Successfully blocked access to a potentially malicious website

gil900 · June 29, 2013

hello

I have exactly the same problem:

http://forums.malwarebytes.org/index.php?showtopic=128484

But with other IP addresses.

this is all my logs from malwarebytes PRO:

(Malwarebytes' Anti-Malware Logs.7z)

i runed the dds.scr and this is the results:

dds.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2
Run by Gil at 11:36:35 on 2013-06-29
Microsoft Windows 7 Professional   6.1.7601.1.1255.972.1033.18.8089.4253 [GMT 3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AV: COMODO Antivirus *Enabled/Updated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Stardock\Multiplicity2\MultiSrv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
C:\Program Files (x86)\Giraffic\GirafficWatchdog.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\Autodesk\3ds max 2013\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\S-Bar\MSIService.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Stardock\Multiplicity2\MP2Control.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Stardock\Multiplicity2\MP2Drag.exe
C:\Windows\System32\wscript.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files (x86)\S-Bar\S-Bar.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
D:\גיבויים\עבודות\תכנותים\פיתוח פטנטים לוינדוס\Magnifier\EasyMagnify v5.exe
C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\COMODO\COMODO Internet Security\cis.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
C:\Program Files (x86)\Giraffic\Giraffic.exe
C:\Program Files (x86)\Stardock\Multiplicity2\Multipl2.exe
C:\Program Files\UltraMon\UltraMonUiAcc.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
D:\Portable Programs\FirefoxPortable 5\FirefoxPortable.exe
D:\Portable Programs\FirefoxPortable 5\App\firefox\firefox.exe
D:\Portable Programs\FirefoxPortable 5\App\firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
D:\גיבויים\DATA\Desktop\dds.scr
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRunOnce: [Application Restart #3] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --restore-last-session -- https://skydrive.live.com/redir.aspx?cid=8d340689c9e386f7&page=play&resid=8D340689C9E386F7!429&parid=8D340689C9E386F7!428&type=1&Bsrc=Photomail&Bpub=SDX.Photos&authkey=!AGuWOG11vBFqb7g
mRun: [s-Bar] C:\Program Files (x86)\S-Bar\S-Bar.exe
mRun: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave
StartupFolder: C:\Users\Gil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EASYMA~1.LNK - D:\גיבויים\עבודות\תכנותים\פיתוח פטנטים לוינדוס\Magnifier\EasyMagnify v5.exe
StartupFolder: C:\Users\Gil\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Fences.lnk - C:\Program Files (x86)\Stardock\Fences\Fences.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARTG~1.LNK - C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: idm הורד באמצעות - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Subscribe in RSS Bandit - C:\Users\Gil\AppData\Roaming\RssBandit\iecontext_subscribebandit.htm
IE: הורד את כל הלינקים באמצעות IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.117.235.235 62.219.186.7
TCP: Interfaces\{B1C3ABDC-72F8-4616-940E-14EA950EF76A} : NameServer = 156.154.70.22,156.154.71.22
TCP: Interfaces\{B1C3ABDC-72F8-4616-940E-14EA950EF76A} : DHCPNameServer = 192.117.235.235 62.219.186.7
TCP: Interfaces\{B9C6FD8D-88CF-4312-88FD-BA85B3CACBF2} : NameServer = 156.154.70.22,156.154.71.22
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Fences] "C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 AVPCIFilter;Avatron PCI Bus Device Filter;C:\Windows\System32\drivers\AVPCIFilter.sys [2013-4-15 37240]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-5-4 19264]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-6-10 30496]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\System32\drivers\cmderd.sys [2013-6-18 23168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\System32\drivers\cmdguard.sys [2013-6-18 708632]
R2 CLPSLauncher;COMODO LPS Launcher;C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [2013-4-17 70344]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2013-5-29 2094216]
R2 GeekBuddyRSP;GeekBuddyRSP Service;C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-4-17 1851088]
R2 Giraffic;Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\GirafficWatchdog.exe --service [?]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2013-4-25 2429544]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-6-20 168288]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-4-24 127320]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-24 162648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-7 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-7 701512]
R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;D:\Program Files\Autodesk\3ds max 2013\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [2011-9-15 86016]
R2 Micro Star SCM;Micro Star SCM;C:\Program Files (x86)\S-Bar\MSIService.exe [2012-12-3 160768]
R2 Multiplicity;Stardock Multiplicity 2 Service;C:\Program Files (x86)\Stardock\Multiplicity2\MultiSrv.exe [2012-11-26 124080]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2013-5-23 551264]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2013-5-8 583968]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2012-1-20 16128]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2012-8-24 20512]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-24 362840]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2013-5-1 329104]
R3 GenericMount;Generic Mount Driver;C:\Windows\System32\drivers\GenericMount.sys [2009-9-21 66608]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-4-24 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-5-4 357184]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-5-4 789824]
R3 jakndisMP;jakndisMP;C:\Windows\System32\drivers\jakndis.sys [2013-6-24 35648]
R3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;C:\Windows\System32\drivers\e22W7x64.sys [2013-5-4 157552]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-7 25928]
R3 MBfilt;MBfilt;C:\Windows\System32\drivers\MBfilt64.sys [2013-4-25 32344]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2013-4-25 340072]
R3 SymSnapService;SymSnapService;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2009-9-21 2963960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
S3 AirDisplay;Air Display Support;C:\Windows\System32\drivers\AVVideoCard.sys [2013-4-15 16248]
S3 AirDisplayMirror;Air Display Mirror Support;C:\Windows\System32\drivers\AVVideoCardMirror.sys [2013-4-15 16248]
S3 AirDisplayWDDM;AirDisplayWDDM;C:\Windows\System32\drivers\AVWDDMMiniPort.sys [2013-4-15 45432]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2013-2-13 163808]
S3 cmdvirth;COMODO Virtual Service Manager;C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2013-6-18 158936]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-5-6 1432400]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-4-26 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 GenericMount Helper Service;GenericMount Helper Service;C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-2-12 2227216]
S3 jakndis;Jaksta Service;C:\Windows\System32\drivers\jakndis.sys [2013-6-24 35648]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-6-4 121416]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2013-5-4 14136]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\Windows\System32\dllhost.exe [2009-7-14 9728]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-1-20 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-27 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice]
FileExt: .ini: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice]
FileExt: .vbe: VBEFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .vbs: VBSFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .js: JSFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .wsf: WSFFile=C:\Windows\SysWow64\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-06-29 08:13:45   9552976   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3504DE81-E617-4B9F-8DEC-4956FE95A81D}\mpengine.dll
2013-06-29 01:39:06   --------   d-s---w-   C:\ProgramData\Shared Space
2013-06-29 01:38:46   --------   d-----w-   C:\Program Files\COMODO
2013-06-29 01:38:33   --------   d-----w-   C:\ProgramData\COMODO
2013-06-29 01:38:18   --------   d-----w-   C:\Program Files (x86)\Common Files\COMODO
2013-06-29 01:37:54   --------   d-----w-   C:\Users\Gil\AppData\Local\Comodo
2013-06-29 01:37:50   56072   ----a-w-   C:\Windows\System32\certsentry.dll
2013-06-29 01:37:50   47368   ----a-w-   C:\Windows\SysWow64\certsentry.dll
2013-06-29 01:37:42   --------   d-----w-   C:\Program Files (x86)\Comodo
2013-06-29 01:37:32   --------   d-----w-   C:\ProgramData\Comodo Downloader
2013-06-29 01:22:17   --------   d-----w-   C:\Users\Gil\AppData\Local\TextCrawler
2013-06-29 01:22:13   --------   d-----w-   C:\Program Files (x86)\TextCrawler2
2013-06-28 07:56:43   9552976   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-26 23:45:00   --------   d-----w-   C:\Users\Gil\AppData\Roaming\IDM
2013-06-26 23:45:00   --------   d-----w-   C:\Users\Gil\AppData\Roaming\DMCache
2013-06-26 23:45:00   --------   d-----w-   C:\ProgramData\IDM
2013-06-26 23:44:19   --------   d-----w-   C:\Program Files (x86)\Internet Download Manager
2013-06-26 16:40:50   --------   d-----w-   C:\Users\Gil\AppData\Roaming\Digsby
2013-06-26 16:40:50   --------   d-----w-   C:\Users\Gil\AppData\Local\Digsby
2013-06-26 16:40:50   --------   d-----w-   C:\ProgramData\Digsby
2013-06-25 13:28:55   --------   d-----w-   C:\Users\Gil\AppData\Local\ElevatedDiagnostics
2013-06-24 11:57:58   --------   d-----w-   C:\Users\Gil\AppData\Local\Jaksta_Technologies_Pty_L
2013-06-24 11:49:34   35648   ----a-w-   C:\Windows\System32\drivers\jakndis.sys
2013-06-24 11:49:31   --------   d-----w-   C:\Program Files (x86)\Jaksta Technologies
2013-06-24 11:49:22   --------   d-----w-   C:\Users\Gil\AppData\Roaming\Jaksta Streaming Media Recorder
2013-06-24 11:49:22   --------   d-----w-   C:\ProgramData\Applian
2013-06-20 23:28:59   964552   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{95673DB1-0DB0-44CE-91BC-F386E90B5BD4}\gapaengine.dll
2013-06-20 10:38:11   168288   ----a-w-   C:\Windows\System32\drivers\idmwfp.sys
2013-06-18 18:44:37   --------   d-----w-   C:\Program Files\Avatron
2013-06-18 16:48:12   --------   d-----w-   C:\Program Files\MaxiVista Demo Server
2013-06-18 15:18:21   3   ----a-w-   C:\Windows\System32\OutN64proc64.dll
2013-06-18 15:18:21   1   ----a-w-   C:\Windows\System32\InN64proc64.dll
2013-06-18 13:16:10   708632   ----a-w-   C:\Windows\System32\drivers\cmdguard.sys
2013-06-18 13:16:10   48360   ----a-w-   C:\Windows\System32\drivers\cmdhlp.sys
2013-06-18 13:16:08   23168   ----a-w-   C:\Windows\System32\drivers\cmderd.sys
2013-06-18 13:15:50   43216   ----a-w-   C:\Windows\System32\cmdcsr.dll
