Jump to content

gil900

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I'm talking exactly the about this file. but not this one.. i have a normal install of firefox but the firefox i use is a Portable version and the Portable version not use the prefs.js Within AppData\Roaming\Mozilla\Firefox\Profiles\ this Software Scanned the wrong file. i need to scan this file: D:\Portable Programs\FirefoxPortable\Data\profile\prefs.js
  2. I can not write all my Malwarebytes PRO logs here Because I have a lot of log files. what i can say now is that one of the ipes come from iran or Anywhere close to Iran. this is the ip I'm talking about: http://iplocation.truevue.org/178.152.15.179.html
  3. thanks. i did it after i opened this topic. after i runed Malwarebytes Anti-Rootkit i got this massage: Registry value "AppInit_Dlls" has been found, which may be caused by rootkit activity. Then I have a Yes / No choice to remove it now or not. i selected "no". then i started the scan.. after the scan finished, i saw that it foound a rootkit virus and And another thing .. after i deleted it, I had to re-install my intel display driver Because it Delete the driver.. This is interesting .. Because in the past I have experienced cases which the display driver crashed and i got the massage: "display driver stopped responding and has recovered" after i installed the driver again from the disk, i started again the scan and no rootkit found.. so maybe part of the display driver was infected and this is why the driver crashed... this is the report before i cleaned the rootkit: Quote Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.06.29.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Gil :: GIL-PC [administrator] 29/06/2013 01:09:36 PM mbar-log-2013-06-29 (13-09-36).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 302031 Time elapsed: 13 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Windows\system32\drivers\igdkmd64.sys (Unknown.Rootkit.Driver) -> Replace on reboot. d:\גיבויים\DATA\Desktop\XBOX 360 TOOLS\X360GameHack.exe (Trojan.Agent) -> Delete on reboot. Physical Sectors Detected: 0 (No malicious items detected) (end) and this is after the clean: Quote Malwarebytes Anti-Rootkit BETA 1.06.0.1004 www.malwarebytes.org Database version: v2013.06.29.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16618 Gil :: GIL-PC [administrator] 29/06/2013 02:06:09 PM mbar-log-2013-06-29 (14-06-09).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 302470 Time elapsed: 13 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) i also used combofix and combofix also deleted something on my computer. this is the report from combofix: Quote ComboFix 13-06-28.02 - Gil 06/29/2013 14:34:29.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1255.972.1033.18.8089.6204 [GMT 3:00] Running from: d:\???????\DATA\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5} SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\windows\DPINST.LOG c:\windows\PFRO.log D:\install.exe . . ((((((((((((((((((((((((( Files Created from 2013-05-28 to 2013-06-29 ))))))))))))))))))))))))))))))) . . 2013-06-29 11:40 . 2013-06-29 11:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-06-29 11:06 . 2013-06-29 11:19 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-06-29 10:59 . 2013-06-29 10:59 -------- d-----w- c:\program files\Common Files\Intel 2013-06-29 10:59 . 2013-06-29 10:59 -------- d-----w- c:\program files (x86)\Common Files\Intel 2013-06-29 10:54 . 2013-06-29 10:54 -------- d-----w- C:\found.001 2013-06-29 09:42 . 2013-06-29 09:42 27256 ----a-w- c:\windows\system32\drivers\FixZeroAccess.sys 2013-06-29 09:26 . 2013-06-29 09:26 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2013-06-29 09:26 . 2013-06-29 09:26 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2013-06-29 08:13 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3504DE81-E617-4B9F-8DEC-4956FE95A81D}\mpengine.dll 2013-06-29 01:38 . 2013-06-29 09:19 -------- d-----w- c:\programdata\COMODO 2013-06-29 01:37 . 2013-06-29 09:28 -------- d-----w- c:\program files (x86)\Comodo 2013-06-29 01:22 . 2013-06-29 01:22 -------- d-----w- c:\users\Gil\AppData\Local\TextCrawler 2013-06-29 01:22 . 