[Issues with my pc control]

yes i know...but I can only delete or create new partition, so ther's nothing you can do for me ?

thnx

[Issues with my pc control]

OOps sorry for the typos:(

[Issues with my pc control]

Hi Yes I am still here . I had some physical problems ,and couldn't go online.

Anyway that could be the problem.

But these partitions are not accessable by me.

How do I sole this?

Delete the partitions?

Will my windows still work?

And will I have problems to upload system files, when resinatlling windows?

Thanks

Do I have to reinstall windows

[Issues with my pc control]

Hi ,

no system files ...just programs that i use or files that i had created. I did a full format and even a new partition ...but there is still someone on my pc ....

There are 3 partitions on my disk ...and that is also strange ...two are for the system files and the 3rd is what I use as c:

Sometimes i can't access certain websites ...and no it's not porno or games or any of that kind...or those strange websites..or download sites.

my pc is only used for private programs and youtube and facebook ...but that's all. I often go to webinars and i have rally huge problems to just enter a goto webinar. I have to really force my pc to go there..

and also the loadtime is very anoying. I thought formatting and reinstalling would solve the problems...it didn't.

Do you think perhaps that the other partitions are hacked? Can I just remove everything from there? because it says system files. I am using win7 and have downloaded the drivers etc.. on a removable disk

and have an win7 installation dvd./cd

[Issues with my pc control]

ok so you're saying my pc is secure now?

I don't fall for the scareware stuff..

Ok but still there is something very strange because my browser sometimes just freezes and I have to restart it. Even now after a fresh install.

flash plugins that crashes .

I have setup opendns now and will see what happens.

[Issues with my pc control]

OK here they are :

=========================

=========================

DDS:

-----

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Master at 15:22:58 on 2012-07-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.2816 [GMT 2:00]

.

AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}

FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Windows\SysWow64\perfhost.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe

C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe

C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\splwow64.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\LogonUI.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\TechSmith\Jing\Jing.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program files\360Amigo\360Amigo.exe

C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe

C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe

C:\Windows\splwow64.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN27965984021777-1025&toolbarId=base&affiliateId=1002&Lan=en&utid=960d61110000000000006c626d53735f

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Zonealarm Helper Object: {2a841f7a-a014-4da5-b6d9-8b913dfb7a8c} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: ZoneAlarm Security Toolbar: {438fae3e-bdef-44d3-ab8b-0c7c8350df59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmTlbr.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

uRun: [360Amigo] "C:\Program files\360Amigo\360Amigo.exe" -autorun

uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

TCP: Interfaces\{BD07656B-999F-449F-AD19-D7145B3A4F5D} : NameServer = 4.2.2.3,4.2.2.5

TCP: Interfaces\{BD07656B-999F-449F-AD19-D7145B3A4F5D} : DhcpNameServer = 62.179.104.196 213.46.228.196

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll

BHO-X64: Zonealarm Helper Object - No File

BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO-X64: RoboForm BHO - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO-X64: ZoneAlarm Security Engine Registrar - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmTlbr.dll

TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File

TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\niow43n8.default\

FF - prefs.js: browser.search.selectedEngine - Web Search (powered by Google)

FF - prefs.js: keyword.URL - hxxp://search.toolbars.alexa.com/?ver=spkyf-1.7.0&src=ab&aid=x3p1g1dBvo00qM&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

============= SERVICES / DRIVERS ===============

.

