Jump to content

fraagje

Members
 View Profile  See their activity

  • Posts

    16

  • Joined

  • Last visited

Reputation

0 Neutral
  1. fraagje
    yes i know...but I can only delete or create new partition, so ther's nothing you can do for me ? thnx
  2. fraagje
    OOps sorry for the typos:(
  3. fraagje
    Hi Yes I am still here . I had some physical problems ,and couldn't go online. Anyway that could be the problem. But these partitions are not accessable by me. How do I sole this? Delete the partitions? Will my windows still work? And will I have problems to upload system files, when resinatlling windows? Thanks Do I have to reinstall windows
  4. fraagje
    Hi , no system files ...just programs that i use or files that i had created. I did a full format and even a new partition ...but there is still someone on my pc .... There are 3 partitions on my disk ...and that is also strange ...two are for the system files and the 3rd is what I use as c: Sometimes i can't access certain websites ...and no it's not porno or games or any of that kind...or those strange websites..or download sites. my pc is only used for private programs and youtube and facebook ...but that's all. I often go to webinars and i have rally huge problems to just enter a goto webinar. I have to really force my pc to go there.. and also the loadtime is very anoying. I thought formatting and reinstalling would solve the problems...it didn't. Do you think perhaps that the other partitions are hacked? Can I just remove everything from there? because it says system files. I am using win7 and have downloaded the drivers etc.. on a removable disk and have an win7 installation dvd./cd
  5. fraagje
    ok so you're saying my pc is secure now? I don't fall for the scareware stuff.. Ok but still there is something very strange because my browser sometimes just freezes and I have to restart it. Even now after a fresh install. flash plugins that crashes . I have setup opendns now and will see what happens.
  6. fraagje
    OK here they are : ========================= ========================= DDS: ----- . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1 Run by Master at 15:22:58 on 2012-07-21 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.2816 [GMT 2:00] . AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D} FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Windows\SysWow64\perfhost.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskhost.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\splwow64.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\LogonUI.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files (x86)\TechSmith\Jing\Jing.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program files\360Amigo\360Amigo.exe C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe C:\Windows\splwow64.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN27965984021777-1025&toolbarId=base&affiliateId=1002&Lan=en&utid=960d61110000000000006c626d53735f uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Zonealarm Helper Object: {2a841f7a-a014-4da5-b6d9-8b913dfb7a8c} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: ZoneAlarm Security Toolbar: {438fae3e-bdef-44d3-ab8b-0c7c8350df59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmTlbr.dll TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll TB: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" uRun: [360Amigo] "C:\Program files\360Amigo\360Amigo.exe" -autorun uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 TCP: Interfaces\{BD07656B-999F-449F-AD19-D7145B3A4F5D} : NameServer = 4.2.2.3,4.2.2.5 TCP: Interfaces\{BD07656B-999F-449F-AD19-D7145B3A4F5D} : DhcpNameServer = 62.179.104.196 213.46.228.196 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll BHO-X64: Zonealarm Helper Object - No File BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO-X64: RoboForm BHO - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO-X64: ZoneAlarm Security Engine Registrar - No File BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB-X64: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmTlbr.dll TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\niow43n8.default\ FF - prefs.js: browser.search.selectedEngine - Web Search (powered by Google) FF - prefs.js: keyword.URL - hxxp://search.toolbars.alexa.com/?ver=spkyf-1.7.0&src=ab&aid=x3p1g1dBvo00qM&q= FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll . ============= SERVICES / DRIVERS =============== . R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-15 13336] R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672] R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 655944] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-16 136176] S2 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-16 136176] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-7-15 14216] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-7-15 8456] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-17 113120] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-20 13:46:05 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BD32B55A-5253-42F6-B199-DE6C7BE6E1AB}\mpengine.dll 2012-07-19 13:38:44 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3 2012-07-19 00:09:08 -------- d-----w- C:\Program Files (x86)\Oracle 2012-07-19 00:08:02 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-07-19 00:08:02 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-07-17 13:11:43 -------- d-----r- C:\Program Files (x86)\Skype 2012-07-17 10:32:43 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-07-17 02:20:06 -------- d-----w- C:\Users\Master\AppData\Local\Macromedia 2012-07-17 01:30:07 -------- d-----w- C:\Users\Master\AppData\Local\assembly 2012-07-17 01:24:57 -------- d-----w- C:\Users\Master\AppData\Local\TechSmith 2012-07-17 00:41:57 -------- d-----w- C:\Users\Master\AppData\Roaming\KompoZer 2012-07-17 00:39:06 -------- d-----w- C:\Users\Master\AppData\Local\Adobe 2012-07-17 00:00:56 -------- d-----w- C:\Program Files (x86)\Citrix 2012-07-16 21:00:23 -------- d-----w- C:\Windows\System32\SPReview 2012-07-16 20:59:40 -------- d-----w- C:\Windows\System32\EventProviders 2012-07-16 20:48:59 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys 2012-07-16 20:48:16 -------- d-----w- C:\Program Files (x86)\ESET 2012-07-16 20:03:56 -------- d-----w- C:\Users\Master\AppData\Local\360Amigo 2012-07-16 20:03:56 -------- d-----w- C:\Program Files\360Amigo 2012-07-16 19:27:28 -------- d-----w- C:\Users\Master\AppData\Roaming\RoboForm 2012-07-16 19:12:15 -------- d-----w- C:\Program Files (x86)\Siber Systems 2012-07-16 15:04:59 732160 ----a-w- C:\Windows\SysWow64\imapi2fs.dll 2012-07-16 15:03:59 978944 ----a-w- C:\Windows\System32\WMSPDMOD.DLL 2012-07-16 15:01:59 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2012-07-16 15:01:59 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll 2012-07-16 15:01:54 244736 ----a-w- C:\Windows\System32\sqmapi.dll 2012-07-16 08:05:52 -------- d-----w- C:\Users\Master\AppData\Local\Google 2012-07-16 08:05:41 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-16 08:05:41 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-15 22:06:36 -------- d-----w- C:\Users\Master\AppData\Local\ATI 2012-07-15 22:06:34 -------- d-----w- C:\Users\Master\AppData\Roaming\Intel Corporation 2012-07-15 21:58:27 -------- d-----w- C:\Windows\SysWow64\Wat 2012-07-15 21:58:27 -------- d-----w- C:\Windows\System32\Wat 2012-07-15 21:57:34 0 ----a-w- C:\Windows\ativpsrm.bin 2012-07-15 21:18:34 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys 2012-07-15 21:18:34 -------- d-----w- C:\Intel 2012-07-15 21:17:34 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys 2012-07-15 21:17:34 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe 2012-07-15 21:17:34 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys 2012-07-15 21:17:34 3316736 ----a-w- C:\Windows\System32\BootMan.exe 2012-07-15 21:17:34 2468520 ----a-w- C:\Windows\SysWow64\BootMan.exe 2012-07-15 21:17:34 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll 2012-07-15 21:17:34 16776 ----a-w- C:\Windows\System32\epmntdrv.sys 2012-07-15 21:17:34 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll 2012-07-15 21:17:34 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys 2012-07-15 21:17:34 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe 2012-07-15 21:17:30 -------- d-----w- C:\Program Files (x86)\EaseUS 2012-07-15 21:13:42 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll 2012-07-15 21:11:58 1251944 ----a-w- C:\Windows\RtlExUpd.dll 2012-07-15 21:11:58 -------- d--h--w- C:\Program Files (x86)\Temp 2012-07-15 21:11:56 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe 2012-07-15 21:11:56 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2012-07-15 21:11:56 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2012-07-15 21:11:56 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2012-07-15 