2013-06-18 13:15:48   437688   ----a-w-   C:\Windows\System32\guard64.dll
2013-06-18 13:15:48   348584   ----a-w-   C:\Windows\SysWow64\guard32.dll
2013-06-18 13:15:40   45784   ----a-w-   C:\Windows\System32\cmdkbd64.dll
2013-06-18 13:15:40   344792   ----a-w-   C:\Windows\System32\cmdvrt64.dll
2013-06-18 13:15:36   40664   ----a-w-   C:\Windows\SysWow64\cmdkbd32.dll
2013-06-18 13:15:36   278232   ----a-w-   C:\Windows\SysWow64\cmdvrt32.dll
2013-06-14 22:06:59   964552   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-14 12:32:39   --------   d-----w-   C:\ProgramData\Giraffic
2013-06-14 12:32:39   --------   d-----w-   C:\Program Files (x86)\Giraffic
2013-06-13 17:31:11   --------   d-----w-   C:\ProgramData\Kaspersky Lab
2013-06-12 18:20:57   --------   d-----w-   C:\Users\Gil\AppData\Roaming\Splashtop Remote Client
2013-06-12 18:20:41   --------   d-----w-   C:\ProgramData\Downloaded Installations
2013-06-12 15:53:46   --------   d-----w-   C:\Users\Gil\AppData\Local\FileFly
2013-06-12 15:53:46   --------   d-----w-   C:\ProgramData\FileFly
2013-06-12 15:52:21   --------   d-----w-   C:\ProgramData\Splashtop
2013-06-12 15:52:03   --------   d-----w-   C:\Program Files (x86)\Splashtop
2013-06-12 12:56:07   --------   d-----w-   C:\Users\Gil\AppData\Local\Activision
2013-06-11 09:27:58   55296   ----a-w-   C:\Windows\System32\admwprox.dll
2013-06-11 09:27:58   50688   ----a-w-   C:\Windows\SysWow64\admwprox.dll
2013-06-11 09:27:58   192000   ----a-w-   C:\Windows\System32\iisRtl.dll
2013-06-11 09:27:58   154624   ----a-w-   C:\Windows\SysWow64\iisRtl.dll
2013-06-11 09:27:57   8192   ----a-w-   C:\Windows\SysWow64\iisrstap.dll
2013-06-11 09:27:57   60928   ----a-w-   C:\Windows\System32\ahadmin.dll
2013-06-11 09:27:57   26624   ----a-w-   C:\Windows\SysWow64\ahadmin.dll
2013-06-11 09:27:57   16896   ----a-w-   C:\Windows\System32\iisreset.exe
2013-06-11 09:27:57   15360   ----a-w-   C:\Windows\SysWow64\iisreset.exe
2013-06-11 09:27:57   14848   ----a-w-   C:\Windows\System32\wamregps.dll
2013-06-11 09:27:57   11264   ----a-w-   C:\Windows\System32\iisrstap.dll
2013-06-11 09:27:57   10752   ----a-w-   C:\Windows\SysWow64\wamregps.dll
2013-06-11 09:15:46   --------   d-----w-   C:\Program Files (x86)\S-Bar
2013-06-10 23:52:35   --------   d-----w-   C:\Users\Gil\AppData\Roaming\NVIDIA
2013-06-10 14:42:09   --------   d-----w-   C:\Program Files\Elantech
2013-06-10 14:19:40   252712   ----a-w-   C:\Windows\ETDUninst.dll
2013-06-10 13:50:45   --------   d-----w-   C:\Windows\SysWow64\NV
2013-06-10 13:50:45   --------   d-----w-   C:\Windows\System32\NV
2013-06-10 13:38:18   --------   d-----w-   C:\NVIDIA
2013-06-10 12:58:37   --------   d-----w-   C:\Windows\SysWow64\BestPractices
2013-06-10 12:58:35   --------   d-----w-   C:\Windows\System32\BestPractices
2013-06-10 12:58:35   --------   d-----w-   C:\inetpub
2013-06-10 12:36:39   884512   ----a-w-   C:\Windows\System32\nvvsvc.exe
2013-06-10 12:36:39   67072   ----a-w-   C:\Windows\System32\nv3dappshextr.dll
2013-06-10 12:36:39   6491936   ----a-w-   C:\Windows\System32\nvcpl.dll
2013-06-10 12:36:39   63776   ----a-w-   C:\Windows\System32\nvshext.dll
2013-06-10 12:36:39   3514656   ----a-w-   C:\Windows\System32\nvsvc64.dll
2013-06-10 12:36:39   3165737   ----a-w-   C:\Windows\System32\nvcoproc.bin
2013-06-10 12:36:39   2555680   ----a-w-   C:\Windows\System32\nvsvcr.dll
2013-06-10 12:36:39   1025312   ----a-w-   C:\Windows\System32\nv3dappshext.dll
2013-06-10 12:36:38   237856   ----a-w-   C:\Windows\System32\nvmctray.dll
2013-06-10 12:34:42   --------   d-----w-   C:\ProgramData\NVIDIA Corporation
2013-06-10 12:09:39   --------   d-sh--w-   C:\found.000
2013-06-10 11:53:29   --------   d-----w-   C:\Program Files\Common Files\Intel
2013-06-10 11:53:25   --------   d-----w-   C:\Program Files (x86)\Common Files\Intel
2013-06-06 21:49:55   --------   d-----w-   C:\Users\Gil\AppData\Roaming\Malwarebytes
2013-06-06 21:49:41   --------   d-----w-   C:\ProgramData\Malwarebytes
2013-06-06 21:49:39   25928   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2013-06-06 21:49:39   --------   d-----w-   C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-05 23:32:22   971680   ----a-w-   C:\Windows\System32\deployJava1.dll
2013-06-05 23:32:22   1092512   ----a-w-   C:\Windows\System32\npDeployJava1.dll
2013-06-05 23:32:18   108448   ----a-w-   C:\Windows\System32\WindowsAccessBridge-64.dll
2013-06-05 11:24:10   --------   d-----w-   C:\Program Files (x86)\ControlMK
2013-06-04 14:39:25   --------   d-----w-   C:\Program Files\Microsoft Xbox 360 Accessories
2013-06-04 07:48:39   121416   ----a-w-   C:\Windows\System32\drivers\MijXfilt.sys
2013-06-04 07:48:39   --------   d-----w-   C:\Users\Gil\AppData\Roaming\MotioninJoy
2013-06-04 07:48:39   --------   d-----w-   C:\Program Files\MotioninJoy
2013-06-03 15:31:46   --------   d-----w-   C:\ProgramData\Codemasters
2013-06-02 14:44:22   --------   d-----w-   C:\Users\Gil\AppData\Local\VirtualRouterPlus
2013-06-02 14:43:27   --------   d-----w-   C:\Program Files (x86)\Virtual Router
2013-05-30 19:54:56   --------   d-----w-   C:\Users\Gil\AppData\Local\Google
.
==================== Find3M ====================
.
2013-06-08 12:28:46   2706432   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19   2706432   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-05-30 19:54:49   692104   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-30 19:54:48   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-29 21:28:06   178800   ----a-w-   C:\Windows\SysWow64\CmdLineExt_x64.dll
2013-05-24 00:02:18   281688   ----a-w-   C:\Windows\SysWow64\PnkBstrB.xtr
2013-05-23 12:42:17   281688   ----a-w-   C:\Windows\SysWow64\PnkBstrB.ex0
2013-05-17 01:25:57   1767936   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27   2877440   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26   61440   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26   109056   ----a-w-   C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03   2241024   ----a-w-   C:\Windows\System32\wininet.dll
2013-05-17 00:58:10   3958784   ----a-w-   C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08   67072   ----a-w-   C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08   136704   ----a-w-   C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25   89600   ----a-w-   C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13   71680   ----a-w-   C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01   184320   ----a-w-   C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00   1464320   ----a-w-   C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00   139776   ----a-w-   C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40   52224   ----a-w-   C:\Windows\System32\certenc.dll
2013-05-13 04:45:55   140288   ----a-w-   C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55   1160192   ----a-w-   C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55   103936   ----a-w-   C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55   1192448   ----a-w-   C:\Windows\System32\certutil.exe
2013-05-13 03:08:10   903168   ----a-w-   C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06   43008   ----a-w-   C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27   30720   ----a-w-   C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54   24576   ----a-w-   C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01   1910632   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
2013-05-07 00:20:50   9728   ---ha-w-   C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-06 10:15:09   118856   ----a-w-   C:\Windows\System32\drivers\sscvf.sys
2013-05-02 15:29:56   278800   ------w-   C:\Windows\System32\MpSigStub.exe
2013-04-26 22:16:11   507392   ----a-w-   C:\Windows\System32\drivers\AF15BDA.sys
2013-04-26 22:16:11   350   ----a-w-   C:\Windows\System32\AF15IRTBL.bin
2013-04-26 22:16:11   28672   ----a-w-   C:\Windows\System32\AF15BDAEX.dll
2013-04-26 05:51:36   751104   ----a-w-   C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21   492544   ----a-w-   C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32   1505280   ----a-w-   C:\Windows\SysWow64\d3d11.dll
2013-04-25 22:08:43   466456   ----a-w-   C:\Windows\System32\wrap_oal.dll
2013-04-25 22:08:43   444952   ----a-w-   C:\Windows\SysWow64\wrap_oal.dll
2013-04-25 22:08:43   122904   ----a-w-   C:\Windows\System32\OpenAL32.dll
2013-04-25 22:08:43   109080   ----a-w-   C:\Windows\SysWow64\OpenAL32.dll
2013-04-24 22:01:53   9728   ----a-w-   C:\Windows\System32\Wdfres.dll
2013-04-24 22:01:53   785512   ----a-w-   C:\Windows\System32\drivers\Wdf01000.sys
2013-04-24 22:01:53   54376   ----a-w-   C:\Windows\System32\drivers\WdfLdr.sys
2013-04-24 02:04:13   95648   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-24 02:04:13   866720   ----a-w-   C:\Windows\SysWow64\npDeployJava1.dll
2013-04-24 02:04:13   788896   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2013-04-18 08:28:10   745968   ----a-w-   C:\Windows\System32\GfxUIHotKeyMenu.exe
2013-04-18 08:28:08   7558640   ----a-w-   C:\Windows\System32\GfxUIEx.exe
2013-04-18 08:28:08   534000   ----a-w-   C:\Windows\System32\DPTopologyApp.exe
2013-04-18 08:28:08   397808   ----a-w-   C:\Windows\System32\CustomModeApp.exe
2013-04-17 07:02:06   1230336   ----a-w-   C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46   1424384   ----a-w-   C:\Windows\System32\WindowsCodecs.dll
2013-04-15 12:27:14   45432   ----a-w-   C:\Windows\System32\drivers\AVWDDMMiniPort.sys
2013-04-15 12:27:14   37240   ----a-w-   C:\Windows\System32\drivers\AVPCIFilter.sys
2013-04-15 12:27:12   16248   ----a-w-   C:\Windows\System32\drivers\AVVideoCardMirror.sys
2013-04-15 12:27:12   16248   ----a-w-   C:\Windows\System32\drivers\AVVideoCard.sys
2013-04-15 12:27:10   18432   ----a-w-   C:\Windows\System32\AirDisplayMirror.dll
2013-04-15 12:27:10   18432   ----a-w-   C:\Windows\System32\AirDisplay.dll
2013-04-15 12:27:08   119808   ----a-w-   C:\Windows\System32\AirDisplayWDDM.dll
2013-04-13 05:49:23   135168   ----a-w-   C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19   350208   ----a-w-   C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19   308736   ----a-w-   C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19   111104   ----a-w-   C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16   474624   ----a-w-   C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15   2176512   ----a-w-   C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08   1656680   ----a-w-   C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54   265064   ----a-w-   C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53   983400   ----a-w-   C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50   3153920   ----a-w-   C:\Windows\System32\win32k.sys
2013-03-31 22:52:16   1887232   ----a-w-   C:\Windows\System32\d3d11.dll
.
============= FINISH: 11:38:28.84 ===============

attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 24/04/2013 04:37:32 AM
System Uptime: 29/06/2013 10:20:38 AM (1 hours ago)
.
Motherboard: Micro-Star International Co., Ltd. | | MS-16GA
Processor: Intel® Core i5-3210M CPU @ 2.50GHz | SOCKET 0 | 1275/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 54 GiB total, 1.171 GiB free.
D: is FIXED (NTFS) - 643 GiB total, 163.811 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: MaxiVista Virtual Video Demo
Device ID: ROOT\DISPLAY\0000
Manufacturer: Bartels Media
Name: MaxiVista Virtual Video Demo
PNP Device ID: ROOT\DISPLAY\0000
Service: mvvideodemo
.
==== System Restore Points ===================
.
RP148: 24/06/2013 02:49:42 PM - Device Driver Package Install: Jaksta Technologies Pty Ltd Network Service
RP149: 25/06/2013 04:10:26 PM - Windows Update
RP150: 25/06/2013 08:43:55 PM - Installed DirectX
RP151: 26/06/2013 07:42:29 PM - Installed DirectX
RP152: 26/06/2013 07:45:30 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP153: 27/06/2013 03:00:11 AM - Windows Update
RP154: 28/06/2013 10:46:40 AM - Windows Update
.
==== Installed Programs ======================
.
12noon Display Changer
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
ArcSoft TotalMedia 3.5
Autodesk 3ds Max 2013 64-bit
Autodesk Backburner 2013.0.0
Autodesk DirectConnect 2013 64-bit
Autodesk Essential Skills Movies for 3ds Max 2013 64-bit
Autodesk FBX Plug-in 2013.1 - 3ds Max 2013 64-bit
Autodesk Inventor Server Engine for 3ds Max 2013 64-bit
Autodesk Material Library 2013
Autodesk Material Library Base Resolution Image Library 2013
Autodesk Material Library Medium Resolution Image Library 2013
Autodesk Revit Interoperability for 3ds Max and 3ds Max Design 2013 64-bit
Battery Calibration
Black Ops II version 1.0.0.1
Call of Duty: Modern Warfare 3
Call of Duty: Modern Warfare 3 - Multiplayer
COMODO Antivirus
Comodo Dragon
Composite 2013 64-bit
ControlMK 0.232
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dexpot
Drv
EasyBCD 2.1.2
ETDWare PS/2-X64 11.13.1.4_WHQL
Fences 2
GeekBuddy
Giraffic Video Accelerator
Google Chrome
Google Update Helper
Grand Theft Auto IV
GRID 2 © Codemasters version 1
Icaros 2.1.1
Intel® Manageability Engine Firmware Recovery Agent
Intel® Management Engine Components
Intel® OpenCL CPU Runtime
Intel® Processor Graphics
Intel® Turbo Boost Technology Monitor 2.5
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Internet Download Manager
Jaksta Streaming Media Recorder (4.4.3)
Java 7 Update 21
Java 7 Update 21 (64-bit)
Java Auto Updater
Junk Mail filter update
Live Update 5
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Language Pack Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (Hebrew) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (Hebrew) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove MUI (Hebrew) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office InfoPath MUI (Hebrew) 2010
Microsoft Office Language Pack 2010 - Hebrew עברית
Microsoft Office O MUI (Hebrew) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (Hebrew) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (Hebrew) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (Hebrew) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Arabic) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Hebrew) 2010
Microsoft Office Proof (Russian) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (Hebrew) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (Hebrew) 2010
Microsoft Office Shared 32-bit MUI (English) 2010
Microsoft Office Shared 32-bit MUI (Hebrew) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (Hebrew) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer MUI (Hebrew) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (Hebrew) 2010
Microsoft Office X MUI (Hebrew) 2010
Microsoft Security Client
Microsoft Security Essentials
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1)
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
Microsoft Xbox 360 Accessories 1.2
Movie Maker
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
Norton Ghost
Notepad++
NVIDIA Control Panel 320.18
NVIDIA GeForce Experience 1.5
NVIDIA Graphics Driver 320.18
NVIDIA Install Application
NVIDIA Optimus 4.11.9
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Update 4.11.9
NVIDIA Update Components
OpenAL
Photo Common
Photo Gallery
RaceRoom Racing Experience Launcher
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
RssBandit
S-Bar
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
Skype™ 6.3
Splashtop Remote Client
Splashtop Software Updater
Splashtop Streamer
Stardock Fences 2
Stardock Multiplicity 2
Steam
System Requirements Lab for Intel
TextCrawler 2.5
UltraMon
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Designer 2010 (KB2553459) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Uplay
V-Ray for 3dsmax 2013 for x64
VLC media player 2.0.7
VNC Viewer 5.0.3
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 5.00 ביתא 2 (64-סיביות)
Wise Registry Cleaner 7.69
Worms Reloaded Demo
גלריית התמונות
.
==== Event Viewer Messages From Past Week ========
.
29/06/2013 04:48:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
29/06/2013 04:46:58 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CFRMD
29/06/2013 04:46:25 AM, Error: Service Control Manager [7001] - The mvCmdemo service depends on the MaxiVista Virtual Video Demo service which failed to start because of the following error: The system cannot find the file specified.
29/06/2013 04:46:04 AM, Error: EventLog [6008] - The previous system shutdown at 04:44:48 on ‎29/‎06/‎2013 was unexpected.
29/06/2013 04:44:33 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
29/06/2013 04:30:00 AM, Error: EventLog [6008] - The previous system shutdown at 04:27:58 on ‎29/‎06/‎2013 was unexpected.