R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-15 13336]

R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]

R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 655944]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-16 136176]

S2 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-16 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-7-15 14216]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-7-15 8456]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-17 113120]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-20 13:46:05 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BD32B55A-5253-42F6-B199-DE6C7BE6E1AB}\mpengine.dll

2012-07-19 13:38:44 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2012-07-19 00:09:08 -------- d-----w- C:\Program Files (x86)\Oracle

2012-07-19 00:08:02 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-07-19 00:08:02 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-07-17 13:11:43 -------- d-----r- C:\Program Files (x86)\Skype

2012-07-17 10:32:43 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-07-17 02:20:06 -------- d-----w- C:\Users\Master\AppData\Local\Macromedia

2012-07-17 01:30:07 -------- d-----w- C:\Users\Master\AppData\Local\assembly

2012-07-17 01:24:57 -------- d-----w- C:\Users\Master\AppData\Local\TechSmith

2012-07-17 00:41:57 -------- d-----w- C:\Users\Master\AppData\Roaming\KompoZer

2012-07-17 00:39:06 -------- d-----w- C:\Users\Master\AppData\Local\Adobe

2012-07-17 00:00:56 -------- d-----w- C:\Program Files (x86)\Citrix

2012-07-16 21:00:23 -------- d-----w- C:\Windows\System32\SPReview

2012-07-16 20:59:40 -------- d-----w- C:\Windows\System32\EventProviders

2012-07-16 20:48:59 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys

2012-07-16 20:48:16 -------- d-----w- C:\Program Files (x86)\ESET

2012-07-16 20:03:56 -------- d-----w- C:\Users\Master\AppData\Local\360Amigo

2012-07-16 20:03:56 -------- d-----w- C:\Program Files\360Amigo

2012-07-16 19:27:28 -------- d-----w- C:\Users\Master\AppData\Roaming\RoboForm

2012-07-16 19:12:15 -------- d-----w- C:\Program Files (x86)\Siber Systems

2012-07-16 15:04:59 732160 ----a-w- C:\Windows\SysWow64\imapi2fs.dll

2012-07-16 15:03:59 978944 ----a-w- C:\Windows\System32\WMSPDMOD.DLL

2012-07-16 15:01:59 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2012-07-16 15:01:59 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2012-07-16 15:01:54 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2012-07-16 08:05:52 -------- d-----w- C:\Users\Master\AppData\Local\Google

2012-07-16 08:05:41 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-16 08:05:41 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-15 22:06:36 -------- d-----w- C:\Users\Master\AppData\Local\ATI

2012-07-15 22:06:34 -------- d-----w- C:\Users\Master\AppData\Roaming\Intel Corporation

2012-07-15 21:58:27 -------- d-----w- C:\Windows\SysWow64\Wat

2012-07-15 21:58:27 -------- d-----w- C:\Windows\System32\Wat

2012-07-15 21:57:34 0 ----a-w- C:\Windows\ativpsrm.bin

2012-07-15 21:18:34 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys

2012-07-15 21:18:34 -------- d-----w- C:\Intel

2012-07-15 21:17:34 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys

2012-07-15 21:17:34 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe

2012-07-15 21:17:34 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys

2012-07-15 21:17:34 3316736 ----a-w- C:\Windows\System32\BootMan.exe

2012-07-15 21:17:34 2468520 ----a-w- C:\Windows\SysWow64\BootMan.exe

2012-07-15 21:17:34 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll

2012-07-15 21:17:34 16776 ----a-w- C:\Windows\System32\epmntdrv.sys

2012-07-15 21:17:34 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll

2012-07-15 21:17:34 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys

2012-07-15 21:17:34 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe

2012-07-15 21:17:30 -------- d-----w- C:\Program Files (x86)\EaseUS

2012-07-15 21:13:42 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2012-07-15 21:11:58 1251944 ----a-w- C:\Windows\RtlExUpd.dll

2012-07-15 21:11:58 -------- d--h--w- C:\Program Files (x86)\Temp

2012-07-15 21:11:56 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2012-07-15 21:11:56 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2012-07-15 21:11:56 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2012-07-15 21:11:56 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2012-07-15 21:11:55 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2012-07-15 21:11:55 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2012-07-15 21:11:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-07-15 21:11:54 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2012-07-15 21:11:54 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2012-07-15 21:10:36 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2012-07-15 21:10:19 -------- d-----w- C:\Program Files\ATI Technologies

