Jump to content

Recommended Posts

HI,

my pc is infected and I had already tried to run hijack , but hijackthis is giving me an error : this is the message I have attached

Hijack this can't write to the host file ,,anyway the image is in the attachment..

Can you please help?

Thankx,

Fraagje

post-94503-0-43786100-1342277823.png

Share this post


Link to post
Share on other sites

Hello Fraagje! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support or here (http://helpdesk.malwarebytes.org/home). If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Why do you think that your system is infected? Follow our instructions here and post the log files in your next reply:

http://forums.malwarebytes.org/index.php?showtopic=9573

Hijack this can't write to the host file ,,anyway the image is in the attachment..

This is not Windows XP, in Windows Vista/7 is necessary to authorize HiJackThis, to have access to the hosts file. This is done by launching HiJackThis as administrator.

http://support.microsoft.com/kb/922708

Share this post


Link to post
Share on other sites

HI ,

Well I tried in the master account and get the same results. Also it says there is no log file and asked me to create a new one which I did ,but get no log file .It's empty.

Also there is still this incredibar.dll file on my pc and I can't get it out.

thanks for your help.

Share this post


Link to post
Share on other sites

Hi ,

I am not sure what you're asking? Do you want to know if I am a paying member of this forum :NO Have I paid for the software:Yes.

This is my second try to post here because the screen froze when I hit the post button.

Ayway the problem was really to much ..because I couldn't login anymore or the site froze.

So I deleted everything from my pc ..formatted the drives and reinstalled windows7 again.'

INstalled zonealarm and ran Hijack again..and guess what?

I got the same results as above. on a brand new installation??:]

My connection is slow and some websites take ages to load ....are you familiar with these new happenings?

Or is it just my pc...ip-address . I have a feeling that someone is blocking me or focusing on my activities.

CAn you give me some solid advice? Because I really don't know what to do ?

Thanks

Share this post


Link to post
Share on other sites

This is ridiculous. Have you saved any data? Did you use any removable storage device? Do you have a router? I mean after formatting.

If you want to work together, you must follow my instructions. What I said is as follows:

Follow our instructions here and post the log files in your next reply:

http://forums.malwarebytes.org/index.php?showtopic=9573

Share this post


Link to post
Share on other sites

HI ,

OK ...done excatly what you've said ..but there was only one file:

-------------------------------------------

-------------------------------------------

DDS-Run:

------------

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Master at 18:14:03 on 2012-07-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.4117 [GMT 2:00]

.

AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}

FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Windows\SysWow64\perfhost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskeng.exe

C:\Program files\360Amigo\360Amigo.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\TechSmith\Jing\Jing.exe

C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe

C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe

C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\SysWOW64\mspaint.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN27965984021777-1025&toolbarId=base&affiliateId=1002&Lan=en&utid=960d61110000000000006c626d53735f

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Zonealarm Helper Object: {2a841f7a-a014-4da5-b6d9-8b913dfb7a8c} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TB: ZoneAlarm Security Toolbar: {438fae3e-bdef-44d3-ab8b-0c7c8350df59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmTlbr.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

uRun: [360Amigo] "C:\Program files\360Amigo\360Amigo.exe" -autorun

uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

TCP: Interfaces\{BD07656B-999F-449F-AD19-D7145B3A4F5D} : NameServer = 4.2.2.3,4.2.2.5

TCP: Interfaces\{BD07656B-999F-449F-AD19-D7145B3A4F5D} : DhcpNameServer = 62.179.104.196 213.46.228.196

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll

BHO-X64: Zonealarm Helper Object - No File

BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO-X64: RoboForm BHO - No File

BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO-X64: ZoneAlarm Security Engine Registrar - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

TB-X64: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmTlbr.dll

TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File

TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\niow43n8.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

============= SERVICES / DRIVERS ===============

.