28/06/2013 05:44:05 PM, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:80. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
28/06/2013 04:01:06 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
28/06/2013 04:00:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Net.Tcp Port Sharing Service service to connect.
28/06/2013 04:00:59 PM, Error: Service Control Manager [7000] - The Net.Tcp Port Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
27/06/2013 11:43:47 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:     Previous Signature Version: 1.153.667.0     Update Source: Microsoft Update Server     Update Stage: Search     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:     Previous Engine Version: 1.1.9607.0     Error code: 0x8024402c     Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
26/06/2013 07:40:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
25/06/2013 04:22:07 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
25/06/2013 04:22:07 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
25/06/2013 04:22:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
24/06/2013 10:23:38 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:     Previous Signature Version: 1.153.470.0     Update Source: Microsoft Update Server     Update Stage: Download     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:     Previous Engine Version: 1.1.9607.0     Error code: 0x80240022     Error description: The program can't check for definition updates.
24/06/2013 10:23:38 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures.     New Signature Version:     Previous Signature Version: 1.153.470.0     Update Source: Microsoft Update Server     Update Stage: Download     Source Path: http://www.microsoft.com     Signature Type: AntiVirus     Update Type: Full     User: NT AUTHORITY\SYSTEM     Current Engine Version:     Previous Engine Version: 1.1.9607.0     Error code: 0x80240022     Error description: The program can't check for definition updates.
.
==== End Of File ===========================

Also, I imagine that you will tell me to do the same things ...

So I did what you said in post number

#3 (in http://forums.malwarebytes.org/index.php?showtopic=128484)

and this is the report:

RogueKiller V8.6.1 _x64_ [Jun 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Gil [Admin rights]
Mode : Scan -- Date : 06/29/2013 11:52:04
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] dds.com -- D:\גיבויים\DATA\Desktop\dds.com [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] f7fcf472a0e69f3e617eac9229867a90
[bSP] f78d0a989deac66265855ebeabedd3b7 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 1906 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3905536 | Size: 55000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 116545536 | Size: 658495 Mo
Error reading LL1 MBR!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_06292013_115204.txt >>

Thanks for helpers!

Gil.

Malwarebytes' Anti-Malware Logs.7z

MrCharlie · June 29, 2013

Welcome to the forum.

Can you post the log from Malwarebytes as a text file.

Can you also post the protection log showing the ips that are blocked.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download Malwarebytes Anti-Rootkit from HERE

Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

To attach a log if needed:

Bottom right corner of this page.

New window that comes up.

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

gil900 · June 29, 2013

thanks.

i did it after i opened this topic.

after i runed Malwarebytes Anti-Rootkit i got this massage:

Registry value "AppInit_Dlls" has been found, which may be caused by rootkit activity. Then I have a Yes / No choice to remove it now or not.

i selected "no".

then i started the scan..

after the scan finished, i saw that it foound a rootkit virus and And another thing ..

after i deleted it, I had to re-install my intel display driver Because it Delete the driver..

This is interesting .. Because in the past I have experienced cases which the display driver crashed and i got the massage:

"display driver stopped responding and has recovered"

after i installed the driver again from the disk, i started again the scan and no rootkit found.. so maybe part of the display driver was infected and this is why the driver crashed...

this is the report before i cleaned the rootkit:

    Quote

    Malwarebytes Anti-Rootkit BETA 1.06.0.1004
    www.malwarebytes.org

    Database version: v2013.06.29.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16618
    Gil :: GIL-PC [administrator]

    29/06/2013 01:09:36 PM
    mbar-log-2013-06-29 (13-09-36).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
    Scan options disabled: PUP
    Objects scanned: 302031
    Time elapsed: 13 minute(s), 13 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 2
    C:\Windows\system32\drivers\igdkmd64.sys (Unknown.Rootkit.Driver) -> Replace on reboot.
    d:\גיבויים\DATA\Desktop\XBOX 360 TOOLS\X360GameHack.exe (Trojan.Agent) -> Delete on reboot.

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

and this is after the clean:

    Quote

    Malwarebytes Anti-Rootkit BETA 1.06.0.1004
    www.malwarebytes.org

    Database version: v2013.06.29.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16618
    Gil :: GIL-PC [administrator]

    29/06/2013 02:06:09 PM
    mbar-log-2013-06-29 (14-06-09).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
    Scan options disabled: PUP
    Objects scanned: 302470
    Time elapsed: 13 minute(s), 38 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

i also used combofix and combofix also deleted something on my computer.

this is the report from combofix:

    Quote

    ComboFix 13-06-28.02 - Gil 06/29/2013 14:34:29.1.4 - x64
    Microsoft Windows 7 Professional   6.1.7601.1.1255.972.1033.18.8089.6204 [GMT 3:00]
    Running from: d:\???????\DATA\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\Roaming
    c:\windows\DPINST.LOG
    c:\windows\PFRO.log
    D:\install.exe
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-05-28 to 2013-06-29 )))))))))))))))))))))))))))))))
    .
    .
    2013-06-29 11:40 . 2013-06-29 11:40    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2013-06-29 11:06 . 2013-06-29 11:19    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-06-29 10:59 . 2013-06-29 10:59    --------    d-----w-    c:\program files\Common Files\Intel
    2013-06-29 10:59 . 2013-06-29 10:59    --------    d-----w-    c:\program files (x86)\Common Files\Intel
    2013-06-29 10:54 . 2013-06-29 10:54    --------    d-----w-    C:\found.001
    2013-06-29 09:42 . 2013-06-29 09:42    27256    ----a-w-    c:\windows\system32\drivers\FixZeroAccess.sys
    2013-06-29 09:26 . 2013-06-29 09:26    1060864    ----a-w-    c:\windows\SysWow64\mfc71.dll
    2013-06-29 09:26 . 2013-06-29 09:26    1700352    ----a-w-    c:\windows\SysWow64\gdiplus.dll
    2013-06-29 08:13 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3504DE81-E617-4B9F-8DEC-4956FE95A81D}\mpengine.dll
    2013-06-29 01:38 . 2013-06-29 09:19    --------    d-----w-    c:\programdata\COMODO
    2013-06-29 01:37 . 2013-06-29 09:28    --------    d-----w-    c:\program files (x86)\Comodo
    2013-06-29 01:22 . 2013-06-29 01:22    --------    d-----w-    c:\users\Gil\AppData\Local\TextCrawler
    2013-06-29 01:22 . 2013-06-29 01:22    --------    d-----w-    c:\program files (x86)\TextCrawler2
    2013-06-28 07:56 . 2013-06-12 03:08    9552976    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-06-26 23:45 . 2013-06-29 11:32    --------    d-----w-    c:\users\Gil\AppData\Roaming\DMCache
    2013-06-26 23:45 . 2013-06-29 08:51    --------    d-----w-    c:\users\Gil\AppData\Roaming\IDM
    2013-06-26 23:45 . 2013-06-26 23:45    --------    d-----w-    c:\programdata\IDM
    2013-06-26 23:44 . 2013-06-29 11:25    --------    d-----w-    c:\program files (x86)\Internet Download Manager
    2013-06-26 16:40 . 2013-06-26 16:40    --------    d-----w-    c:\users\Gil\AppData\Roaming\Digsby
    2013-06-26 16:40 . 2013-06-26 16:40    --------    d-----w-    c:\users\Gil\AppData\Local\Digsby
    2013-06-26 16:40 . 2013-06-26 16:40    --------    d-----w-    c:\programdata\Digsby
    2013-06-25 13:28 . 2013-06-25 13:28    --------    d-----w-    c:\users\Gil\AppData\Local\ElevatedDiagnostics
    2013-06-24 11:57 . 2013-06-24 11:57    --------    d-----w-    c:\users\Gil\AppData\Local\Jaksta_Technologies_Pty_L
    2013-06-24 11:49 . 2011-07-21 14:42    35648    ----a-w-    c:\windows\system32\drivers\jakndis.sys
    2013-06-24 11:49 . 2013-06-24 11:49    --------    d-----w-    c:\program files (x86)\Jaksta Technologies
    2013-06-24 11:49 . 2013-06-24 11:58    --------    d-----w-    c:\users\Gil\AppData\Roaming\Jaksta Streaming Media Recorder
    2013-06-24 11:49 . 2013-06-24 11:49    --------    d-----w-    c:\programdata\Applian
    2013-06-20 23:28 . 2013-06-20 23:28    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{95673DB1-0DB0-44CE-91BC-F386E90B5BD4}\gapaengine.dll
    2013-06-20 10:38 . 2013-05-25 15:00    168288    ----a-w-    c:\windows\system32\drivers\idmwfp.sys
    2013-06-18 18:45 . 2013-06-18 18:45    --------    d-----w-    c:\programdata\Apple
    2013-06-18 18:44 . 2013-06-18 18:44    --------    d-----w-    c:\program files\Avatron
    2013-06-18 16:48 . 2013-06-19 11:25    --------    d-----w-    c:\program files\MaxiVista Demo Server
    2013-06-18 15:18 . 2013-06-18 15:18    3    ----a-w-    c:\windows\system32\OutN64proc64.dll
    2013-06-18 15:18 . 2013-06-18 15:18    1    ----a-w-    c:\windows\system32\InN64proc64.dll
    2013-06-14 22:06 . 2013-05-23 21:46    964552    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2013-06-14 12:32 . 2013-06-29 11:32    --------    d-----w-    c:\program files (x86)\Giraffic
    2013-06-14 12:32 . 2013-06-29 11:30    --------    d-----w-    c:\programdata\Giraffic
    2013-06-13 17:31 . 2013-06-13 17:31    --------    d-----w-    c:\programdata\Kaspersky Lab
    2013-06-12 18:20 . 2013-06-18 15:15    --------    d-----w-    c:\users\Gil\AppData\Roaming\Splashtop Remote Client
    2013-06-12 18:20 . 2013-06-12 18:20    --------    d-----w-    c:\programdata\Downloaded Installations
    2013-06-12 15:53 . 2013-06-12 15:53    --------    d-----w-    c:\users\Gil\AppData\Local\FileFly
    2013-06-12 15:53 . 2013-06-12 15:53    --------    d-----w-    c:\programdata\FileFly
    2013-06-12 15:52 . 2013-06-12 15:52    --------    d-----w-    c:\programdata\Splashtop
    2013-06-12 15:52 . 2013-06-12 15:52    --------    d-----w-    c:\program files (x86)\Splashtop
    2013-06-12 12:56 . 2013-06-12 12:56    --------    d-----w-    c:\users\Gil\AppData\Local\Activision
    2013-06-12 06:52 . 2013-06-12 06:52    --------    d-----w-    c:\program files (x86)\Google
    2013-06-11 13:52 . 2013-06-11 13:52    --------    d-----w-    c:\users\DefaultAppPool
    2013-06-11 09:27 . 2012-06-01 05:36    192000    ----a-w-    c:\windows\system32\iisRtl.dll
    2013-06-11 09:27 . 2012-06-01 05:34    55296    ----a-w-    c:\windows\system32\admwprox.dll
    2013-06-11 09:27 . 2012-06-01 04:37    154624    ----a-w-    c:\windows\SysWow64\iisRtl.dll
    2013-06-11 09:27 . 2012-06-01 04:35    50688    ----a-w-    c:\windows\SysWow64\admwprox.dll
    2013-06-11 09:27 . 2012-06-01 05:39    14848    ----a-w-    c:\windows\system32\wamregps.dll
    2013-06-11 09:27 . 2012-06-01 05:36    11264    ----a-w-    c:\windows\system32\iisrstap.dll
    2013-06-11 09:27 . 2012-06-01 05:35    60928    ----a-w-    c:\windows\system32\ahadmin.dll
    2013-06-11 09:27 . 2012-06-01 05:33    16896    ----a-w-    c:\windows\system32\iisreset.exe
    2013-06-11 09:27 . 2012-06-01 04:40    10752    ----a-w-    c:\windows\SysWow64\wamregps.dll
    2013-06-11 09:27 . 2012-06-01 04:37    8192    ----a-w-    c:\windows\SysWow64\iisrstap.dll
    2013-06-11 09:27 . 2012-06-01 04:35    26624    ----a-w-    c:\windows\SysWow64\ahadmin.dll
    2013-06-11 09:27 . 2012-06-01 04:34    15360    ----a-w-    c:\windows\SysWow64\iisreset.exe
    2013-06-11 09:15 . 2013-06-11 09:15    --------    d-----w-    c:\program files (x86)\S-Bar
    2013-06-10 23:52 . 2013-06-11 19:20    --------    d-----w-    c:\users\Gil\AppData\Roaming\NVIDIA
    2013-06-10 14:42 . 2013-06-10 14:42    --------    d-----w-    c:\program files\Elantech
    2013-06-10 14:19 . 2012-02-29 10:32    252712    ----a-w-    c:\windows\ETDUninst.dll
    2013-06-10 13:51 . 2013-06-10 13:51    --------    d-----w-    c:\program files (x86)\AGEIA Technologies
    2013-06-10 13:50 . 2013-06-29 11:01    --------    d-----w-    c:\windows\SysWow64\NV
    2013-06-10 13:50 . 2013-06-29 11:01    --------    d-----w-    c:\windows\system32\NV
    2013-06-10 13:38 . 2013-06-10 13:38    --------    d-----w-    C:\NVIDIA
    2013-06-10 12:58 . 2013-06-10 12:58    --------    d-----w-    c:\windows\SysWow64\BestPractices
    2013-06-10 12:58 . 2013-06-10 12:58    --------    d-----w-    c:\windows\system32\BestPractices
    2013-06-10 12:58 . 2013-06-10 12:58    --------    d-----w-    C:\inetpub
    2013-06-10 12:48 . 2013-06-10 12:48    --------    d-----w-    c:\program files (x86)\Reference Assemblies
    2013-06-10 12:48 . 2013-06-10 12:48    --------    d-----w-    c:\program files\Reference Assemblies
    2013-06-10 12:48 . 2013-06-10 12:48    --------    d-----w-    c:\program files\MSBuild
    2013-06-10 12:36 . 2013-06-10 12:36    --------    d-----w-    c:\users\UpdatusUser
    2013-06-10 12:36 . 2013-05-12 20:34    6491936    ----a-w-    c:\windows\system32\nvcpl.dll
    2013-06-10 12:36 . 2013-05-12 20:34    3514656    ----a-w-    c:\windows\system32\nvsvc64.dll
    2013-06-10 12:36 . 2013-05-12 20:34    884512    ----a-w-    c:\windows\system32\nvvsvc.exe
    2013-06-10 12:36 . 2013-05-12 20:34    63776    ----a-w-    c:\windows\system32\nvshext.dll
    2013-06-10 12:36 . 2013-05-12 20:34    2555680    ----a-w-    c:\windows\system32\nvsvcr.dll
    2013-06-10 12:36 . 2013-05-12 20:34    67072    ----a-w-    c:\windows\system32\nv3dappshextr.dll
    2013-06-10 12:36 . 2013-05-12 20:34    1025312    ----a-w-    c:\windows\system32\nv3dappshext.dll
    2013-06-10 12:36 . 2013-05-08 14:13    3165737    ----a-w-    c:\windows\system32\nvcoproc.bin
    2013-06-10 12:36 . 2013-05-12 20:34    237856    ----a-w-    c:\windows\system32\nvmctray.dll
    2013-06-10 12:34 . 2013-06-10 12:34    --------    d-----w-    c:\programdata\NVIDIA Corporation
    2013-06-10 12:09 . 2013-06-10 12:09    --------    d-----w-    C:\found.000
    2013-06-10 11:42 . 2012-03-30 07:43    170264    ----a-w-    c:\windows\system32\igfxtray.exe
    2013-06-10 11:42 . 2012-03-30 07:43    509720    ----a-w-    c:\windows\system32\igfxsrvc.exe
    2013-06-10 11:41 . 2012-03-26 11:09    14748416    ----a-w-    c:\windows\system32\drivers\igdkmd64.sys