2012-07-15 21:10:16 -------- d-----w- C:\Program Files\ATI

2012-07-15 21:09:11 -------- d-----w- C:\ATI

2012-07-15 20:34:41 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-15 20:05:31 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2012-07-15 19:45:48 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-07-15 19:45:48 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-07-15 19:45:48 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-07-15 19:45:48 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-07-15 19:45:48 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-07-15 19:45:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-07-15 19:45:48 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-07-15 19:39:57 388096 ----a-r- C:\Users\Master\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-15 19:39:57 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-07-15 19:32:53 11864 ----a-w- C:\Windows\System32\drivers\kl2.sys

2012-07-15 19:32:52 460888 ----a-w- C:\Windows\System32\drivers\kl1.sys

2012-07-15 19:31:55 -------- d-----w- C:\Program Files (x86)\Check Point Software Technologies LTD

2012-07-15 19:26:59 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-07-15 19:26:59 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-07-15 19:26:58 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2012-07-15 19:26:57 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2012-07-15 19:26:46 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2012-07-15 19:26:46 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2012-07-15 19:26:09 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2012-07-15 19:26:07 33792 ----a-w- C:\Windows\System32\profprov.dll

2012-07-15 19:26:07 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-07-15 19:24:55 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2012-07-15 19:17:41 -------- d-----w- C:\Users\Master\AppData\Roaming\Malwarebytes

2012-07-15 19:16:51 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-07-15 19:11:00 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-07-15 19:11:00 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe

2012-07-15 19:11:00 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-07-15 19:11:00 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-07-15 19:11:00 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-07-15 19:11:00 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-07-15 19:06:15 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-07-15 19:06:15 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-07-15 19:03:41 77312 ----a-w- C:\Windows\System32\packager.dll

2012-07-15 19:03:41 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-07-15 19:00:59 -------- d-----w- C:\Users\Master\AppData\Local\Diagnostics

2012-07-15 18:56:07 -------- d-----w- C:\Users\Master\AppData\Local\WindowsUpdate

2012-07-15 18:56:06 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-07-15 18:56:06 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-07-15 18:56:06 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-07-15 18:53:50 -------- d-----w- C:\Users\Master\AppData\Roaming\CheckPoint

2012-07-15 18:53:47 -------- d-----w- C:\Program Files (x86)\Conduit

2012-07-15 18:53:45 -------- d-----w- C:\Users\Master\AppData\Local\Conduit

2012-07-15 18:53:37 -------- d-----w- C:\Program Files\CheckPoint

2012-07-15 18:53:31 -------- d-----w- C:\ProgramData\CheckPoint

2012-07-15 18:53:09 -------- d-sh--w- C:\Windows\Installer

2012-07-15 18:51:35 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-07-15 18:50:35 -------- d-----w- C:\Program Files (x86)\CheckPoint

2012-07-15 18:50:14 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-07-15 18:49:57 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-07-15 18:49:49 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-07-15 18:49:49 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-07-15 18:30:35 -------- d-----w- C:\Users\Master\AppData\Local\Apps

2012-07-15 05:44:20 -------- d-----w- C:\Windows\Panther

2012-07-15 04:57:07 -------- d-----w- C:\Users\Master\AppData\Local\VirtualStore

2012-07-05 16:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

==================== Find3M ====================

.

2012-07-16 22:08:27 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-07-16 22:08:26 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 15:25:16.94 ===============

ATACH:

----------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 7/15/2012 6:56:49 AM

System Uptime: 7/19/2012 7:19:42 AM (56 hours ago)

.

Motherboard: MEDIONPC | | MS-7616

Processor: Intel® Core i7 CPU 870 @ 2.93GHz | CPU 1 | 1173/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 890 GiB total, 846.208 GiB free.

D: is FIXED (NTFS) - 40 GiB total, 39.528 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is FIXED (FAT32) - 596 GiB total, 216.933 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP14: 7/17/2012 2:35:46 AM - Installed Adobe Reader X (10.1.0).

