size: 426933 MB
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1037221886 | Size: 447412 MB
User = LL1 ... OK
User = LL2 ... OK

 
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

OK, lets run some scans:

Make sure you have created a restore point and.....

bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ============================

    Please download AdwCleaner from HERE or HERE to your desktop.

    • Double click on AdwCleaner.exe to run the tool.

      Vista/Windows 7/8 users right-click and select Run As Administrator

    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.

    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next.........

    Please run a Threat Scan (Malwarebytes)

    Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

    Same for PUM (Potentially Unwanted Modifications)

    Quarantine All that's found

    MrC

Link to post
Share on other sites
Ezz

Ezz

Posted
  • Author
Posted

Did a Registry backup with Delfix tool 

I tried AdwCleaner before but I'm trying it again now ofc

here is the Before cleaning report 
----------------------------------------

# AdwCleaner v4.000 - Report created 14/10/2014 at 04:56:14
# Updated 12/10/2014 by Xplode
# Database : 2014-10-13.5
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : M-Ezz - M-EZZ-PC
# Running from : C:\Users\M-Ezz\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
 
-\\ Google Chrome v38.0.2125.101
 
 
*************************
 
AdwCleaner[R1].txt - [2725 octets] - [10/10/2014 17:00:07]
AdwCleaner[R2].txt - [1185 octets] - [10/10/2014 17:13:51]
AdwCleaner[R3].txt - [1184 octets] - [10/10/2014 17:19:32]
AdwCleaner[R4].txt - [357 octets] - [13/10/2014 06:39:38]
AdwCleaner[R5].txt - [1581 octets] - [13/10/2014 06:39:44]
AdwCleaner[R6].txt - [1257 octets] - [13/10/2014 06:51:26]
AdwCleaner[R7].txt - [1123 octets] - [14/10/2014 04:56:14]
AdwCleaner[s1].txt - [2686 octets] - [10/10/2014 17:03:14]
AdwCleaner[s2].txt - [1249 octets] - [10/10/2014 17:15:53]
AdwCleaner[s3].txt - [1246 octets] - [10/10/2014 17:22:00]
AdwCleaner[s4].txt - [1645 octets] - [13/10/2014 06:47:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R7].txt - [1423 octets] ##########


--------------------------------------------
will post the after one after cleaning and rebooting
Link to post
Share on other sites
Ezz

Ezz

Posted
  • Author
Posted
The After one 
 
 
# AdwCleaner v4.000 - Report created 14/10/2014 at 05:12:04
# DB v2014-10-13.5
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : M-Ezz - M-EZZ-PC
# Running from : C:\Users\M-Ezz\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\M-Ezz\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
 
-\\ Google Chrome v38.0.2125.101
 
 
*************************
 
AdwCleaner[R1].txt - [2725 octets] - [10/10/2014 17:00:07]
AdwCleaner[R2].txt - [1185 octets] - [10/10/2014 17:13:51]
AdwCleaner[R3].txt - [1184 octets] - [10/10/2014 17:19:32]
AdwCleaner[R4].txt - [357 octets] - [13/10/2014 06:39:38]
AdwCleaner[R5].txt - [1581 octets] - [13/10/2014 06:39:44]
AdwCleaner[R6].txt - [1257 octets] - [13/10/2014 06:51:26]
AdwCleaner[R7].txt - [1503 octets] - [14/10/2014 04:56:14]
AdwCleaner[s1].txt - [2686 octets] - [10/10/2014 17:03:14]
AdwCleaner[s2].txt - [1249 octets] - [10/10/2014 17:15:53]
AdwCleaner[s3].txt - [1246 octets] - [10/10/2014 17:22:00]
AdwCleaner[s4].txt - [1645 octets] - [13/10/2014 06:47:00]
AdwCleaner[s5].txt - [1419 octets] - [14/10/2014 05:12:04]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s5].txt - [1479 octets] ##########
 
 
----------------------------------------------------
 
This Removed my Bitly Chrome extension i had that for a long time now i doubt its the problem. i won't re-add it ofc and till you tell me its safe and such : D 
 