2013-06-29 01:22 -------- d-----w- c:\program files (x86)\TextCrawler2 2013-06-28 07:56 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-06-26 23:45 . 2013-06-29 11:32 -------- d-----w- c:\users\Gil\AppData\Roaming\DMCache 2013-06-26 23:45 . 2013-06-29 08:51 -------- d-----w- c:\users\Gil\AppData\Roaming\IDM 2013-06-26 23:45 . 2013-06-26 23:45 -------- d-----w- c:\programdata\IDM 2013-06-26 23:44 . 2013-06-29 11:25 -------- d-----w- c:\program files (x86)\Internet Download Manager 2013-06-26 16:40 . 2013-06-26 16:40 -------- d-----w- c:\users\Gil\AppData\Roaming\Digsby 2013-06-26 16:40 . 2013-06-26 16:40 -------- d-----w- c:\users\Gil\AppData\Local\Digsby 2013-06-26 16:40 . 2013-06-26 16:40 -------- d-----w- c:\programdata\Digsby 2013-06-25 13:28 . 2013-06-25 13:28 -------- d-----w- c:\users\Gil\AppData\Local\ElevatedDiagnostics 2013-06-24 11:57 . 2013-06-24 11:57 -------- d-----w- c:\users\Gil\AppData\Local\Jaksta_Technologies_Pty_L 2013-06-24 11:49 . 2011-07-21 14:42 35648 ----a-w- c:\windows\system32\drivers\jakndis.sys 2013-06-24 11:49 . 2013-06-24 11:49 -------- d-----w- c:\program files (x86)\Jaksta Technologies 2013-06-24 11:49 . 2013-06-24 11:58 -------- d-----w- c:\users\Gil\AppData\Roaming\Jaksta Streaming Media Recorder 2013-06-24 11:49 . 2013-06-24 11:49 -------- d-----w- c:\programdata\Applian 2013-06-20 23:28 . 2013-06-20 23:28 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95673DB1-0DB0-44CE-91BC-F386E90B5BD4}\gapaengine.dll 2013-06-20 10:38 . 2013-05-25 15:00 168288 ----a-w- c:\windows\system32\drivers\idmwfp.sys 2013-06-18 18:45 . 2013-06-18 18:45 -------- d-----w- c:\programdata\Apple 2013-06-18 18:44 . 2013-06-18 18:44 -------- d-----w- c:\program files\Avatron 2013-06-18 16:48 . 2013-06-19 11:25 -------- d-----w- c:\program files\MaxiVista Demo Server 2013-06-18 15:18 . 2013-06-18 15:18 3 ----a-w- c:\windows\system32\OutN64proc64.dll 2013-06-18 15:18 . 2013-06-18 15:18 1 ----a-w- c:\windows\system32\InN64proc64.dll 2013-06-14 22:06 . 2013-05-23 21:46 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2013-06-14 12:32 . 2013-06-29 11:32 -------- d-----w- c:\program files (x86)\Giraffic 2013-06-14 12:32 . 2013-06-29 11:30 -------- d-----w- c:\programdata\Giraffic 2013-06-13 17:31 . 2013-06-13 17:31 -------- d-----w- c:\programdata\Kaspersky Lab 2013-06-12 18:20 . 2013-06-18 15:15 -------- d-----w- c:\users\Gil\AppData\Roaming\Splashtop Remote Client 2013-06-12 18:20 . 2013-06-12 18:20 -------- d-----w- c:\programdata\Downloaded Installations 2013-06-12 15:53 . 2013-06-12 15:53 -------- d-----w- c:\users\Gil\AppData\Local\FileFly 2013-06-12 15:53 . 2013-06-12 15:53 -------- d-----w- c:\programdata\FileFly 2013-06-12 15:52 . 2013-06-12 15:52 -------- d-----w- c:\programdata\Splashtop 2013-06-12 15:52 . 2013-06-12 15:52 -------- d-----w- c:\program files (x86)\Splashtop 2013-06-12 12:56 . 2013-06-12 12:56 -------- d-----w- c:\users\Gil\AppData\Local\Activision 2013-06-12 06:52 . 2013-06-12 06:52 -------- d-----w- c:\program files (x86)\Google 2013-06-11 13:52 . 2013-06-11 13:52 -------- d-----w- c:\users\DefaultAppPool 2013-06-11 09:27 . 2012-06-01 05:36 192000 ----a-w- c:\windows\system32\iisRtl.dll 2013-06-11 09:27 . 2012-06-01 05:34 55296 ----a-w- c:\windows\system32\admwprox.dll 2013-06-11 09:27 . 2012-06-01 04:37 154624 ----a-w- c:\windows\SysWow64\iisRtl.dll 2013-06-11 09:27 . 2012-06-01 04:35 50688 ----a-w- c:\windows\SysWow64\admwprox.dll 2013-06-11 09:27 . 2012-06-01 05:39 14848 ----a-w- c:\windows\system32\wamregps.dll 2013-06-11 09:27 . 2012-06-01 05:36 11264 ----a-w- c:\windows\system32\iisrstap.dll 2013-06-11 09:27 . 2012-06-01 05:35 60928 ----a-w- c:\windows\system32\ahadmin.dll 2013-06-11 09:27 . 2012-06-01 05:33 16896 ----a-w- c:\windows\system32\iisreset.exe 2013-06-11 09:27 . 2012-06-01 04:40 10752 ----a-w- c:\windows\SysWow64\wamregps.dll 2013-06-11 09:27 . 2012-06-01 04:37 8192 ----a-w- c:\windows\SysWow64\iisrstap.dll 2013-06-11 09:27 . 2012-06-01 04:35 26624 ----a-w- c:\windows\SysWow64\ahadmin.dll 2013-06-11 09:27 . 2012-06-01 04:34 15360 ----a-w- c:\windows\SysWow64\iisreset.exe 2013-06-11 09:15 . 2013-06-11 09:15 -------- d-----w- c:\program files (x86)\S-Bar 2013-06-10 23:52 . 2013-06-11 19:20 -------- d-----w- c:\users\Gil\AppData\Roaming\NVIDIA 2013-06-10 14:42 . 