    2013-06-06 21:49 . 2013-06-06 21:49    --------    d-----w-    c:\users\Gil\AppData\Roaming\Malwarebytes
    2013-06-06 21:49 . 2013-06-06 21:49    --------    d-----w-    c:\programdata\Malwarebytes
    2013-06-06 21:49 . 2013-06-06 21:49    --------    d-----w-    c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-06-06 21:49 . 2013-04-04 11:50    25928    ----a-w-    c:\windows\system32\drivers\mbam.sys
    2013-06-05 23:32 . 2013-06-05 23:32    311200    ----a-w-    c:\windows\system32\javaws.exe
    2013-06-05 23:32 . 2013-06-05 23:32    971680    ----a-w-    c:\windows\system32\deployJava1.dll
    2013-06-05 23:32 . 2013-06-05 23:32    1092512    ----a-w-    c:\windows\system32\npDeployJava1.dll
    2013-06-05 23:32 . 2013-06-05 23:32    108448    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
    2013-06-05 23:32 . 2013-06-05 23:32    188832    ----a-w-    c:\windows\system32\javaw.exe
    2013-06-05 23:32 . 2013-06-05 23:32    188320    ----a-w-    c:\windows\system32\java.exe
    2013-06-05 23:32 . 2013-06-05 23:32    --------    d-----w-    c:\program files\Java
    2013-06-05 11:24 . 2013-06-05 11:24    --------    d-----w-    c:\program files (x86)\ControlMK
    2013-06-04 14:39 . 2013-06-04 14:39    --------    d-----w-    c:\program files\Microsoft Xbox 360 Accessories
    2013-06-04 07:48 . 2013-06-10 12:30    --------    d-----w-    c:\program files\MotioninJoy
    2013-06-04 07:48 . 2013-06-04 07:49    121416    ----a-w-    c:\windows\system32\drivers\MijXfilt.sys
    2013-06-04 07:48 . 2013-06-04 07:48    --------    d-----w-    c:\users\Gil\AppData\Roaming\MotioninJoy
    2013-06-03 15:31 . 2013-06-03 15:31    --------    d-----w-    c:\programdata\Codemasters
    2013-06-02 14:44 . 2013-06-02 14:49    --------    d-----w-    c:\users\Gil\AppData\Local\VirtualRouterPlus
    2013-06-02 14:43 . 2013-06-04 14:40    --------    d-----w-    c:\program files (x86)\Virtual Router
    2013-06-02 13:50 . 2013-06-05 15:27    --------    d-----w-    c:\users\Gil\AppData\Roaming\Audacity
    2013-05-30 19:54 . 2013-06-12 06:51    --------    d-----w-    c:\users\Gil\AppData\Local\Google
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-06-14 00:03 . 2013-05-15 13:35    75825640    ----a-w-    c:\windows\system32\MRT.exe
    2013-05-30 19:54 . 2013-04-24 02:06    692104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
    2013-05-30 19:54 . 2013-04-24 02:06    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-05-29 21:28 . 2013-05-29 21:28    178800    ----a-w-    c:\windows\SysWow64\CmdLineExt_x64.dll
    2013-05-24 00:02 . 2013-05-17 19:45    281688    ----a-w-    c:\windows\SysWow64\PnkBstrB.xtr
    2013-05-23 14:19 . 2013-05-23 14:19    76232    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DA96CB8-C482-4397-A04F-DD21F13DCF4E}\offreg.dll
    2013-05-23 12:42 . 2013-05-17 19:15    281688    ----a-w-    c:\windows\SysWow64\PnkBstrB.ex0
    2013-05-13 06:37 . 2013-05-21 09:48    9460464    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DA96CB8-C482-4397-A04F-DD21F13DCF4E}\mpengine.dll
    2013-05-12 21:42 . 2013-04-24 02:10    925648    ----a-w-    c:\windows\SysWow64\nvumdshim.dll
    2013-05-12 21:42 . 2013-04-24 02:10    2935696    ----a-w-    c:\windows\system32\nvapi64.dll
    2013-05-12 21:42 . 2013-04-24 02:10    266448    ----a-w-    c:\windows\system32\nvinitx.dll
    2013-05-12 21:42 . 2013-04-24 02:10    214448    ----a-w-    c:\windows\SysWow64\nvinit.dll
    2013-05-12 21:42 . 2013-04-24 02:10    13403168    ----a-w-    c:\windows\SysWow64\nvwgf2um.dll
    2013-05-12 21:42 . 2013-04-24 02:10    1059560    ----a-w-    c:\windows\system32\nvumdshimx.dll
    2013-05-08 21:32 . 2012-07-17 11:37    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-05-07 00:21 . 2013-05-07 00:21    1054720    ----a-w-    c:\windows\system32\MsSpellCheckingFacility.exe
    2013-05-07 00:21 . 2013-05-07 00:21    719360    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
    2013-05-07 00:21 . 2013-05-07 00:21    523264    ----a-w-    c:\windows\SysWow64\vbscript.dll
    2013-05-07 00:21 . 2013-05-07 00:21    226304    ----a-w-    c:\windows\system32\elshyph.dll
    2013-05-07 00:21 . 2013-05-07 00:21    185344    ----a-w-    c:\windows\SysWow64\elshyph.dll
    2013-05-07 00:21 . 2013-05-07 00:21    158720    ----a-w-    c:\windows\SysWow64\msls31.dll
    2013-05-07 00:21 . 2013-05-07 00:21    150528    ----a-w-    c:\windows\SysWow64\iexpress.exe
    2013-05-07 00:21 . 2013-05-07 00:21    138752    ----a-w-    c:\windows\SysWow64\wextract.exe
    2013-05-07 00:21 . 2013-05-07 00:21    137216    ----a-w-    c:\windows\SysWow64\ieUnatt.exe
    2013-05-07 00:21 . 2013-05-07 00:21    73728    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-05-07 00:21 . 2013-05-07 00:21    61952    ----a-w-    c:\windows\SysWow64\tdc.ocx
    2013-05-07 00:21 . 2013-05-07 00:21    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
    2013-05-07 00:21 . 2013-05-07 00:21    38400    ----a-w-    c:\windows\SysWow64\imgutil.dll
    2013-05-07 00:21 . 2013-05-07 00:21    361984    ----a-w-    c:\windows\SysWow64\html.iec
    2013-05-07 00:21 . 2013-05-07 00:21    23040    ----a-w-    c:\windows\SysWow64\licmgr10.dll
    2013-05-07 00:21 . 2013-05-07 00:21    1441280    ----a-w-    c:\windows\SysWow64\inetcpl.cpl
    2013-05-07 00:21 . 2013-05-07 00:21    12800    ----a-w-    c:\windows\SysWow64\mshta.exe
    2013-05-07 00:21 . 2013-05-07 00:21    110592    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
    2013-05-07 00:21 . 2013-05-07 00:21    97280    ----a-w-    c:\windows\system32\mshtmled.dll
    2013-05-07 00:21 . 2013-05-07 00:21    905728    ----a-w-    c:\windows\system32\mshtmlmedia.dll
    2013-05-07 00:21 . 2013-05-07 00:21    81408    ----a-w-    c:\windows\system32\icardie.dll
    2013-05-07 00:21 . 2013-05-07 00:21    762368    ----a-w-    c:\windows\system32\ieapfltr.dll
    2013-05-07 00:21 . 2013-05-07 00:21    599552    ----a-w-    c:\windows\system32\vbscript.dll
    2013-05-07 00:21 . 2013-05-07 00:21    452096    ----a-w-    c:\windows\system32\dxtmsft.dll
    2013-05-07 00:21 . 2013-05-07 00:21    441856    ----a-w-    c:\windows\system32\html.iec
    2013-05-07 00:21 . 2013-05-07 00:21    281600    ----a-w-    c:\windows\system32\dxtrans.dll
    2013-05-07 00:21 . 2013-05-07 00:21    27648    ----a-w-    c:\windows\system32\licmgr10.dll
    2013-05-07 00:21 . 2013-05-07 00:21    270848    ----a-w-    c:\windows\system32\iedkcs32.dll
    2013-05-07 00:21 . 2013-05-07 00:21    247296    ----a-w-    c:\windows\system32\webcheck.dll
    2013-05-07 00:21 . 2013-05-07 00:21    235008    ----a-w-    c:\windows\system32\url.dll
    2013-05-07 00:21 . 2013-05-07 00:21    216064    ----a-w-    c:\windows\system32\msls31.dll
    2013-05-07 00:21 . 2013-05-07 00:21    197120    ----a-w-    c:\windows\system32\msrating.dll
    2013-05-07 00:21 . 2013-05-07 00:21    167424    ----a-w-    c:\windows\system32\iexpress.exe
    2013-05-07 00:21 . 2013-05-07 00:21    1509376    ----a-w-    c:\windows\system32\inetcpl.cpl
    2013-05-07 00:21 . 2013-05-07 00:21    144896    ----a-w-    c:\windows\system32\wextract.exe
    2013-05-07 00:21 . 2013-05-07 00:21    1400416    ----a-w-    c:\windows\system32\ieapfltr.dat
    2013-05-07 00:21 . 2013-05-07 00:21    102912    ----a-w-    c:\windows\system32\inseng.dll
    2013-05-07 00:21 . 2013-05-07 00:21    92160    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
    2013-05-07 00:21 . 2013-05-07 00:21    77312    ----a-w-    c:\windows\system32\tdc.ocx
    2013-05-07 00:21 . 2013-05-07 00:21    62976    ----a-w-    c:\windows\system32\pngfilt.dll
    2013-05-07 00:21 . 2013-05-07 00:21    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
    2013-05-07 00:21 . 2013-05-07 00:21    51200    ----a-w-    c:\windows\system32\imgutil.dll
    2013-05-07 00:21 . 2013-05-07 00:21    48640    ----a-w-    c:\windows\system32\mshtmler.dll
    2013-05-07 00:21 . 2013-05-07 00:21    173568    ----a-w-    c:\windows\system32\ieUnatt.exe
    2013-05-07 00:21 . 2013-05-07 00:21    149504    ----a-w-    c:\windows\system32\occache.dll
    2013-05-07 00:21 . 2013-05-07 00:21    13824    ----a-w-    c:\windows\system32\mshta.exe
    2013-05-07 00:21 . 2013-05-07 00:21    136192    ----a-w-    c:\windows\system32\iepeers.dll
    2013-05-07 00:21 . 2013-05-07 00:21    135680    ----a-w-    c:\windows\system32\IEAdvpack.dll
    2013-05-07 00:21 . 2013-05-07 00:21    12800    ----a-w-    c:\windows\system32\msfeedssync.exe
    2013-05-07 00:20 . 2013-05-07 00:20    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-05-07 00:20 . 2013-05-07 00:20    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-05-07 00:20 . 2013-05-07 00:20    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-05-07 00:20 . 2013-05-07 00:20    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-05-07 00:20 . 2013-05-07 00:20    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-05-07 00:20 . 2013-05-07 00:20    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-05-07 00:20 . 2013-05-07 00:20    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-05-07 00:20 . 2013-05-07 00:20    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-05-07 00:20 . 2013-05-07 00:20    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-05-07 00:20 . 2013-05-07 00:20    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-05-07 00:20 . 2013-05-07 00:20    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-05-07 00:20 . 2013-05-07 00:20    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