 
*Disabling Bitdefender everything's now*
Going to Run JRT 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Ultimate x86
Ran by M-Ezz on Tue 10/14/2014 at  5:32:05.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 10/14/2014 at  5:38:18.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Link to post
Share on other sites
Ezz

Ezz

Posted
  • Author
Posted

Sorry had to go out for a while but here is the Threat scan with Malwarebytes 
--------------------------------------------------------------------------
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/14/2014
Scan Time: 10:39:10 AM
Logfile: MWB 2nd Scan.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.10.14.07
Rootkit Database: v2014.10.11.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: M-Ezz
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338774
Time Elapsed: 32 min, 33 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

OK...Next:

Make sure you have created that system restore point before you continue!

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Please download the latest version of TDSSKiller from HERE and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters. (Leave the KSN box checked)

    tds2.jpg

  • Put a checkmark beside loaded modules.

    13040712472913819.png

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.

    clip.jpg

  • Click the Start Scan button.

    tds2.jpg

  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    tdsskiller_guide_5.gif

    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

    If in doubt about an entry....please ask or choose Skip

  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.

    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    tdsskiller_guide_3.gif

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Then...........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

http://www.bleepingcomputer.com/download/combofix/dl/12/ <---ComboFix direct download

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites
Ezz

Ezz

Posted
  • Author
Posted

Thank you for your help I'm exactly doing what you're saying, but i tried checking youtube in different browsers just in case maybe narrowing down the problem. so the problem persisted on all IE, Chrome, Firefox and opera as i suspected would happen. What was a bit surprising though is when i tried Bitdefender SafePay .. youtube did the same..
Weirdly enough though is when i restarted and went to ubuntu (I have it dual booted) Chrome there did the exact same thing!! is that possible?!
I thought its a problem with my account then. So i logged in a different account but it did the same thing! 
I searched Google for other people having such problems.. got nothing
Asked Friends to check it but seems normally with them.. 
can it be a problem with my Router or something? I'm a bit confused here to how can this persist on even Ubuntu!!

I'll attach The TDSSKiller logs
Only two unsigned files where found for programs I'm Familiar with. Skipped them.

Well scan with combofix now

TDSSKiller.3.0.0.40_14.10.2014_22.38.28_log.txt

TDSSKiller.3.0.0.40_14.10.2014_22.43.15_log.txt

Link to post
Share on other sites
Ezz

Ezz

Posted
  • Author
Posted

Disabled bitdefender's firewall, antivirus, antispam and even update now
============