RP13: 7/17/2012 3:28:50 AM - Installed Snagit 10.0.2

RP15: 7/18/2012 3:00:34 AM - Windows Update

RP16: 7/19/2012 2:06:44 AM - Installed Java 7 Update 5

RP17: 7/19/2012 2:08:07 AM - Installed JavaFX 2.1.1

RP18: 7/19/2012 3:00:15 AM - Windows Update

RP19: 7/19/2012 1:57:24 PM - Installed 7-Zip 9.20 (x64 edition)

RP20: 7/19/2012 3:35:01 PM - Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

RP21: 7/19/2012 3:35:50 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

RP22: 7/19/2012 3:37:38 PM - Installed OpenOffice.org 3.4

RP23: 7/20/2012 3:00:11 AM - Windows Update

.

==== Installed Programs ======================

.

360Amigo System Speedup PRO

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Norwegian

CCC Help Spanish

CCC Help Swedish

EaseUS Partition Master 9.1.1 Home Edition

ESET Online Scanner v3

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.2.0.952

HiJackThis

Intel® Control Center

Intel® Rapid Storage Technology

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

Jing

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

OpenOffice.org 3.4

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RoboForm 7-7-9-9 (All Users)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Skype Click to Call

Skype™ 5.10

Snagit 10.0.2

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VC 9.0 Runtime

ZoneAlarm Antivirus

ZoneAlarm Firewall

ZoneAlarm Free Antivirus + Firewall

ZoneAlarm Security

ZoneAlarm Security Toolbar

.

==== Event Viewer Messages From Past Week ========

.

7/21/2012 3:22:12 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

7/19/2012 1:17:21 AM, Error: Service Control Manager [7034] - The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).

7/17/2012 1:03:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

7/16/2012 9:47:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

7/16/2012 10:54:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Software Shadow Copy Provider service to connect.

7/16/2012 10:54:26 PM, Error: Service Control Manager [7000] - The Microsoft Software Shadow Copy Provider service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/16/2012 10:52:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service swprv with arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

7/16/2012 10:44:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ActiveX Installer (AxInstSV) service to connect.

7/16/2012 10:44:02 PM, Error: Service Control Manager [7000] - The ActiveX Installer (AxInstSV) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/16/2012 10:43:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service AxInstSv with arguments "" in order to run the server: {90F18417-F0F1-484E-9D3C-59DCEEE5DBD8}

7/16/2012 10:23:24 PM, Error: Service Control Manager [7022] - The Microsoft iSCSI Initiator Service service hung on starting.

7/16/2012 10:19:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.

7/16/2012 10:19:41 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/16/2012 10:18:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}

.

==== End Of File ===========================

====

BTW :]]

I had to reinstall WIndows because I was not even able to control a website after loggin in.

The screen froze after .

Evreywhere:mailbox,

memberssites.

Thanks for your help .

[Issues with my pc control]

HI ,

OK ...done excatly what you've said ..but there was only one file:

-------------------------------------------

-------------------------------------------

DDS-Run:

------------

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Master at 18:14:03 on 2012-07-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4117 [GMT 2:00]

.

AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}

FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Windows\SysWow64\perfhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskeng.exe

C:\Program files\360Amigo\360Amigo.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\TechSmith\Jing\Jing.exe

C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe

C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe

C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\SysWOW64\mspaint.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN27965984021777-1025&toolbarId=base&affiliateId=1002&Lan=en&utid=960d61110000000000006c626d53735f

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Zonealarm Helper Object: {2a841f7a-a014-4da5-b6d9-8b913dfb7a8c} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TB: ZoneAlarm Security Toolbar: {438fae3e-bdef-44d3-ab8b-0c7c8350df59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmTlbr.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

uRun: [360Amigo] "C:\Program files\360Amigo\360Amigo.exe" -autorun

uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

TCP: Interfaces\{BD07656B-999F-449F-AD19-D7145B3A4F5D} : NameServer = 4.2.2.3,4.2.2.5

TCP: Interfaces\{BD07656B-999F-449F-AD19-D7145B3A4F5D} : DhcpNameServer = 62.179.104.196 213.46.228.196

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll

BHO-X64: Zonealarm Helper Object - No File

BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO-X64: RoboForm BHO - No File

BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO-X64: ZoneAlarm Security Engine Registrar - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

TB-X64: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmTlbr.dll

TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File

TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\niow43n8.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

============= SERVICES / DRIVERS ===============

.