21:11:55 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2012-07-15 21:11:55 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2012-07-15 21:11:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2012-07-15 21:11:54 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2012-07-15 21:11:54 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2012-07-15 21:10:36 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2012-07-15 21:10:19 -------- d-----w- C:\Program Files\ATI Technologies 2012-07-15 21:10:16 -------- d-----w- C:\Program Files\ATI 2012-07-15 21:09:11 -------- d-----w- C:\ATI 2012-07-15 20:34:41 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-15 20:05:31 294912 ----a-w- C:\Windows\System32\browserchoice.exe 2012-07-15 19:45:48 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-07-15 19:45:48 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-07-15 19:45:48 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-07-15 19:45:48 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-07-15 19:45:48 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-07-15 19:45:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-07-15 19:45:48 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-07-15 19:39:57 388096 ----a-r- C:\Users\Master\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-15 19:39:57 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-07-15 19:32:53 11864 ----a-w- C:\Windows\System32\drivers\kl2.sys 2012-07-15 19:32:52 460888 ----a-w- C:\Windows\System32\drivers\kl1.sys 2012-07-15 19:31:55 -------- d-----w- C:\Program Files (x86)\Check Point Software Technologies LTD 2012-07-15 19:26:59 515584 ----a-w- C:\Windows\System32\timedate.cpl 2012-07-15 19:26:59 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl 2012-07-15 19:26:58 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2012-07-15 19:26:57 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2012-07-15 19:26:46 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2012-07-15 19:26:46 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll 2012-07-15 19:26:09 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2012-07-15 19:26:07 33792 ----a-w- C:\Windows\System32\profprov.dll 2012-07-15 19:26:07 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-07-15 19:24:55 1395712 ----a-w- C:\Windows\System32\mfc42.dll 2012-07-15 19:17:41 -------- d-----w- C:\Users\Master\AppData\Roaming\Malwarebytes 2012-07-15 19:16:51 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-07-15 19:11:00 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-07-15 19:11:00 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe 2012-07-15 19:11:00 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-07-15 19:11:00 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-07-15 19:11:00 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-07-15 19:11:00 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-07-15 19:06:15 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2012-07-15 19:06:15 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-07-15 19:03:41 77312 ----a-w- C:\Windows\System32\packager.dll 2012-07-15 19:03:41 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-07-15 19:00:59 -------- d-----w- C:\Users\Master\AppData\Local\Diagnostics 2012-07-15 18:56:07 -------- d-----w- C:\Users\Master\AppData\Local\WindowsUpdate 2012-07-15 18:56:06 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-07-15 18:56:06 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-07-15 18:56:06 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-07-15 18:53:50 -------- d-----w- C:\Users\Master\AppData\Roaming\CheckPoint 2012-07-15 18:53:47 -------- d-----w- C:\Program Files (x86)\Conduit 2012-07-15 18:53:45 -------- d-----w- C:\Users\Master\AppData\Local\Conduit 2012-07-15 18:53:37 -------- d-----w- C:\Program Files\CheckPoint 2012-07-15 18:53:31 -------- d-----w- C:\ProgramData\CheckPoint 2012-07-15 18:53:09 -------- d-sh--w- C:\Windows\Installer 2012-07-15 18:51:35 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-07-15 18:50:35 -------- d-----w- C:\Program Files (x86)\CheckPoint 2012-07-15 18:50:14 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-07-15 18:49:57 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-07-15 18:49:49 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-07-15 18:49:49 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-07-15 18:30:35 -------- d-----w- C:\Users\Master\AppData\Local\Apps 2012-07-15 05:44:20 -------- d-----w- C:\Windows\Panther 2012-07-15 04:57:07 -------- d-----w- C:\Users\Master\AppData\Local\VirtualStore 2012-07-05 16:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll . ==================== Find3M ==================== . 