Here is the Log that popped up, And i attached the ComboFix.txt
==============
 

ComboFix 14-10-13.01 - M-Ezz 10/14/2014  23:13:21.4.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3003.1116 [GMT 2:00]
Running from: c:\users\M-Ezz\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Disabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
FW: Bitdefender Firewall *Disabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
SP: Bitdefender Antispyware *Disabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-14 to 2014-10-14  )))))))))))))))))))))))))))))))
.
.
2014-10-14 21:25 . 2014-10-14 21:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-10-14 21:25 . 2014-10-14 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-14 08:36 . 2014-10-14 08:36 -------- d-----w- c:\users\M-Ezz\AppData\Local\CrashDumps
2014-10-13 22:43 . 2014-10-13 22:45 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-13 22:43 . 2014-10-13 22:43 -------- d-----w- c:\programdata\RogueKiller
2014-10-13 11:34 . 2014-10-13 11:37 -------- d-----w- C:\FRST
2014-10-13 05:50 . 2014-10-14 21:25 -------- d-----w- c:\users\M-Ezz\AppData\Local\temp
2014-10-13 05:16 . 2014-10-13 05:16 -------- d-----w- c:\program files\HitmanPro
2014-10-13 05:16 . 2014-10-13 10:58 -------- d-----w- c:\programdata\HitmanPro
2014-10-13 05:13 . 2014-10-14 02:53 -------- d-----w- c:\windows\ERUNT
2014-10-13 05:10 . 2014-10-13 05:10 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-10-13 05:01 . 2014-10-13 05:01 -------- d-----w- c:\users\M-Ezz\AppData\Roaming\Opera Software
2014-10-13 05:01 . 2014-10-13 05:01 -------- d-----w- c:\users\M-Ezz\AppData\Local\Opera Software
2014-10-13 05:01 . 2014-10-13 05:01 -------- d-----w- c:\program files\Opera
2014-10-13 04:58 . 2014-10-13 04:58 -------- d--h--w- c:\windows\msdownld.tmp
2014-10-13 04:34 . 2014-10-13 04:34 385096 ----a-w- c:\windows\system32\drivers\trufos.sys
2014-10-10 22:57 . 2014-10-10 22:57 -------- d-----w- c:\users\M-Ezz\AppData\Roaming\LavasoftStatistics
2014-10-10 15:02 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-10-10 15:00 . 2014-10-14 03:12 -------- d-----w- C:\AdwCleaner
2014-10-10 11:11 . 2014-10-01 09:11 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-10 11:11 . 2014-10-01 09:11 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-10 11:11 . 2014-10-01 09:11 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-10 11:11 . 2014-10-13 21:22 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-10-10 10:49 . 2014-10-14 08:39 114904 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2014-10-10 10:49 . 2014-10-10 11:11 -------- d-----w- c:\programdata\Malwarebytes
2014-10-10 10:49 . 2014-10-10 10:49 -------- d-----w- c:\users\M-Ezz\AppData\Roaming\Malwarebytes
2014-10-04 18:00 . 2014-10-04 18:00 66832 ----a-w- c:\windows\system32\drivers\bdsandbox.sys
2014-10-04 07:18 . 2014-10-04 07:18 -------- d-----w- c:\program files\Common Files\Skype
2014-10-04 07:18 . 2014-10-04 07:18 -------- d-----r- c:\program files\Skype
2014-10-04 07:05 . 2014-10-04 07:05 -------- d-----w- c:\program files\Common Files\Java
2014-10-04 07:05 . 2014-10-04 07:05 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-04 01:34 . 2014-10-11 17:27 -------- d-----w- c:\programdata\Baidu Security
2014-10-04 01:30 . 2014-10-13 10:50 -------- d-----w- C:\MyImgur
2014-10-04 01:24 . 2014-10-04 01:24 -------- d-----w- c:\programdata\Apple Computer
2014-10-04 01:21 . 2014-10-04 01:21 -------- d-----w- c:\users\M-Ezz\AppData\Roaming\0F1L1I1P0H1L1E1E1F
2014-10-04 01:13 . 2014-10-04 01:13 -------- d-----w- c:\programdata\IsolatedStorage
2014-10-03 03:47 . 2010-07-04 17:07 238952 ----a-w- c:\windows\system32\FsUsbExService.Exe
2014-10-03 03:47 . 2010-06-14 07:32 36608 ----a-w- c:\windows\system32\FsUsbExDisk.Sys
2014-10-03 03:47 . 2010-06-14 07:32 110592 ----a-w- c:\windows\system32\FsUsbExDevice.Dll
2014-10-03 01:15 . 2014-10-10 10:55 -------- d-----w- c:\users\M-Ezz\AppData\Local\Samsung
2014-10-03 01:15 . 2014-10-10 10:55 -------- d-----w- c:\users\M-Ezz\AppData\Roaming\Samsung
2014-10-03 00:16 . 2014-04-30 17:43 144664 ----a-w- c:\windows\system32\secman.dll
2014-10-03 00:16 . 2014-04-30 17:43 4659712 ----a-w- c:\windows\system32\Redemption.dll
2014-10-03 00:16 . 2014-04-30 17:47 821824 ----a-w- c:\windows\system32\dgderapi.dll
2014-10-03 00:16 . 2014-10-10 10:55 -------- d-----w- c:\program files\Samsung
2014-10-03 00:16 . 2014-10-10 10:55 -------- d-----w- c:\programdata\Samsung
2014-10-01 19:51 . 2014-09-25 01:40 519680 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:12 . 2014-09-09 21:47 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-31 16:13 . 2012-07-17 12:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 01:46 . 2014-08-31 16:25 305152 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 00:42 . 2014-08-31 16:25 2352640 ----a-w- c:\windows\system32\win32k.sys