    2013-05-07 00:20 . 2013-05-07 00:20    465920    ----a-w-    c:\windows\system32\WMPhoto.dll
    2013-05-07 00:20 . 2013-05-07 00:20    417792    ----a-w-    c:\windows\SysWow64\WMPhoto.dll
    2013-05-07 00:20 . 2013-05-07 00:20    3928064    ----a-w-    c:\windows\system32\d2d1.dll
    2013-05-07 00:20 . 2013-05-07 00:20    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
    2013-05-07 00:20 . 2013-05-07 00:20    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-05-07 00:20 . 2013-05-07 00:20    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-05-07 00:20 . 2013-05-07 00:20    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-05-07 00:20 . 2013-05-07 00:20    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
    2013-05-07 00:20 . 2013-05-07 00:20    2565120    ----a-w-    c:\windows\system32\d3d10warp.dll
    2013-05-07 00:20 . 2013-05-07 00:20    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-05-07 00:20 . 2013-05-07 00:20    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2013-05-07 00:20 . 2013-05-07 00:20    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
    2013-05-07 00:20 . 2013-05-07 00:20    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
    2013-05-07 00:20 . 2013-05-07 00:20    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
    2013-05-07 00:20 . 2013-05-07 00:20    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-05-07 00:20 . 2013-05-07 00:20    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2013-05-07 00:20 . 2013-05-07 00:20    363008    ----a-w-    c:\windows\system32\dxgi.dll
    2013-05-07 00:20 . 2013-05-07 00:20    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
    2013-05-07 00:20 . 2013-05-07 00:20    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
    2013-05-07 00:20 . 2013-05-07 00:20    1643520    ----a-w-    c:\windows\system32\DWrite.dll
    2013-05-07 00:20 . 2013-05-07 00:20    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
    2013-05-07 00:20 . 2013-05-07 00:20    1175552    ----a-w-    c:\windows\system32\FntCache.dll
    2013-05-07 00:20 . 2013-05-07 00:20    1080832    ----a-w-    c:\windows\SysWow64\d3d10.dll
    2013-05-07 00:20 . 2013-05-07 00:20    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-05-08 18680424]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "S-Bar"="c:\program files (x86)\S-Bar\S-Bar.exe" [2012-12-03 5504416]
    .
    c:\users\Gil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    EasyMagnify v5 - Shortcut.lnk - d:\גיבויים\עבודות\תכנותים\פיתוח פטנטים לוינדוס\Magnifier\EasyMagnify v5.exe [2013-6-19 333725]
    Fences.lnk - c:\program files (x86)\Stardock\Fences\Fences.exe /startup [2012-10-29 4017368]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    UltraMon.lnk - c:\windows\Installer\{9069EE0A-7615-4D86-AD80-CA263E936DA6}\IcoUltraMon.ico /auto [2013-4-27 29310]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;d:\program files\Autodesk\3ds max 2013\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe;d:\program files\Autodesk\3ds max 2013\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [x]
    R2 mvCmdemo;mvCmdemo;c:\windows\system32\Drivers\mvCmdemo.SYS;c:\windows\SYSNATIVE\Drivers\mvCmdemo.SYS [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 AirDisplay;Air Display Support;c:\windows\system32\DRIVERS\AVVideoCard.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCard.sys [x]
    R3 AirDisplayMirror;Air Display Mirror Support;c:\windows\system32\DRIVERS\AVVideoCardMirror.sys;c:\windows\SYSNATIVE\DRIVERS\AVVideoCardMirror.sys [x]
    R3 AirDisplayWDDM;AirDisplayWDDM;c:\windows\system32\DRIVERS\AVWDDMMiniPort.sys;c:\windows\SYSNATIVE\DRIVERS\AVWDDMMiniPort.sys [x]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
    R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
    R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [x]
    R3 jakndis;Jaksta Service;c:\windows\system32\DRIVERS\jakndis.sys;c:\windows\SYSNATIVE\DRIVERS\jakndis.sys [x]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
    R3 mvvideodemo;MaxiVista Virtual Video Demo;c:\windows\system32\DRIVERS\mvvideodemo.sys;c:\windows\SYSNATIVE\DRIVERS\mvvideodemo.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
    R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe;c:\windows\SYSNATIVE\dllhost.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 AVPCIFilter;Avatron PCI Bus Device Filter;c:\windows\system32\DRIVERS\AVPCIFilter.sys;c:\windows\SYSNATIVE\DRIVERS\AVPCIFilter.sys [x]
    S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S2 Giraffic;Giraffic Video Accelerator;c:\program files (x86)\Giraffic\GirafficWatchdog.exe;c:\program files (x86)\Giraffic\GirafficWatchdog.exe [x]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
    S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
    S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\S-Bar\MSIService.exe;c:\program files (x86)\S-Bar\MSIService.exe [x]
    S2 Multiplicity;Stardock Multiplicity 2 Service;c:\program files (x86)\Stardock\Multiplicity2\MultiSrv.exe;c:\program files (x86)\Stardock\Multiplicity2\MultiSrv.exe [x]
    S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe;c:\program files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe [x]
    S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [x]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
    S2 UltraMonUtility;UltraMon Utility Driver;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys;c:\program files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [x]
    S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys;c:\windows\SYSNATIVE\DRIVERS\GenericMount.sys [x]
    S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
    S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
    S3 jakndisMP;jakndisMP;c:\windows\system32\DRIVERS\jakndis.sys;c:\windows\SYSNATIVE\DRIVERS\jakndis.sys [x]
    S3 L1C;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
    S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs    REG_MULTI_SZ       w3svc was
    apphost    REG_MULTI_SZ       apphostsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-06-19 20:57    1165776    ----a-w-    c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 06:52]
    .
    2013-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-12 06:52]
    .
    2013-06-29 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
    - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 10:41]
    .
    2013-06-28 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
    - c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 10:41]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-11-15 23:07    23496    ----a-w-    c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-02-05 13269064]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
    "Fences"="c:\program files (x86)\Stardock\Fences\Fences.exe" [2012-10-29 4017368]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-30 170264]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-30 398616]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-30 439064]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2012-10-29 551640]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
    IE: idm הורד באמצעות - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Subscribe in RSS Bandit - c:\users\Gil\AppData\Roaming\RssBandit\iecontext_subscribebandit.htm
    IE: הורד את כל הלינקים באמצעות IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    TCP: DhcpNameServer = 192.117.235.235 62.219.186.7
    .
    .
    ------- File Associations -------
    .
    JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
    AddRemove-{DC4ED65E-353A-488A-882A-9B7B2BE098CA}_is1 - d:\games\Call Of Duty - Black Ops II\unins000.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1802387657-1338976063-2405825337-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1802387657-1338976063-2405825337-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_USERS\S-1-5-21-1802387657-1338976063-2405825337-1000\Software\SecuROM\License information*]
    "datasecu"=hex:5d,81,a3,6c,6b,fc,d8,27,7f,5f,7a,a5,51,17,be,28,69,46,f0,b0,02,
       2e,67,98,67,8c,f5,f9,88,79,58,64,60,d0,13,e1,12,61,4b,d0,5c,72,f6,bb,ed,08,\
    "rkeysecu"=hex:65,e4,6e,ab,99,55,3f,16,00,63,8b,10,b9,84,82,59
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-06-29 14:42:45
    ComboFix-quarantined-files.txt 2013-06-29 11:42
    .
    Pre-Run: 1,088,614,400 bytes free
    Post-Run: 1,440,731,136 bytes free
    .
    - - End Of File - - B569D610E427FBC3DD0B431BACB43C08
    A36C5E4F47E84449FF07ED3517B43A31