2013-06-10 14:42 -------- d-----w- c:\program files\Elantech 2013-06-10 14:19 . 2012-02-29 10:32 252712 ----a-w- c:\windows\ETDUninst.dll 2013-06-10 13:51 . 2013-06-10 13:51 -------- d-----w- c:\program files (x86)\AGEIA Technologies 2013-06-10 13:50 . 2013-06-29 11:01 -------- d-----w- c:\windows\SysWow64\NV 2013-06-10 13:50 . 2013-06-29 11:01 -------- d-----w- c:\windows\system32\NV 2013-06-10 13:38 . 2013-06-10 13:38 -------- d-----w- C:\NVIDIA 2013-06-10 12:58 . 2013-06-10 12:58 -------- d-----w- c:\windows\SysWow64\BestPractices 2013-06-10 12:58 . 2013-06-10 12:58 -------- d-----w- c:\windows\system32\BestPractices 2013-06-10 12:58 . 2013-06-10 12:58 -------- d-----w- C:\inetpub 2013-06-10 12:48 . 2013-06-10 12:48 -------- d-----w- c:\program files (x86)\Reference Assemblies 2013-06-10 12:48 . 2013-06-10 12:48 -------- d-----w- c:\program files\Reference Assemblies 2013-06-10 12:48 . 2013-06-10 12:48 -------- d-----w- c:\program files\MSBuild 2013-06-10 12:36 . 2013-06-10 12:36 -------- d-----w- c:\users\UpdatusUser 2013-06-10 12:36 . 2013-05-12 20:34 6491936 ----a-w- c:\windows\system32\nvcpl.dll 2013-06-10 12:36 . 2013-05-12 20:34 3514656 ----a-w- c:\windows\system32\nvsvc64.dll 2013-06-10 12:36 . 2013-05-12 20:34 884512 ----a-w- c:\windows\system32\nvvsvc.exe 2013-06-10 12:36 . 2013-05-12 20:34 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-06-10 12:36 . 2013-05-12 20:34 2555680 ----a-w- c:\windows\system32\nvsvcr.dll 2013-06-10 12:36 . 2013-05-12 20:34 67072 ----a-w- c:\windows\system32\nv3dappshextr.dll 2013-06-10 12:36 . 2013-05-12 20:34 1025312 ----a-w- c:\windows\system32\nv3dappshext.dll 2013-06-10 12:36 . 2013-05-08 14:13 3165737 ----a-w- c:\windows\system32\nvcoproc.bin 2013-06-10 12:36 . 2013-05-12 20:34 237856 ----a-w- c:\windows\system32\nvmctray.dll 2013-06-10 12:34 . 2013-06-10 12:34 -------- d-----w- c:\programdata\NVIDIA Corporation 2013-06-10 12:09 . 2013-06-10 12:09 -------- d-----w- C:\found.000 2013-06-10 11:42 . 2012-03-30 07:43 170264 ----a-w- c:\windows\system32\igfxtray.exe 2013-06-10 11:42 . 2012-03-30 07:43 509720 ----a-w- c:\windows\system32\igfxsrvc.exe 2013-06-10 11:41 . 2012-03-26 11:09 14748416 ----a-w- c:\windows\system32\drivers\igdkmd64.sys 2013-06-06 21:49 . 2013-06-06 21:49 -------- d-----w- c:\users\Gil\AppData\Roaming\Malwarebytes 2013-06-06 21:49 . 2013-06-06 21:49 -------- d-----w- c:\programdata\Malwarebytes 2013-06-06 21:49 . 2013-06-06 21:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-06-06 21:49 . 2013-04-04 11:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-06-05 23:32 . 2013-06-05 23:32 311200 ----a-w- c:\windows\system32\javaws.exe 2013-06-05 23:32 . 2013-06-05 23:32 971680 ----a-w- c:\windows\system32\deployJava1.dll 2013-06-05 23:32 . 2013-06-05 23:32 1092512 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-06-05 23:32 . 2013-06-05 23:32 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2013-06-05 23:32 . 2013-06-05 23:32 188832 ----a-w- c:\windows\system32\javaw.exe 2013-06-05 23:32 . 2013-06-05 23:32 188320 ----a-w- c:\windows\system32\java.exe 2013-06-05 23:32 . 2013-06-05 23:32 -------- d-----w- c:\program files\Java 2013-06-05 11:24 . 2013-06-05 11:24 -------- d-----w- c:\program files (x86)\ControlMK 2013-06-04 14:39 . 2013-06-04 14:39 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories 2013-06-04 07:48 . 2013-06-10 12:30 -------- d-----w- c:\program files\MotioninJoy 2013-06-04 07:48 . 2013-06-04 07:49 121416 ----a-w- c:\windows\system32\drivers\MijXfilt.sys 2013-06-04 07:48 . 2013-06-04 07:48 -------- d-----w- c:\users\Gil\AppData\Roaming\MotioninJoy 2013-06-03 15:31 . 2013-06-03 15:31 -------- d-----w- c:\programdata\Codemasters 2013-06-02 14:44 . 2013-06-02 14:49 -------- d-----w- c:\users\Gil\AppData\Local\VirtualRouterPlus 2013-06-02 14:43 . 2013-06-04 14:40 -------- d-----w- c:\program files (x86)\Virtual Router 2013-06-02 13:50 . 2013-06-05 15:27 -------- d-----w- c:\users\Gil\AppData\Roaming\Audacity 2013-05-30 19:54 . 2013-06-12 06:51 -------- d-----w- c:\users\Gil\AppData\Local\Google . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-06-14 00:03 . 2013-05-15 13:35 75825640 ----a-w- c:\windows\system32\MRT.exe 2013-05-30 19:54 . 