2012-07-16 22:08:27 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-07-16 22:08:26 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ============= FINISH: 15:25:16.94 =============== ATACH: ---------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 7/15/2012 6:56:49 AM System Uptime: 7/19/2012 7:19:42 AM (56 hours ago) . Motherboard: MEDIONPC | | MS-7616 Processor: Intel® Core i7 CPU 870 @ 2.93GHz | CPU 1 | 1173/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 890 GiB total, 846.208 GiB free. D: is FIXED (NTFS) - 40 GiB total, 39.528 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is FIXED (FAT32) - 596 GiB total, 216.933 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP14: 7/17/2012 2:35:46 AM - Installed Adobe Reader X (10.1.0). RP13: 7/17/2012 3:28:50 AM - Installed Snagit 10.0.2 RP15: 7/18/2012 3:00:34 AM - Windows Update RP16: 7/19/2012 2:06:44 AM - Installed Java 7 Update 5 RP17: 7/19/2012 2:08:07 AM - Installed JavaFX 2.1.1 RP18: 7/19/2012 3:00:15 AM - Windows Update RP19: 7/19/2012 1:57:24 PM - Installed 7-Zip 9.20 (x64 edition) RP20: 7/19/2012 3:35:01 PM - Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 RP21: 7/19/2012 3:35:50 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 RP22: 7/19/2012 3:37:38 PM - Installed OpenOffice.org 3.4 RP23: 7/20/2012 3:00:11 AM - Windows Update . ==== Installed Programs ====================== . 360Amigo System Speedup PRO Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Italian CCC Help Japanese CCC Help Norwegian CCC Help Spanish CCC Help Swedish EaseUS Partition Master 9.1.1 Home Edition ESET Online Scanner v3 Google Chrome Google Toolbar for Internet Explorer Google Update Helper GoToMeeting 5.2.0.952 HiJackThis Intel® Control Center Intel® Rapid Storage Technology Java Auto Updater Java 7 Update 5 JavaFX 2.1.1 Jing Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft Silverlight Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service OpenOffice.org 3.4 Realtek Ethernet Controller Driver Realtek High Definition Audio Driver RoboForm 7-7-9-9 (All Users) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Skype Click to Call Skype™ 5.10 Snagit 10.0.2 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VC 9.0 Runtime ZoneAlarm Antivirus ZoneAlarm Firewall ZoneAlarm Free Antivirus + Firewall ZoneAlarm Security ZoneAlarm Security Toolbar . ==== Event Viewer Messages From Past Week ======== . 7/21/2012 3:22:12 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 7/19/2012 1:17:21 AM, Error: Service Control Manager [7034] - The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s). 7/17/2012 1:03:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect. 7/16/2012 9:47:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. 7/16/2012 10:54:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Software Shadow Copy Provider service to connect. 7/16/2012 10:54:26 PM, Error: Service Control Manager [7000] - The Microsoft Software Shadow Copy Provider service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/16/2012 10:52:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service swprv with arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A} 7/16/2012 10:44:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ActiveX Installer (AxInstSV) service to connect. 7/16/2012 10:44:02 PM, Error: Service Control Manager [7000] - The ActiveX Installer (AxInstSV) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/16/2012 10:43:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service AxInstSv with arguments "" in order to run the server: {90F18417-F0F1-484E-9D3C-59DCEEE5DBD8} 7/16/2012 10:23:24 PM, Error: Service Control Manager [7022] - The Microsoft iSCSI Initiator Service service hung on starting. 7/16/2012 10:19:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect. 7/16/2012 10:19:41 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 7/16/2012 10:18:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F} . ==== End Of File =========================== ==== BTW :]] I had to reinstall WIndows because I was not even able to control a website after loggin in. The screen froze after . Evreywhere:mailbox, memberssites. Thanks for your help .