2014-08-18 22:08 . 2014-09-12 17:30 4232704 ----a-w- c:\windows\system32\jscript9.dll
2014-08-18 21:57 . 2014-09-12 17:30 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-08-18 21:57 . 2014-09-12 17:30 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-08-18 21:46 . 2014-09-12 17:30 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-08-18 21:45 . 2014-09-12 17:30 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-08-18 21:44 . 2014-09-12 17:30 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-08-18 21:44 . 2014-09-12 17:30 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-08-18 21:36 . 2014-09-12 17:30 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-08-18 21:36 . 2014-09-12 17:30 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-08-18 21:35 . 2014-09-12 17:30 597504 ----a-w- c:\windows\system32\jscript9diag.dll
2014-08-18 21:30 . 2014-09-12 17:30 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 21:22 . 2014-09-12 17:30 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 21:08 . 2014-09-12 17:30 2014208 ----a-w- c:\windows\system32\inetcpl.cpl
2014-08-18 21:07 . 2014-09-12 17:30 1068032 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-08-18 20:46 . 2014-09-12 17:30 1812992 ----a-w- c:\windows\system32\wininet.dll
2014-08-13 09:50 . 2014-08-13 09:50 74512 ----a-w- c:\windows\system32\bdsandboxuiskin.dll
2014-08-13 09:48 . 2014-08-13 09:48 1060312 ----a-w- c:\windows\system32\drivers\avc3.sys
2014-08-13 09:41 . 2013-11-13 20:08 27168 ----a-w- c:\windows\system32\bdsandboxuh.dll
2014-08-13 09:38 . 2013-12-26 06:41 528248 ----a-w- c:\windows\system32\drivers\avckf.sys
2014-08-12 23:00 . 2014-08-12 23:00 4575232 ----a-w- c:\windows\system32\GPhotos.scr
2014-08-01 12:12 . 2013-09-21 17:11 55288 ----a-w- c:\windows\system32\drivers\networx.sys
2014-08-01 11:35 . 2014-09-12 17:00 793600 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-07-24 23:35 . 2014-07-24 23:35 875688 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2013-04-22 09:03 . 2013-04-22 09:03 11019776 ----a-w- c:\program files\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 07:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 07:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 07:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 07:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 07:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 07:34 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mal Updater 2"="c:\program files\Mal Updater 2\MalUpdater.exe" [2000-12-31 2300416]
"AtomicAlarmClock6"="c:\program files\Atomic Alarm Clock\AtomicAlarmClock.exe" [2013-08-06 3617792]
"MyImgur"="c:\myimgur\MyImgur.exe" [2014-10-04 3061248]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2012-11-08 1433200]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2014-08-13 615256]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-08-13 482392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-09-01 499768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 568888]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"NetWorx"="c:\program files\NetWorx\networx.exe" [2014-10-01 4460240]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2014-10-13 1915616]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-05-14 282624]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-08-13 482392]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2014-08-13 901608]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2014-08-13 615256]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-04-19 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP3 Skype recorder]
2014-02-10 18:43 1551872 ----a-w- c:\users\M-Ezz\AppData\Local\MP3 Skype recorder\MP3SkypeRecorder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2013-09-16 02:12 4287536 ------w- c:\program files\Pando Networks\Media Booster\PMB.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"Skype"="c:\program files\Skype\Phone\Skype.exe" /minimized /regrun
"Facebook Update"="c:\users\M-Ezz\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" /autostart
"IDMan"=c:\program files\Internet Download Manager\IDMan.exe /onboot
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
"SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2014-08-13 528248]
R3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2014-10-04 66832]
R3 BHipsEx;Baidu HipsEx Driver;c:\windows\System32\drivers\BHipsEx.sys [x]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys [x]