2013-04-24 02:06 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-30 19:54 . 2013-04-24 02:06 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-29 21:28 . 2013-05-29 21:28 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll 2013-05-24 00:02 . 2013-05-17 19:45 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-05-23 14:19 . 2013-05-23 14:19 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DA96CB8-C482-4397-A04F-DD21F13DCF4E}\offreg.dll 2013-05-23 12:42 . 2013-05-17 19:15 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2013-05-13 06:37 . 2013-05-21 09:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DA96CB8-C482-4397-A04F-DD21F13DCF4E}\mpengine.dll 2013-05-12 21:42 . 2013-04-24 02:10 925648 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2013-05-12 21:42 . 2013-04-24 02:10 2935696 ----a-w- c:\windows\system32\nvapi64.dll 2013-05-12 21:42 . 2013-04-24 02:10 266448 ----a-w- c:\windows\system32\nvinitx.dll 2013-05-12 21:42 . 2013-04-24 02:10 214448 ----a-w- c:\windows\SysWow64\nvinit.dll 2013-05-12 21:42 . 2013-04-24 02:10 13403168 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-05-12 21:42 . 2013-04-24 02:10 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-05-08 21:32 . 2012-07-17 11:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-07 00:21 . 2013-05-07 00:21 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-05-07 00:21 . 2013-05-07 00:21 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-05-07 00:21 . 2013-05-07 00:21 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-05-07 00:21 . 2013-05-07 00:21 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-05-07 00:21 . 2013-05-07 00:21 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-05-07 00:21 . 2013-05-07 00:21 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-05-07 00:21 . 2013-05-07 00:21 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-05-07 00:21 . 2013-05-07 00:21 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-05-07 00:21 . 2013-05-07 00:21 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-05-07 00:21 . 2013-05-07 00:21 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-05-07 00:21 . 2013-05-07 00:21 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-05-07 00:21 . 2013-05-07 00:21 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-05-07 00:21 . 2013-05-07 00:21 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-05-07 00:21 . 2013-05-07 00:21 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-05-07 00:21 . 2013-05-07 00:21 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-05-07 00:21 . 2013-05-07 00:21 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-05-07 00:21 . 2013-05-07 00:21 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-05-07 00:21 . 2013-05-07 00:21 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-05-07 00:21 . 2013-05-07 00:21 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-05-07 00:21 . 2013-05-07 00:21 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-05-07 00:21 . 2013-05-07 00:21 81408 ----a-w- c:\windows\system32\icardie.dll 2013-05-07 00:21 . 2013-05-07 00:21 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-05-07 00:21 . 2013-05-07 00:21 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-05-07 00:21 . 2013-05-07 00:21 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-05-07 00:21 . 2013-05-07 00:21 441856 ----a-w- c:\windows\system32\html.iec 2013-05-07 00:21 . 2013-05-07 00:21 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-05-07 00:21 . 2013-05-07 00:21 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-05-07 00:21 . 2013-05-07 00:21 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-05-07 00:21 . 2013-05-07 00:21 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-05-07 00:21 . 2013-05-07 00:21 235008 ----a-w- c:\windows\system32\url.dll 2013-05-07 00:21 . 2013-05-07 00:21 216064 ----a-w- c:\windows\system32\msls31.dll 2013-05-07 00:21 . 2013-05-07 00:21 197120 ----a-w- c:\windows\system32\msrating.dll 2013-05-07 00:21 . 2013-05-07 00:21 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-05-07 00:21 . 2013-05-07 00:21 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-05-07 00:21 . 2013-05-07 00:21 144896 ----a-w- c:\windows\system32\wextract.exe 2013-05-07 00:21 . 