  7. fraagje
    HI , OK ...done excatly what you've said ..but there was only one file: ------------------------------------------- ------------------------------------------- DDS-Run: ------------ DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Master at 18:14:03 on 2012-07-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4117 [GMT 2:00] . AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D} FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Windows\SysWow64\perfhost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskeng.exe C:\Program files\360Amigo\360Amigo.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files (x86)\TechSmith\Jing\Jing.exe C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe C:\Windows\splwow64.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wuauclt.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Windows\SysWOW64\mspaint.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k swprv C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN27965984021777-1025&toolbarId=base&affiliateId=1002&Lan=en&utid=960d61110000000000006c626d53735f uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Zonealarm Helper Object: {2a841f7a-a014-4da5-b6d9-8b913dfb7a8c} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll TB: ZoneAlarm Security Toolbar: {438fae3e-bdef-44d3-ab8b-0c7c8350df59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmTlbr.dll TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll TB: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" uRun: [360Amigo] "C:\Program files\360Amigo\360Amigo.exe" -autorun uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab TCP: DhcpNameServer = 62.179.104.196 213.46.228.196 TCP: Interfaces\{BD07656B-999F-449F-AD19-D7145B3A4F5D} : NameServer = 4.2.2.3,4.2.2.5 TCP: Interfaces\{BD07656B-999F-449F-AD19-D7145B3A4F5D} : DhcpNameServer = 62.179.104.196 213.46.228.196 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll BHO-X64: Zonealarm Helper Object - No File BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll BHO-X64: RoboForm BHO - No File BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll BHO-X64: ZoneAlarm Security Engine Registrar - No File BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File TB-X64: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmTlbr.dll TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\niow43n8.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll . ============= SERVICES / DRIVERS =============== . R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-15 13336] R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672] R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 655944] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-16 136176] S2 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-16 136176] S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-7-15 14216] S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-7-15 8456] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-17 113120] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-17 13:11:43 -------- d-----r- C:\Program Files (x86)\Skype 2012-07-17 10:32:43 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-07-17 10:32:38 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{01245371-CE6D-4C6E-881A-5A0641F50407}\mpengine.dll 2012-07-17 02:20:06 -------- d-----w- C:\Users\Master\AppData\Local\Macromedia 2012-07-17 01:30:07 -------- d-----w- C:\Users\Master\AppData\Local\assembly 2012-07-17 01:24:57 -------- d-----w- C:\Users\Master\AppData\Local\TechSmith 2012-07-17 00:41:57 -------- d-----w- C:\Users\Master\AppData\Roaming\KompoZer 2012-07-17 00:39:06 -------- d-----w- C:\Users\Master\AppData\Local\Adobe 2012-07-17 00:00:56 -------- d-----w- C:\Program Files (x86)\Citrix 2012-07-16 21:00:23 -------- d-----w- C:\Windows\System32\SPReview 2012-07-16 20:59:40 -------- d-----w- C:\Windows\System32\EventProviders 2012-07-16 20:48:59 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys 2012-07-16 20:48:16 -------- d-----w- C:\Program Files (x86)\ESET 2012-07-16 20:03:56 -------- d-----w- C:\Users\Master\AppData\Local\360Amigo 2012-07-16 20:03:56 -------- d-----w- C:\Program Files\360Amigo 2012-07-16 19:27:28 -------- d-----w- C:\Users\Master\AppData\Roaming\RoboForm 2012-07-16 19:12:15 -------- d-----w- C:\Program Files (x86)\Siber Systems 2012-07-16 15:04:59 732160 ----a-w- C:\Windows\SysWow64\imapi2fs.dll 2012-07-16 15:03:59 978944 ----a-w- C:\Windows\System32\WMSPDMOD.DLL 2012-07-16 15:01:59 529408 ----a-w- C:\Windows\System32\wbemcomn.dll 2012-07-16 15:01:59 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll 2012-07-16 15:01:54 244736 ----a-w- C:\Windows\System32\sqmapi.dll 2012-07-16 08:05:52 -------- d-----w- C:\Users\Master\AppData\Local\Google 2012-07-16 08:05:41 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-16 08:05:41 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-15 