R3 btwampfl;btwampfl;c:\windows\system32\DRIVERS\btwampfl.sys [2013-08-09 144600]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2013-09-26 23456]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-08-18 108032]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-07-22 116136]
R3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2013-04-19 6758912]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 PCFApiUtil;PCFApiUtil;c:\program files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-09-19 98432]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-09-19 14848]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-09-19 123648]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2013-04-18 1343400]
R3 XDva404;XDva404;c:\windows\system32\XDva404.sys [x]
R4 AtomicAlarmClock;Atomic Alarm Clock Time;c:\program files\Atomic Alarm Clock\timeserv.exe [2013-04-24 2007040]
R4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\Bitdefender\Bitdefender\bdparentalservice.exe [2014-08-13 69880]
R4 bdfwfpf_pc;bdfwfpf_pc;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [2013-07-02 108008]
R4 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
R4 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\KMPService.exe [2013-07-08 1922600]
S0 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2014-08-13 1060312]
S0 gzflt;gzflt;c:\windows\system32\DRIVERS\gzflt.sys [2013-08-23 165744]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2013-03-05 527344]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2013-03-05 26096]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2013-02-22 16880]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2014-05-22 77632]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2011-11-14 90704]
S1 networx;networx;c:\windows\system32\drivers\networx.sys [2014-08-01 55288]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
S2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe [2013-10-28 1680088]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-07-04 238952]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2012-09-24 27968]
S2 TeamViewer9;TeamViewer 9;c:\program files\TeamViewer\Version9\TeamViewer_Service.exe [2014-09-12 4799760]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2012-09-17 1699680]
S2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\Bitdefender\Bitdefender\updatesrv.exe [2014-08-13 54424]
S2 VBoxDrv;VBox Support Driver;c:\program files\YouWave Android\vb\VBoxDrv.sys [2014-03-30 142720]
S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [2012-11-02 242504]
S3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys [2013-10-28 175320]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-12-25 65360]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-06-14 36608]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 122880]
S3 NETwNs32;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2013-07-10 7530736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2013-04-19 189440]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [2012-08-29 10088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 10817885
*Deregistered* - 10817885
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-13 05:19 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2000-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-09 03:02]
.
2013-10-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1936142437-152300033-1077055761-1000Core.job
- c:\users\M-Ezz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-19 09:17]
.
2013-10-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1936142437-152300033-1077055761-1000UA.job
- c:\users\M-Ezz\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-19 09:17]
.
2000-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-17 21:27]
.
2000-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-17 21:27]
.
2014-09-29 c:\windows\Tasks\HPCeeScheduleForM-Ezz.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
------- Supplementary Scan -------
.
mStart Page = about:blank
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 31.3.252.86 31.3.252.80
FF - ProfilePath - c:\users\M-Ezz\AppData\Roaming\Mozilla\Firefox\Profiles\pzyhtskd.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-10817885.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1936142437-152300033-1077055761-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1936142437-152300033-1077055761-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4232)
c:\program files\Atomic Alarm Clock\Clock.dll
.
Completion time: 2014-10-14  23:27:08
ComboFix-quarantined-files.txt  2014-10-14 21:27
ComboFix2.txt  2014-10-13 10:01
ComboFix3.txt  2014-10-13 05:50
.
Pre-Run: 47,224,856,576 bytes free
Post-Run: 47,183,896,576 bytes free
.
- - End Of File - - C45558639A565E9728758F4429FB605F
8E734BD7AA1D4F7E9AF58DF495F6CF9E
 