2013-05-07 00:21 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-05-07 00:21 . 2013-05-07 00:21 102912 ----a-w- c:\windows\system32\inseng.dll 2013-05-07 00:21 . 2013-05-07 00:21 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-05-07 00:21 . 2013-05-07 00:21 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-05-07 00:21 . 2013-05-07 00:21 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-05-07 00:21 . 2013-05-07 00:21 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-05-07 00:21 . 2013-05-07 00:21 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-05-07 00:21 . 2013-05-07 00:21 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-05-07 00:21 . 2013-05-07 00:21 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-05-07 00:21 . 2013-05-07 00:21 149504 ----a-w- c:\windows\system32\occache.dll 2013-05-07 00:21 . 2013-05-07 00:21 13824 ----a-w- c:\windows\system32\mshta.exe 2013-05-07 00:21 . 2013-05-07 00:21 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-05-07 00:21 . 2013-05-07 00:21 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-05-07 00:21 . 2013-05-07 00:21 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-05-07 00:20 . 2013-05-07 00:20 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-07 00:20 . 2013-05-07 00:20 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-07 00:20 . 2013-05-07 00:20 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-05-07 00:20 . 2013-05-07 00:20 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-05-07 00:20 . 2013-05-07 00:20 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-05-07 00:20 . 2013-05-07 00:20 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-05-07 00:20 . 2013-05-07 00:20 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-05-07 00:20 . 2013-05-07 00:20 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-05-07 00:20 . 2013-05-07 00:20 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-05-07 00:20 . 2013-05-07 00:20 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-05-07 00:20 . 2013-05-07 00:20 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-05-07 00:20 . 2013-05-07 00:20 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-05-07 00:20 . 2013-05-07 00:20 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-05-07 00:20 . 2013-05-07 00:20 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-05-07 00:20 . 2013-05-07 00:20 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-05-07 00:20 . 2013-05-07 00:20 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-05-07 00:20 . 2013-05-07 00:20 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-05-07 00:20 . 2013-05-07 00:20 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-05-07 00:20 . 2013-05-07 00:20 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-05-07 00:20 . 2013-05-07 00:20 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-05-07 00:20 . 2013-05-07 00:20 2565120 ----a-w- c:\windows\system32\d3d10warp.dll 2013-05-07 00:20 . 2013-05-07 00:20 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-05-07 00:20 . 2013-05-07 00:20 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-05-07 00:20 . 2013-05-07 00:20 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-05-07 00:20 . 2013-05-07 00:20 1682432 ----a-w- c:\windows\system32\XpsPrint.dll 2013-05-07 00:20 . 2013-05-07 00:20 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll 2013-05-07 00:20 . 2013-05-07 00:20 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-05-07 00:20 . 2013-05-07 00:20 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-05-07 00:20 . 2013-05-07 00:20 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-05-07 00:20 . 2013-05-07 00:20 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll 2013-05-07 00:20 . 2013-05-07 00:20 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll 2013-05-07 00:20 . 2013-05-07 00:20 1643520 ----a-w- c:\windows\system32\DWrite.dll 2013-05-07 00:20 . 2013-05-07 00:20 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-05-07 00:20 . 2013-05-07 00:20 1175552 ----a-w- c:\windows\system32\FntCache.dll 2013-05-07 00:20 . 2013-05-07 00:20 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll 2013-05-07 00:20 . 