R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-15 13336]

R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]

R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 655944]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-16 136176]

S2 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-16 136176]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-7-15 14216]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-7-15 8456]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-17 113120]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-17 13:11:43 -------- d-----r- C:\Program Files (x86)\Skype

2012-07-17 10:32:43 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-07-17 10:32:38 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{01245371-CE6D-4C6E-881A-5A0641F50407}\mpengine.dll

2012-07-17 02:20:06 -------- d-----w- C:\Users\Master\AppData\Local\Macromedia

2012-07-17 01:30:07 -------- d-----w- C:\Users\Master\AppData\Local\assembly

2012-07-17 01:24:57 -------- d-----w- C:\Users\Master\AppData\Local\TechSmith

2012-07-17 00:41:57 -------- d-----w- C:\Users\Master\AppData\Roaming\KompoZer

2012-07-17 00:39:06 -------- d-----w- C:\Users\Master\AppData\Local\Adobe

2012-07-17 00:00:56 -------- d-----w- C:\Program Files (x86)\Citrix

2012-07-16 21:00:23 -------- d-----w- C:\Windows\System32\SPReview

2012-07-16 20:59:40 -------- d-----w- C:\Windows\System32\EventProviders

2012-07-16 20:48:59 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys

2012-07-16 20:48:16 -------- d-----w- C:\Program Files (x86)\ESET

2012-07-16 20:03:56 -------- d-----w- C:\Users\Master\AppData\Local\360Amigo

2012-07-16 20:03:56 -------- d-----w- C:\Program Files\360Amigo

2012-07-16 19:27:28 -------- d-----w- C:\Users\Master\AppData\Roaming\RoboForm

2012-07-16 19:12:15 -------- d-----w- C:\Program Files (x86)\Siber Systems

2012-07-16 15:04:59 732160 ----a-w- C:\Windows\SysWow64\imapi2fs.dll

2012-07-16 15:03:59 978944 ----a-w- C:\Windows\System32\WMSPDMOD.DLL

2012-07-16 15:01:59 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2012-07-16 15:01:59 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2012-07-16 15:01:54 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2012-07-16 08:05:52 -------- d-----w- C:\Users\Master\AppData\Local\Google

2012-07-16 08:05:41 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-16 08:05:41 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-15 22:06:36 -------- d-----w- C:\Users\Master\AppData\Local\ATI

2012-07-15 22:06:34 -------- d-----w- C:\Users\Master\AppData\Roaming\Intel Corporation

2012-07-15 21:58:27 -------- d-----w- C:\Windows\SysWow64\Wat

2012-07-15 21:58:27 -------- d-----w- C:\Windows\System32\Wat

2012-07-15 21:57:34 0 ----a-w- C:\Windows\ativpsrm.bin

2012-07-15 21:18:34 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys

2012-07-15 21:18:34 -------- d-----w- C:\Intel

2012-07-15 21:17:34 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys

2012-07-15 21:17:34 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe

2012-07-15 21:17:34 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys

2012-07-15 21:17:34 3316736 ----a-w- C:\Windows\System32\BootMan.exe

2012-07-15 21:17:34 2468520 ----a-w- C:\Windows\SysWow64\BootMan.exe

2012-07-15 21:17:34 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll

2012-07-15 21:17:34 16776 ----a-w- C:\Windows\System32\epmntdrv.sys

2012-07-15 21:17:34 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll

2012-07-15 21:17:34 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys

2012-07-15 21:17:34 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe

2012-07-15 21:17:30 -------- d-----w- C:\Program Files (x86)\EaseUS

2012-07-15 21:13:42 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2012-07-15 21:11:58 1251944 ----a-w- C:\Windows\RtlExUpd.dll

2012-07-15 21:11:58 -------- d--h--w- C:\Program Files (x86)\Temp

2012-07-15 21:11:56 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2012-07-15 21:11:56 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2012-07-15 21:11:56 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2012-07-15 21:11:56 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2012-07-15 21:11:55 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2012-07-15 21:11:55 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2012-07-15 21:11:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-07-15 21:11:54 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2012-07-15 21:11:54 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2012-07-15 21:10:36 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2012-07-15 21:10:19 -------- d-----w- C:\Program Files\ATI Technologies

2012-07-15 21:10:16 -------- d-----w- C:\Program Files\ATI

2012-07-15 21:09:11 -------- d-----w- C:\ATI

2012-07-15 20:34:41 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-15 20:05:31 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2012-07-15 19:45:48 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-07-15 19:45:48 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-07-15 19:45:48 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-07-15 19:45:48 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-07-15 19:45:48 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-07-15 19:45:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-07-15 19:45:48 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-07-15 19:39:57 388096 ----a-r- C:\Users\Master\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-15 19:39:57 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-07-15 19:32:53 11864 ----a-w- C:\Windows\System32\drivers\kl2.sys