ComboFix.txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please download and run AVAST-Browser-Cleanup: (let it clean what it finds)

http://files.avast.com/files/tools/avast-browser-cleanup.exe <----AVAST browser cleanup

==================

Clear the Java cache:

https://www.java.com/en/download/help/plugin_cache.xml

=================

Clean out temp files:

Download TFC from here and save it to your desktop.

http://oldtimer.geekstogo.com/TFC.exe

http://www.bleepingcomputer.com/download/tfc/dl/92/

Close any open programs and Internet browsers.

Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.

Please be patient as clearing out temp files may take a while.

Once it completes you may be prompted to restart your computer, please do so.

Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

===============

Then...........

Please run a free online scan with the ESET Online Scanner (it may take a while to run)

Note: You will need to use Internet Explorer for this scan.

First please Disable any Antivirus you have active, as shown in This Topic

Note: Don't forget to re-enable it after the scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats is unchecked and the option Scan unsafe applications is checked

Click Advanced settings and select the following:

ceba8c51-8f88-44b9-ad41-5f07ba8351b1.png

Click Start

Wait for the scan to finish

If threats were found:

Click on "list of threats found"

Click on "export to text file" and save it as ESET SCAN and save to the desktop

Click on back

Put a checkmark in "Uninstall application on close"

Click on finish

Post back the log.....MrC

Link to post
Share on other sites
Ezz

Ezz

Posted
  • Author
Posted

Avast browser tool found nothing 

Deleted Java's 

and TFC Removed 111 MB files 

*will scan with ESET now*

--------
I'm now sure you're not seeing what i type or not , but it would be helpful if u answered me this, Thanks in advance.

Thank you for your help I'm exactly doing what you're saying, but i tried checking youtube in different browsers just in case maybe narrowing down the problem. so the problem persisted on all IE, Chrome, Firefox and opera as i suspected would happen. What was a bit surprising though is when i tried Bitdefender SafePay .. youtube did the same..
Weirdly enough though is when i restarted and went to ubuntu (I have it dual booted) Chrome there did the exact same thing!! is that possible?!
I thought its a problem with my account then. So i logged in a different account but it did the same thing! 
I searched Google for other people having such problems.. got nothing
Asked Friends to check it but seems normally with them.. 
can it be a problem with my Router or something? I'm a bit confused here to how can this persist even on Ubuntu!!
 

Link to post
Share on other sites
Ezz

Ezz

Posted
  • Author
Posted

Oh i sorta started doubting its a virus/malware to begin with :'D 

sorry for the wait the scan took 6 hours to finish ~_~

here 
=============

C:\Users\M-Ezz\AppData\Local\PMB Files\Upgrade41270\PMB_updater.exe Win32/InstallCore.GI potentially unwanted application
C:\Users\M-Ezz\AppData\Roaming\0F1L1I1P0H1L1E1E1F\Notepad++ Packages\uninstaller.exe Win32/InstallCore.PC potentially unwanted application
C:\Windows\Installer\MSIC194.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application
D:\New folder\Programs\After Windows xD\teracopy227-oc-jd.exe Win32/JoyDownloader.D potentially unwanted application
D:\New folder\Programs\After Windows xD\Media Players\GOMPLAYERENSETUP.EXE Win32/OpenCandy potentially unsafe application
D:\New folder\Programs\After Windows xD\Media Players\Kmplayer 3.5.0.77.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
D:\New folder\Programs\DriverPack Solution\Soft\Remote\Ammyy.exe a variant of Win32/RemoteAdmin.Ammyy.B potentially unsafe application
D:\Program files\disk-defrag-setup.exe Win32/InstallMonetizer.AQ potentially unwanted application
D:\Program files\PowerISO5.exe Win32/Toolbar.Conduit.R potentially unwanted application
D:\Program files\ViberSetup.exe Win32/Toolbar.SearchSuite.P potentially unwanted application
D:\Program files\Drivers\cbsidlm-cbsi183-Intel_Chipset_Driver_7221006zip-ORG-162211.exe a variant of Win32/CNETInstaller.B potentially unwanted application
D:\Programs\epm.exe Win32/OpenCandy potentially unsafe application
D:\Programs\Media Players\Kmplayer 3.5.0.77.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please manually delete these:

C:\Users\M-Ezz\AppData\Local\PMB Files\Upgrade41270\PMB_updater.exe
C:\Users\M-Ezz\AppData\Roaming\0F1L1I1P0H1L1E1E1F\Notepad++ Packages\uninstaller.exe
C:\Windows\Installer\MSIC194.tmp
D:\New folder\Programs\After Windows xD\teracopy227-oc-jd.exe
D:\New folder\Programs\After Windows xD\Media Players\GOMPLAYERENSETUP.EXE
D:\New folder\Programs\After Windows xD\Media Players\Kmplayer 3.5.0.77.exe
D:\New folder\Programs\DriverPack Solution\Soft\Remote\Ammyy.exe
D:\Program files\disk-defrag-setup.exe Win32/InstallMonetizer.AQ
D:\Program files\PowerISO5.exe 
D:\Program files\ViberSetup.exe 
D:\Program files\Drivers\cbsidlm-cbsi183-Intel_Chipset_Driver_7221006zip-ORG-162211.exe
D:\Programs\epm.exe 
D:\Programs\Media Players\Kmplayer 3.5.0.77.exe
 
Any questions about the files............
you can upload the file to VirusTotal for a free scan.
 
=================================

I would disable AdBlock and see if the ads all have something in common or they're just random ads.

MrC

Link to post
Share on other sites
Ezz

Ezz

Posted
  • Author
Posted

so The box is still appearing sometimes white other times it shows stuff i was usually checking on other sites .. like shopping for them or stuff
I wanted to buy a new phone so was checking Online sites (Egyptians..) so the ads was actually showing me the same sites i was checking Souq.com and Yashry.com sometimes Even the product i viewd (phones) 

Here i was checking Souq when it showed unrelated Yashry products -.-' lol 
http://i.imgur.com/CiuSSFo.png

Here was still white (adblock disabled since) 
http://i.imgur.com/eY4seTY.png

Here showed a phone i checked on Souq while i was on Yashry O.o 
http://i.imgur.com/PJg6s7A.png

This one it showed Souq.com like the youtube ad behind it too both from the same site the youtube one is a product i  didn't check though while the weird ad is a product i DID view 
http://i.imgur.com/2vCxUCg.png

Still can't view youtube Embedded videos or sign in too.

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Disable all of the extensions in Chrome and see if you still get the ads/boxes in Chrome.

==================

You can also right click on the white box and choose "Block This Ad"

===================

Re-scan with FRST and Make sure the Addition Box is checked.

Post or attach the 2 logs FRST(64).txt and Addition.txt

MrC

Link to post
Share on other sites
Ezz

Ezz

Posted
  • Author
Posted

I'm Disabling them now but i doubt its Chrome extension related since it appears on all the other browsers? ._. *Confused*
i will wait and see if it appears or not since it doesn't appear all the time anyway ^^;
===========================

Yea i tried doing so before, i don't think it worked and if it did it would still appear i different browsers which is really annoying >< 
Oh and the youtube layout continue to be messed up if signed into.. im not sure what is this related to!!

===========================

will attach them : D 

Addition.txt

FRST.txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

I found 2 Chrome extensions that shouldn't be on the system and a couple of other things.

Also this will clean out all the temp files on the system:

Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.

Run FRST.exe/FRST64.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

==================================

Then............

Download zoek.exe to your Desktop:

http://hijackthis.nl/smeenk/

Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications Here

http://www.bleepingcomputer.com/forums/topic114351.html

On Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator

Give it a few seconds to appear

Next, copy/paste the entire script inside the codebox below to the input field of Zoek:

autoclean;

emptyalltemp;

emptyclsid;

Now...

Close any open programs.

Click the Run script button, and wait. It takes a few minutes to run.

When the tool finishes, the zoek-results.log is opened in Notepad.

The log is also found on the systemdrive, normally C:\

If a reboot is needed, the log is opened after the reboot.

MrC

Link to post
Share on other sites
Ezz

Ezz

Posted
  • Author
Posted

First look it appears the extension that were affected Are Hover Zoom and Lyrics Here by Rob W, Also bitly was affected before.. all extensions wereused by me long ago specially bitly and hover zoom maybe 2 years or so using them 

Anyway here is the Logs and will continue checking if something happened or so :D 

Oh oh .. do i re-Enable extensions or leave them yet? ._. 

Fixlog.txt

zoek-results.log

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.