2013-05-07 00:20 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-05-08 18680424] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "S-Bar"="c:\program files (x86)\S-Bar\S-Bar.exe" [2012-12-03 5504416] . c:\users\Gil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ EasyMagnify v5 - Shortcut.lnk - d:\גיבויים\עבודות\תכנותים\פיתוח פטנטים לוינדוס\Magnifier\EasyMagnify v5.exe [2013-6-19 333725] Fences.lnk - c:\program files (x86)\Stardock\Fences\Fences.exe /startup [2012-10-29 4017368] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ UltraMon.lnk - c:\windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico /auto [2013-4-27 29310] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;d:\program files\Autodesk\3ds max 2013\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe;d:\program files\Autodesk\3ds max 2013\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [x] R2 mvCmdemo;mvCmdemo;c:\windows\system32\Drivers\mvCmdemo.SYS;c:\windows\SYSNATIVE\Drivers\mvCmdemo.SYS [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 AirDisplay;Air Display Support;c:\windows\system32\DRIVERS\AVVideoCard.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCard.sys [x] R3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\DRIVERS\AVVideoCardMirror.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCardMirror.sys [x] R3 AirDisplayWDDM;AirDisplayWDDM;c:\windows\system32\DRIVERS\AVWDDMMiniPort.sys;c:\windows\SYSNATIVE\DRIVERS\AVWDDMMiniPort.sys [x] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x] R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [x] R3 jakndis;Jaksta Service;c:\windows\system32\DRIVERS\jakndis.sys;c:\windows\SYSNATIVE\DRIVERS\jakndis.sys [x] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x] R3 mvvideodemo;MaxiVista Virtual Video Demo;c:\windows\system32\DRIVERS\mvvideodemo.sys;c:\windows\SYSNATIVE\DRIVERS\mvvideodemo.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x] R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe;c:\windows\SYSNATIVE\dllhost.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 AVPCIFilter;Avatron PCI Bus Device Filter;c:\windows\system32\DRIVERS\AVPCIFilter.sys;c:\windows\SYSNATIVE\DRIVERS\AVPCIFilter.sys [x] S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S2 Giraffic;Giraffic Video Accelerator;c:\program files (x86)\Giraffic\GirafficWatchdog.exe;c:\program files (x86)\Giraffic\GirafficWatchdog.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe;c:\program files (x86)\S-Bar\MSIService.exe [x] S2 Multiplicity;Stardock Multiplicity 2 Service;c:\program files (x86)\Stardock\Multiplicity2\MultiSrv.exe;c:\program files (x86)\Stardock\Multiplicity2\MultiSrv.exe [x] S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe [x] S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys;c:\windows\SYSNATIVE\DRIVERS\GenericMount.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x] S3 jakndisMP;jakndisMP;c:\windows\system32\DRIVERS\jakndis.sys;c:\windows\SYSNATIVE\DRIVERS\jakndis.sys [x] S3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-19 20:57 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 06:52] . 2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 06:52] . 2013-06-29 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 10:41] . 2013-06-28 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 10:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-02-05 13269064] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512] "Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2012-10-29 4017368] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-30 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-30 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-30 439064] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2012-10-29 551640] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: idm הורד באמצעות - c:\program files (x86)\Internet Download Manager\IEExt.htm IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: Subscribe in RSS Bandit - c:\users\Gil\AppData\Roaming\RssBandit\iecontext_subscribebandit.htm IE: הורד את כל הלינקים באמצעות IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm TCP: DhcpNameServer = 192.117.235.235 62.219.186.7 . . ------- File Associations ------- . JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %* . - - - - ORPHANS REMOVED - - - - . HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe AddRemove-{DC4ED65E-353A-488A-882A-9B7B2BE098CA}_is1 - d:\games\Call Of Duty - Black Ops II\unins000.