R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-15 13336]

R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]

R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 655944]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-16 136176]

S2 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-16 136176]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-7-15 14216]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-7-15 8456]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-17 113120]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-17 13:11:43 -------- d-----r- C:\Program Files (x86)\Skype

2012-07-17 10:32:43 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-07-17 10:32:38 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{01245371-CE6D-4C6E-881A-5A0641F50407}\mpengine.dll

2012-07-17 02:20:06 -------- d-----w- C:\Users\Master\AppData\Local\Macromedia

2012-07-17 01:30:07 -------- d-----w- C:\Users\Master\AppData\Local\assembly

2012-07-17 01:24:57 -------- d-----w- C:\Users\Master\AppData\Local\TechSmith

2012-07-17 00:41:57 -------- d-----w- C:\Users\Master\AppData\Roaming\KompoZer

2012-07-17 00:39:06 -------- d-----w- C:\Users\Master\AppData\Local\Adobe

2012-07-17 00:00:56 -------- d-----w- C:\Program Files (x86)\Citrix

2012-07-16 21:00:23 -------- d-----w- C:\Windows\System32\SPReview

2012-07-16 20:59:40 -------- d-----w- C:\Windows\System32\EventProviders

2012-07-16 20:48:59 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys

2012-07-16 20:48:16 -------- d-----w- C:\Program Files (x86)\ESET

2012-07-16 20:03:56 -------- d-----w- C:\Users\Master\AppData\Local\360Amigo

2012-07-16 20:03:56 -------- d-----w- C:\Program Files\360Amigo

2012-07-16 19:27:28 -------- d-----w- C:\Users\Master\AppData\Roaming\RoboForm

2012-07-16 19:12:15 -------- d-----w- C:\Program Files (x86)\Siber Systems

2012-07-16 15:04:59 732160 ----a-w- C:\Windows\SysWow64\imapi2fs.dll

2012-07-16 15:03:59 978944 ----a-w- C:\Windows\System32\WMSPDMOD.DLL

2012-07-16 15:01:59 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2012-07-16 15:01:59 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2012-07-16 15:01:54 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2012-07-16 08:05:52 -------- d-----w- C:\Users\Master\AppData\Local\Google

2012-07-16 08:05:41 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-16 08:05:41 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-15 22:06:36 -------- d-----w- C:\Users\Master\AppData\Local\ATI

2012-07-15 22:06:34 -------- d-----w- C:\Users\Master\AppData\Roaming\Intel Corporation

2012-07-15 21:58:27 -------- d-----w- C:\Windows\SysWow64\Wat

2012-07-15 21:58:27 -------- d-----w- C:\Windows\System32\Wat

2012-07-15 21:57:34 0 ----a-w- C:\Windows\ativpsrm.bin

2012-07-15 21:18:34 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys

2012-07-15 21:18:34 -------- d-----w- C:\Intel

2012-07-15 21:17:34 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys

2012-07-15 21:17:34 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe

2012-07-15 21:17:34 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys

2012-07-15 21:17:34 3316736 ----a-w- C:\Windows\System32\BootMan.exe

2012-07-15 21:17:34 2468520 ----a-w- C:\Windows\SysWow64\BootMan.exe

2012-07-15 21:17:34 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll

2012-07-15 21:17:34 16776 ----a-w- C:\Windows\System32\epmntdrv.sys

2012-07-15 21:17:34 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll

2012-07-15 21:17:34 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys

2012-07-15 21:17:34 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe

2012-07-15 21:17:30 -------- d-----w- C:\Program Files (x86)\EaseUS

2012-07-15 21:13:42 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2012-07-15 21:11:58 1251944 ----a-w- C:\Windows\RtlExUpd.dll