2012-07-15 19:32:52 460888 ----a-w- C:\Windows\System32\drivers\kl1.sys

2012-07-15 19:31:55 -------- d-----w- C:\Program Files (x86)\Check Point Software Technologies LTD

2012-07-15 19:26:59 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-07-15 19:26:59 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-07-15 19:26:58 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2012-07-15 19:26:57 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2012-07-15 19:26:46 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2012-07-15 19:26:46 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2012-07-15 19:26:09 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2012-07-15 19:26:07 33792 ----a-w- C:\Windows\System32\profprov.dll

2012-07-15 19:26:07 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-07-15 19:24:55 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2012-07-15 19:17:41 -------- d-----w- C:\Users\Master\AppData\Roaming\Malwarebytes

2012-07-15 19:16:51 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-07-15 19:11:00 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-07-15 19:11:00 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe

2012-07-15 19:11:00 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-07-15 19:11:00 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-07-15 19:11:00 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-07-15 19:11:00 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-07-15 19:06:15 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-07-15 19:06:15 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-07-15 19:03:41 77312 ----a-w- C:\Windows\System32\packager.dll

2012-07-15 19:03:41 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-07-15 19:00:59 -------- d-----w- C:\Users\Master\AppData\Local\Diagnostics

2012-07-15 18:56:07 -------- d-----w- C:\Users\Master\AppData\Local\WindowsUpdate

2012-07-15 18:56:06 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-07-15 18:56:06 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-07-15 18:56:06 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-07-15 18:53:50 -------- d-----w- C:\Users\Master\AppData\Roaming\CheckPoint

2012-07-15 18:53:47 -------- d-----w- C:\Program Files (x86)\Conduit

2012-07-15 18:53:45 -------- d-----w- C:\Users\Master\AppData\Local\Conduit

2012-07-15 18:53:37 -------- d-----w- C:\Program Files\CheckPoint

2012-07-15 18:53:31 -------- d-----w- C:\ProgramData\CheckPoint

2012-07-15 18:53:09 -------- d-sh--w- C:\Windows\Installer

2012-07-15 18:51:35 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-07-15 18:50:35 -------- d-----w- C:\Program Files (x86)\CheckPoint

2012-07-15 18:50:14 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-07-15 18:49:57 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-07-15 18:49:49 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-07-15 18:49:49 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-07-15 18:30:35 -------- d-----w- C:\Users\Master\AppData\Local\Apps

2012-07-15 05:44:20 -------- d-----w- C:\Windows\Panther

2012-07-15 04:57:07 -------- d-----w- C:\Users\Master\AppData\Local\VirtualStore

2012-07-05 16:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

==================== Find3M ====================

.

2012-07-16 22:08:27 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-07-16 22:08:26 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 18:14:42.56 ===============

Share this post


Link to post
Share on other sites

Sorry for delay!

Do you still need help? If you still need help, generate a new fresh DDS log files.

Share this post


Link to post
Share on other sites

OK here they are :

=========================

=========================

DDS:

-----

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Master at 15:22:58 on 2012-07-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6135.2816 [GMT 2:00]

.

AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}

FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Windows\SysWow64\perfhost.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe

C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe

C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\splwow64.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\LogonUI.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Program Files (x86)\TechSmith\Jing\Jing.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program files\360Amigo\360Amigo.exe

C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe

C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe

C:\Windows\splwow64.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN27965984021777-1025&toolbarId=base&affiliateId=1002&Lan=en&utid=960d61110000000000006c626d53735f

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Zonealarm Helper Object: {2a841f7a-a014-4da5-b6d9-8b913dfb7a8c} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll

BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: ZoneAlarm Security Toolbar: {438fae3e-bdef-44d3-ab8b-0c7c8350df59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmTlbr.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File

TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

uRun: [360Amigo] "C:\Program files\360Amigo\360Amigo.exe" -autorun

uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Show RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

TCP: Interfaces\{BD07656B-999F-449F-AD19-D7145B3A4F5D} : NameServer = 4.2.2.3,4.2.2.5

TCP: Interfaces\{BD07656B-999F-449F-AD19-D7145B3A4F5D} : DhcpNameServer = 62.179.104.196 213.46.228.196

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\bh\zonealarm.dll

BHO-X64: Zonealarm Helper Object - No File

BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO-X64: RoboForm BHO - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO-X64: ZoneAlarm Security Engine Registrar - No File

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.24.4\zonealarmTlbr.dll

TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll

TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File

TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File

mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Master\AppData\Roaming\Mozilla\Firefox\Profiles\niow43n8.default\

FF - prefs.js: browser.search.selectedEngine - Web Search (powered by Google)

FF - prefs.js: keyword.URL - hxxp://search.toolbars.alexa.com/?ver=spkyf-1.7.0&src=ab&aid=x3p1g1dBvo00qM&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll

.