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1802387657-1338976063-2405825337-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1802387657-1338976063-2405825337-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\S-1-5-21-1802387657-1338976063-2405825337-1000\Software\SecuROM\License information*] "datasecu"=hex:5d,81,a3,6c,6b,fc,d8,27,7f,5f,7a,a5,51,17,be,28,69,46,f0,b0,02, 2e,67,98,67,8c,f5,f9,88,79,58,64,60,d0,13,e1,12,61,4b,d0,5c,72,f6,bb,ed,08,\ "rkeysecu"=hex:65,e4,6e,ab,99,55,3f,16,00,63,8b,10,b9,84,82,59 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-06-29 14:42:45 ComboFix-quarantined-files.txt 2013-06-29 11:42 . Pre-Run: 1,088,614,400 bytes free Post-Run: 1,440,731,136 bytes free . - - End Of File - - B569D610E427FBC3DD0B431BACB43C08 A36C5E4F47E84449FF07ED3517B43A31 Recently I have experiencing strange phenomena on my computer. My Firefox browser stops working once in a while and now recently it happens to more softwares ... Many times after my computer wake-up from sleep mod, i get "stopped working" Messages like: "COM stopped working" and more.. But there is much more strange phenomenon and this phenomenon occur in my firefox browser.. A few days ago I noticed that the site paypal.com and other banking website are not shown as usual .. I mean (and sorry for my English) that paypal and more local bank website looks different.. and this problem not was not with other sites.. my firefox is a Portable version and i tried to To locate the problem. At first i disabled all of the add-ones in firefox. it didn't solve the problem.. Then I realized that the problem is in the profile files in firefox portoble .. the profile files is in: FirefoxPortable\Data\profile Like an idiot, I decided to delete each attempt group of 10 files in that folder and then check if the issue is resolved. after a few attempts, I reached to the source of the problem.. the problem was in the file "prefs.js" i found that if i delete this file the the problem is resolved but with a price. and the price is that all my settings are gone.. but my technique is to back up these files so i copied all these files again from the backup.. but at this point i knew where to look for the core of the problem - in the file "prefs.js". i opened this file in text editor and i did again this technique - each attempt i deleted group of 50 lines in that file.. after i found the group of the 50 lines (that If I delete this group then the problem is resolved), I searched the problematic line in this group .. At the end I solved the problem and found the line but i did not observe this information so I can not post that line ... it was a headache .. I had a few days of quiet with the browser .. But right now the problem back but with a different site - facebook. Now facebook does not look right .. And somehow I'm not connected to my Facebook user .. As I write this message, Firefox crashed at least 5 times .. Every time I backed up what I wrote in a text document
  4. hello I have exactly the same problem: http://forums.malwarebytes.org/index.php?showtopic=128484 But with other IP addresses. this is all my logs from malwarebytes PRO: (Malwarebytes' Anti-Malware Logs.7z) i runed the dds.scr and this is the results: dds.txt: attach.txt: Also, I imagine that you will tell me to do the same things ... So I did what you said in post number #3 (in http://forums.malwarebytes.org/index.php?showtopic=128484) and this is the report: Thanks for helpers! Gil. Malwarebytes' Anti-Malware Logs.7z
  5. hello, i new here and i got this worning massage in the log: Should I worry about this? Is this a virus? I do not know what to do .. Yesterday I saw in my desktop file named: desktop.png. I do not know where this file came .. I can say for sure - I did not create this file! This file is a screenshot of my desktop! A few hours after I found this file on my desktop, I installed Malwarebytes Anti-Malware. Today I received this message. I think I need to worry about this
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.