Recently I have experiencing strange phenomena on my computer.
My Firefox browser stops working once in a while and now recently it happens to more softwares ...

Many times after my computer wake-up from sleep mod, i get "stopped working" Messages like: "COM stopped working" and more..

But there is much more strange phenomenon and this phenomenon occur in my firefox browser..

A few days ago I noticed that the site paypal.com and other banking website are not shown as usual .. I mean (and sorry for my English) that paypal and more local bank website looks different..

and this problem not was not with other sites..

my firefox is a Portable version and i tried to To locate the problem.

At first i disabled all of the add-ones in firefox.

it didn't solve the problem..

Then I realized that the problem is in the profile files in firefox portoble ..

the profile files is in:

FirefoxPortable\Data\profile

Like an idiot, I decided to delete each attempt group of 10 files in that folder

and then check if the issue is resolved.

after a few attempts, I reached to the source of the problem..

the problem was in the file "prefs.js"

i found that if i delete this file the the problem is resolved but with a price.

and the price is that all my settings are gone..

but my technique is to back up these files so i copied all these files again from the backup..

but at this point i knew where to look for the core of the problem - in the file "prefs.js".

i opened this file in text editor and i did again this technique - each attempt i deleted group of 50 lines in that file.. after i found the group of the 50 lines (that If I delete this group then the problem is resolved), I searched the problematic line in this group ..

At the end I solved the problem and found the line but i did not observe this information so I can not post that line ...

it was a headache ..

I had a few days of quiet with the browser .. But right now the problem back but with a different site - facebook.

Now facebook does not look right .. And somehow I'm not connected to my Facebook user ..

As I write this message, Firefox crashed at least 5 times ..
Every time I backed up what I wrote in a text document

gil900 · June 29, 2013

I can not write all my Malwarebytes PRO logs here Because I have a lot of log files.

what i can say now is that one of the ipes come from iran or Anywhere close to Iran.

this is the ip I'm talking about:

http://iplocation.truevue.org/178.152.15.179.html

MrCharlie · June 29, 2013

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.
AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)
It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.
You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:
/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

gil900 · June 29, 2013

# AdwCleaner v2.303 - Logfile created 06/29/2013 at 18:14:36
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Gil - GIL-PC
# Boot Mode : Normal
# Running from : D:\גיבויים\DATA\Desktop\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
Folder Found : C:\Program Files (x86)\adawaretb
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\Users\Gil\AppData\Local\Discount Buddy
Folder Found : C:\Users\Gil\AppData\Local\Discount Buddy
Folder Found : C:\Users\Gil\AppData\LocalLow\adawaretb
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKLM\Software\adawaretb
Key Found : HKLM\Software\Discount Buddy
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
***** [internet Browsers] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Registry is clean.
-\\ Mozilla Firefox v [unable to get version]
File : C:\Users\Gil\AppData\Roaming\Mozilla\Firefox\Profiles\vjblwpu2.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v27.0.1453.116
File : C:\Users\Gil\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1307 octets] - [29/06/2013 18:14:36]
########## EOF - C:\AdwCleaner[R1].txt - [1367 octets] ##########

File : C:\Users\Gil\AppData\Roaming\Mozilla\Firefox\Profiles\vjblwpu2.default\prefs.js
[OK] File is clean.

I'm talking exactly the about this file.

but not this one..

i have a normal install of firefox but the firefox i use is a Portable version and the Portable version not use the prefs.js Within

AppData\Roaming\Mozilla\Firefox\Profiles\

this Software Scanned the wrong file.

i need to scan this file:

D:\Portable Programs\FirefoxPortable\Data\profile\prefs.js

MrCharlie · June 29, 2013

I'm talking exactly the about this file.
but not this one..

i have a normal install of firefox but the firefox i use is a Portable version and the Portable version not use the prefs.js Within
AppData\Roaming\Mozilla\Firefox\Profiles\

this Software Scanned the wrong file.

i need to scan this file:
D:\Portable Programs\FirefoxPortable\Data\profile\prefs.js

That's where the settings are stored, I'm not sure how that can be done.

MrC

MrCharlie · July 3, 2013

How are we doing??

Do you still need help or can I close this post??

MrC

Maurice Naggar · July 4, 2013

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Successfully blocked access to a potentially malicious website

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information