============= SERVICES / DRIVERS ===============

.

R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-15 13336]

R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]

R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-15 655944]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-16 136176]

S2 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-16 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-7-15 14216]

S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-7-15 8456]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-17 113120]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-20 13:46:05 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BD32B55A-5253-42F6-B199-DE6C7BE6E1AB}\mpengine.dll

2012-07-19 13:38:44 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3

2012-07-19 00:09:08 -------- d-----w- C:\Program Files (x86)\Oracle

2012-07-19 00:08:02 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-07-19 00:08:02 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-07-17 13:11:43 -------- d-----r- C:\Program Files (x86)\Skype

2012-07-17 10:32:43 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

2012-07-17 02:20:06 -------- d-----w- C:\Users\Master\AppData\Local\Macromedia

2012-07-17 01:30:07 -------- d-----w- C:\Users\Master\AppData\Local\assembly

2012-07-17 01:24:57 -------- d-----w- C:\Users\Master\AppData\Local\TechSmith

2012-07-17 00:41:57 -------- d-----w- C:\Users\Master\AppData\Roaming\KompoZer

2012-07-17 00:39:06 -------- d-----w- C:\Users\Master\AppData\Local\Adobe

2012-07-17 00:00:56 -------- d-----w- C:\Program Files (x86)\Citrix

2012-07-16 21:00:23 -------- d-----w- C:\Windows\System32\SPReview

2012-07-16 20:59:40 -------- d-----w- C:\Windows\System32\EventProviders

2012-07-16 20:48:59 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys

2012-07-16 20:48:16 -------- d-----w- C:\Program Files (x86)\ESET

2012-07-16 20:03:56 -------- d-----w- C:\Users\Master\AppData\Local\360Amigo

2012-07-16 20:03:56 -------- d-----w- C:\Program Files\360Amigo

2012-07-16 19:27:28 -------- d-----w- C:\Users\Master\AppData\Roaming\RoboForm

2012-07-16 19:12:15 -------- d-----w- C:\Program Files (x86)\Siber Systems

2012-07-16 15:04:59 732160 ----a-w- C:\Windows\SysWow64\imapi2fs.dll

2012-07-16 15:03:59 978944 ----a-w- C:\Windows\System32\WMSPDMOD.DLL

2012-07-16 15:01:59 529408 ----a-w- C:\Windows\System32\wbemcomn.dll

2012-07-16 15:01:59 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll

2012-07-16 15:01:54 244736 ----a-w- C:\Windows\System32\sqmapi.dll

2012-07-16 08:05:52 -------- d-----w- C:\Users\Master\AppData\Local\Google

2012-07-16 08:05:41 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-16 08:05:41 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-15 22:06:36 -------- d-----w- C:\Users\Master\AppData\Local\ATI

2012-07-15 22:06:34 -------- d-----w- C:\Users\Master\AppData\Roaming\Intel Corporation