22:06:36 -------- d-----w- C:\Users\Master\AppData\Local\ATI 2012-07-15 22:06:34 -------- d-----w- C:\Users\Master\AppData\Roaming\Intel Corporation 2012-07-15 21:58:27 -------- d-----w- C:\Windows\SysWow64\Wat 2012-07-15 21:58:27 -------- d-----w- C:\Windows\System32\Wat 2012-07-15 21:57:34 0 ----a-w- C:\Windows\ativpsrm.bin 2012-07-15 21:18:34 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys 2012-07-15 21:18:34 -------- d-----w- C:\Intel 2012-07-15 21:17:34 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys 2012-07-15 21:17:34 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe 2012-07-15 21:17:34 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys 2012-07-15 21:17:34 3316736 ----a-w- C:\Windows\System32\BootMan.exe 2012-07-15 21:17:34 2468520 ----a-w- C:\Windows\SysWow64\BootMan.exe 2012-07-15 21:17:34 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll 2012-07-15 21:17:34 16776 ----a-w- C:\Windows\System32\epmntdrv.sys 2012-07-15 21:17:34 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll 2012-07-15 21:17:34 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys 2012-07-15 21:17:34 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe 2012-07-15 21:17:30 -------- d-----w- C:\Program Files (x86)\EaseUS 2012-07-15 21:13:42 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll 2012-07-15 21:11:58 1251944 ----a-w- C:\Windows\RtlExUpd.dll 2012-07-15 21:11:58 -------- d--h--w- C:\Program Files (x86)\Temp 2012-07-15 21:11:56 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe 2012-07-15 21:11:56 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll 2012-07-15 21:11:56 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll 2012-07-15 21:11:56 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll 2012-07-15 21:11:55 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll 2012-07-15 21:11:55 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll 2012-07-15 21:11:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe 2012-07-15 21:11:54 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2012-07-15 21:11:54 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll 2012-07-15 21:10:36 -------- d-----w- C:\Program Files (x86)\ATI Technologies 2012-07-15 21:10:19 -------- d-----w- C:\Program Files\ATI Technologies 2012-07-15 21:10:16 -------- d-----w- C:\Program Files\ATI 2012-07-15 21:09:11 -------- d-----w- C:\ATI 2012-07-15 20:34:41 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-15 20:05:31 294912 ----a-w- C:\Windows\System32\browserchoice.exe 2012-07-15 19:45:48 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-07-15 19:45:48 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-07-15 19:45:48 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-07-15 19:45:48 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-07-15 19:45:48 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-07-15 19:45:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-07-15 19:45:48 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-07-15 19:39:57 388096 ----a-r- C:\Users\Master\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-07-15 19:39:57 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-07-15 19:32:53 11864 ----a-w- C:\Windows\System32\drivers\kl2.sys 2012-07-15 19:32:52 460888 ----a-w- C:\Windows\System32\drivers\kl1.sys 2012-07-15 19:31:55 -------- d-----w- C:\Program Files (x86)\Check Point Software Technologies LTD 2012-07-15 19:26:59 515584 ----a-w- C:\Windows\System32\timedate.cpl 2012-07-15 19:26:59 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl 2012-07-15 19:26:58 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2012-07-15 19:26:57 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2012-07-15 19:26:46 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2012-07-15 19:26:46 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll 2012-07-15 19:26:09 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys 2012-07-15 19:26:07 33792 ----a-w- C:\Windows\System32\profprov.dll 2012-07-15 19:26:07 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-07-15 19:24:55 1395712 ----a-w- C:\Windows\System32\mfc42.dll 2012-07-15 19:17:41 -------- d-----w- C:\Users\Master\AppData\Roaming\Malwarebytes 2012-07-15 19:16:51 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-07-15 19:11:00 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-07-15 19:11:00 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe 2012-07-15 19:11:00 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-07-15 19:11:00 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-07-15 19:11:00 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-07-15 19:11:00 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-07-15 19:06:15 1731920 ----a-w- C:\Windows\System32\ntdll.dll 2012-07-15 19:06:15 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2012-07-15 19:03:41 77312 ----a-w- C:\Windows\System32\packager.dll 