2012-07-15 21:11:58 -------- d--h--w- C:\Program Files (x86)\Temp

2012-07-15 21:11:56 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2012-07-15 21:11:56 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2012-07-15 21:11:56 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2012-07-15 21:11:56 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2012-07-15 21:11:55 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2012-07-15 21:11:55 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2012-07-15 21:11:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-07-15 21:11:54 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2012-07-15 21:11:54 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2012-07-15 21:10:36 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2012-07-15 21:10:19 -------- d-----w- C:\Program Files\ATI Technologies

2012-07-15 21:10:16 -------- d-----w- C:\Program Files\ATI

2012-07-15 21:09:11 -------- d-----w- C:\ATI

2012-07-15 20:34:41 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-15 20:05:31 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2012-07-15 19:45:48 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-07-15 19:45:48 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-07-15 19:45:48 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-07-15 19:45:48 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-07-15 19:45:48 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-07-15 19:45:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-07-15 19:45:48 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-07-15 19:39:57 388096 ----a-r- C:\Users\Master\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-15 19:39:57 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-07-15 19:32:53 11864 ----a-w- C:\Windows\System32\drivers\kl2.sys

2012-07-15 19:32:52 460888 ----a-w- C:\Windows\System32\drivers\kl1.sys

2012-07-15 19:31:55 -------- d-----w- C:\Program Files (x86)\Check Point Software Technologies LTD

2012-07-15 19:26:59 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-07-15 19:26:59 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-07-15 19:26:58 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2012-07-15 19:26:57 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2012-07-15 19:26:46 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2012-07-15 19:26:46 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2012-07-15 19:26:09 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2012-07-15 19:26:07 33792 ----a-w- C:\Windows\System32\profprov.dll

2012-07-15 19:26:07 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-07-15 19:24:55 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2012-07-15 19:17:41 -------- d-----w- C:\Users\Master\AppData\Roaming\Malwarebytes

2012-07-15 19:16:51 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-07-15 19:11:00 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-07-15 19:11:00 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe

2012-07-15 19:11:00 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-07-15 19:11:00 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-07-15 19:11:00 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-07-15 19:11:00 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-07-15 19:06:15 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-07-15 19:06:15 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-07-15 19:03:41 77312 ----a-w- C:\Windows\System32\packager.dll

2012-07-15 19:03:41 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-07-15 19:00:59 -------- d-----w- C:\Users\Master\AppData\Local\Diagnostics

2012-07-15 18:56:07 -------- d-----w- C:\Users\Master\AppData\Local\WindowsUpdate

2012-07-15 18:56:06 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-07-15 18:56:06 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-07-15 18:56:06 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-07-15 18:53:50 -------- d-----w- C:\Users\Master\AppData\Roaming\CheckPoint

2012-07-15 18:53:47 -------- d-----w- C:\Program Files (x86)\Conduit

2012-07-15 18:53:45 -------- d-----w- C:\Users\Master\AppData\Local\Conduit

2012-07-15 18:53:37 -------- d-----w- C:\Program Files\CheckPoint

2012-07-15 18:53:31 -------- d-----w- C:\ProgramData\CheckPoint

2012-07-15 18:53:09 -------- d-sh--w- C:\Windows\Installer

2012-07-15 18:51:35 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-07-15 18:50:35 -------- d-----w- C:\Program Files (x86)\CheckPoint

2012-07-15 18:50:14 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-07-15 18:49:57 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-07-15 18:49:49 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-07-15 18:49:49 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-07-15 18:30:35 -------- d-----w- C:\Users\Master\AppData\Local\Apps

2012-07-15 05:44:20 -------- d-----w- C:\Windows\Panther

2012-07-15 04:57:07 -------- d-----w- C:\Users\Master\AppData\Local\VirtualStore

2012-07-05 16:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

==================== Find3M ====================

.