2012-07-15 19:03:41 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2012-07-15 19:00:59 -------- d-----w- C:\Users\Master\AppData\Local\Diagnostics 2012-07-15 18:56:07 -------- d-----w- C:\Users\Master\AppData\Local\WindowsUpdate 2012-07-15 18:56:06 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll 2012-07-15 18:56:06 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys 2012-07-15 18:56:06 1031680 ----a-w- C:\Windows\System32\rdpcore.dll 2012-07-15 18:53:50 -------- d-----w- C:\Users\Master\AppData\Roaming\CheckPoint 2012-07-15 18:53:47 -------- d-----w- C:\Program Files (x86)\Conduit 2012-07-15 18:53:45 -------- d-----w- C:\Users\Master\AppData\Local\Conduit 2012-07-15 18:53:37 -------- d-----w- C:\Program Files\CheckPoint 2012-07-15 18:53:31 -------- d-----w- C:\ProgramData\CheckPoint 2012-07-15 18:53:09 -------- d-sh--w- C:\Windows\Installer 2012-07-15 18:51:35 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-07-15 18:50:35 -------- d-----w- C:\Program Files (x86)\CheckPoint 2012-07-15 18:50:14 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-07-15 18:49:57 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-07-15 18:49:49 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-07-15 18:49:49 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-07-15 18:30:35 -------- d-----w- C:\Users\Master\AppData\Local\Apps 2012-07-15 05:44:20 -------- d-----w- C:\Windows\Panther 2012-07-15 04:57:07 -------- d-----w- C:\Users\Master\AppData\Local\VirtualStore 2012-07-05 16:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll . ==================== Find3M ==================== . 2012-07-16 22:08:27 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-07-16 22:08:26 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ============= FINISH: 18:14:42.56 ===============
  8. fraagje
    Hi , I am not sure what you're asking? Do you want to know if I am a paying member of this forum :NO Have I paid for the software:Yes. This is my second try to post here because the screen froze when I hit the post button. Ayway the problem was really to much ..because I couldn't login anymore or the site froze. So I deleted everything from my pc ..formatted the drives and reinstalled windows7 again.' INstalled zonealarm and ran Hijack again..and guess what? I got the same results as above. on a brand new installation??:] My connection is slow and some websites take ages to load ....are you familiar with these new happenings? Or is it just my pc...ip-address . I have a feeling that someone is blocking me or focusing on my activities. CAn you give me some solid advice? Because I really don't know what to do ? Thanks
  9. fraagje
    HI , Well I tried in the master account and get the same results. Also it says there is no log file and asked me to create a new one which I did ,but get no log file .It's empty. Also there is still this incredibar.dll file on my pc and I can't get it out. thanks for your help.
  10. fraagje
    HI, my pc is infected and I had already tried to run hijack , but hijackthis is giving me an error : this is the message I have attached Hijack this can't write to the host file ,,anyway the image is in the attachment.. Can you please help? Thankx, Fraagje
  11. fraagje
    Sorry for these partial posts...but I have to find an opening between the strange things to post here. Can you please help? thanks
  12. fraagje
    ---- My folders are empty now the dds results are gone. I have to restart ..oh boy Ok back again Attach.txt DDS.txt
  13. fraagje
    Hi ,, I must have something on my pc that i can't remove in a normal way. I get messages like : you are not allowed to actions like this, you have to be an administrator. Windows security center can't be started. So I have made some copies of the messages I receive and ran a DDS checkup. The files are all attached. I cannot attach more ...someone is watching along and removed the possibility to see the files I want to upload. There's something very wrong here...please help. mbam will not start! my folders where i saved the results of dds are empty now. my pc hangs
  14. fraagje
    Thank you for your help.
  15. fraagje
    HI , Before we can do anything I have a few questions. MBAM continuesly shows me a window saying: Mbam has block access to a dangerous site : then ip address of site and most of the time beneath it :Skype Anyway I have attached a screen for you to see. Is there some trojan on my pc that is trying to connect with his home base or can i just be relaxed about it? Please advice, Thnx Is there no one to answer my question or is it just a stupid question:) Maybe this is not a trojan? but how will I know? I have a feeling that someone is looking over my shoulders and is making a screen-image copy off my pc...but none of the anti-virus software is mentioning something. Can you help? thank you.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.