2012-07-16 22:08:27 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-07-16 22:08:26 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 18:14:42.56 ===============

[Issues with my pc control]

Hi ,

I am not sure what you're asking? Do you want to know if I am a paying member of this forum :NO Have I paid for the software:Yes.

This is my second try to post here because the screen froze when I hit the post button.

Ayway the problem was really to much ..because I couldn't login anymore or the site froze.

So I deleted everything from my pc ..formatted the drives and reinstalled windows7 again.'

INstalled zonealarm and ran Hijack again..and guess what?

I got the same results as above. on a brand new installation??:]

My connection is slow and some websites take ages to load ....are you familiar with these new happenings?

Or is it just my pc...ip-address . I have a feeling that someone is blocking me or focusing on my activities.

CAn you give me some solid advice? Because I really don't know what to do ?

Thanks

[Issues with my pc control]

HI ,

Well I tried in the master account and get the same results. Also it says there is no log file and asked me to create a new one which I did ,but get no log file .It's empty.

Also there is still this incredibar.dll file on my pc and I can't get it out.

thanks for your help.

[Issues with my pc control]

HI,

my pc is infected and I had already tried to run hijack , but hijackthis is giving me an error : this is the message I have attached

Hijack this can't write to the host file ,,anyway the image is in the attachment..

Can you please help?

Thankx,

Fraagje

[Help With Malware Programs Please]

Sorry for these partial posts...but I have to find an opening between the strange things to post here.

Can you please help?

thanks

[Help With Malware Programs Please]

Hi ,,

I must have something on my pc that i can't remove in a normal way.

I get messages like : you are not allowed to actions like this, you have to be an administrator.

Windows security center can't be started.

So I have made some copies of the messages I receive and ran a DDS checkup.

The files are all attached.

I cannot attach more ...someone is watching along and removed the possibility to see the files I want to upload.

There's something very wrong here...please help.

mbam will not start!

my folders where i saved the results of dds are empty now.

my pc hangs

----

My folders are empty now

the dds results are gone.

I have to restart ..oh boy

Ok back again

Attach.txt

DDS.txt

[Help With Malware Programs Please]

Hi ,,

I must have something on my pc that i can't remove in a normal way.

I get messages like : you are not allowed to actions like this, you have to be an administrator.

Windows security center can't be started.

So I have made some copies of the messages I receive and ran a DDS checkup.

The files are all attached.

I cannot attach more ...someone is watching along and removed the possibility to see the files I want to upload.

There's something very wrong here...please help.

mbam will not start!

my folders where i saved the results of dds are empty now.

my pc hangs

[Strange Messages from MBAM]

Hi and welcome to Malwarebytes.

Since Skype is a P2P program, it navigates through many different networks. Some of these may lie on IP ranges that are known to host malicious content, which is why we block them. Skype performance should not be affected by this.

Thank you for your help.

[Strange Messages from MBAM]

HI ,

Before we can do anything I have a few questions.

MBAM continuesly shows me a window saying: Mbam has block access to a

dangerous site : then ip address of site and most of the time

beneath it :Skype

Anyway I have attached a screen for you to see.

Is there some trojan on my pc that is trying to connect with his home base

or can i just be relaxed about it?

Please advice,

Thnx

Is there no one to answer my question or is it just a stupid question:)

Maybe this is not a trojan? but how will I know?

I have a feeling that someone is looking over my shoulders and is

making a screen-image copy off my pc...but none of the anti-virus

software is mentioning something.

Can you help?

thank you.

[Infections detected - Maleware or not?]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

Hi ,

I am Not the person the who started this tread. I found it in search of a solution to the so it seems.. same problem

you were speaking about here...and some more troubles that I can't clean.

I am using Ahnlab V3 which can't delete them.:

ToolBar "{B922D405-6D13-4A2B-AE89-08A030DA4402}"

Two more infections called : win-spyware/spycar.11776 and something called a start searchpage hijack. are also on the search results

which can't be cleaned or removed.

Are these infections or ....

Hope you can help me as well :]

thnx

btw:Mbam can't find anything!?!