2012-07-15 21:58:27 -------- d-----w- C:\Windows\SysWow64\Wat

2012-07-15 21:58:27 -------- d-----w- C:\Windows\System32\Wat

2012-07-15 21:57:34 0 ----a-w- C:\Windows\ativpsrm.bin

2012-07-15 21:18:34 540696 ----a-w- C:\Windows\System32\drivers\iaStor.sys

2012-07-15 21:18:34 -------- d-----w- C:\Intel

2012-07-15 21:17:34 9096 ----a-w- C:\Windows\System32\EuGdiDrv.sys

2012-07-15 21:17:34 86408 ----a-w- C:\Windows\SysWow64\setupempdrv03.exe

2012-07-15 21:17:34 8456 ----a-w- C:\Windows\SysWow64\EuGdiDrv.sys

2012-07-15 21:17:34 3316736 ----a-w- C:\Windows\System32\BootMan.exe

2012-07-15 21:17:34 2468520 ----a-w- C:\Windows\SysWow64\BootMan.exe

2012-07-15 21:17:34 19840 ----a-w- C:\Windows\SysWow64\EuEpmGdi.dll

2012-07-15 21:17:34 16776 ----a-w- C:\Windows\System32\epmntdrv.sys

2012-07-15 21:17:34 16256 ----a-w- C:\Windows\System32\EuEpmGdi.dll

2012-07-15 21:17:34 14216 ----a-w- C:\Windows\SysWow64\epmntdrv.sys

2012-07-15 21:17:34 100232 ----a-w- C:\Windows\System32\setupempdrvx64.exe

2012-07-15 21:17:30 -------- d-----w- C:\Program Files (x86)\EaseUS

2012-07-15 21:13:42 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2012-07-15 21:11:58 1251944 ----a-w- C:\Windows\RtlExUpd.dll

2012-07-15 21:11:58 -------- d--h--w- C:\Program Files (x86)\Temp

2012-07-15 21:11:56 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe

2012-07-15 21:11:56 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2012-07-15 21:11:56 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2012-07-15 21:11:56 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2012-07-15 21:11:55 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2012-07-15 21:11:55 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2012-07-15 21:11:55 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-07-15 21:11:54 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2012-07-15 21:11:54 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2012-07-15 21:10:36 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2012-07-15 21:10:19 -------- d-----w- C:\Program Files\ATI Technologies

2012-07-15 21:10:16 -------- d-----w- C:\Program Files\ATI

2012-07-15 21:09:11 -------- d-----w- C:\ATI

2012-07-15 20:34:41 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-15 20:05:31 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2012-07-15 19:45:48 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-07-15 19:45:48 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-07-15 19:45:48 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-07-15 19:45:48 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-07-15 19:45:48 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-07-15 19:45:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-07-15 19:45:48 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-07-15 19:39:57 388096 ----a-r- C:\Users\Master\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-07-15 19:39:57 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-07-15 19:32:53 11864 ----a-w- C:\Windows\System32\drivers\kl2.sys

2012-07-15 19:32:52 460888 ----a-w- C:\Windows\System32\drivers\kl1.sys

2012-07-15 19:31:55 -------- d-----w- C:\Program Files (x86)\Check Point Software Technologies LTD

2012-07-15 19:26:59 515584 ----a-w- C:\Windows\System32\timedate.cpl

2012-07-15 19:26:59 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl

2012-07-15 19:26:58 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2012-07-15 19:26:57 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2012-07-15 19:26:46 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll

2012-07-15 19:26:46 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll

2012-07-15 19:26:09 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2012-07-15 19:26:07 33792 ----a-w- C:\Windows\System32\profprov.dll

2012-07-15 19:26:07 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-07-15 19:24:55 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2012-07-15 19:17:41 -------- d-----w- C:\Users\Master\AppData\Roaming\Malwarebytes

2012-07-15 19:16:51 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-07-15 19:11:00 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-07-15 19:11:00 2164224 ----a-w- C:\Program Files\Windows Journal\Journal.exe

2012-07-15 19:11:00 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-07-15 19:11:00 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-07-15 19:11:00 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-07-15 19:11:00 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-07-15 19:06:15 1731920 ----a-w- C:\Windows\System32\ntdll.dll

2012-07-15 19:06:15 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-07-15 19:03:41 77312 ----a-w- C:\Windows\System32\packager.dll

2012-07-15 19:03:41 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-07-15 19:00:59 -------- d-----w- C:\Users\Master\AppData\Local\Diagnostics

2012-07-15 18:56:07 -------- d-----w- C:\Users\Master\AppData\Local\WindowsUpdate

2012-07-15 18:56:06 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-07-15 18:56:06 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-07-15 18:56:06 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-07-15 18:53:50 -------- d-----w- C:\Users\Master\AppData\Roaming\CheckPoint

2012-07-15 18:53:47 -------- d-----w- C:\Program Files (x86)\Conduit

2012-07-15 18:53:45 -------- d-----w- C:\Users\Master\AppData\Local\Conduit

2012-07-15 18:53:37 -------- d-----w- C:\Program Files\CheckPoint

2012-07-15 18:53:31 -------- d-----w- C:\ProgramData\CheckPoint

2012-07-15 18:53:09 -------- d-sh--w- C:\Windows\Installer

2012-07-15 18:51:35 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-07-15 18:50:35 -------- d-----w- C:\Program Files (x86)\CheckPoint

2012-07-15 18:50:14 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-07-15 18:49:57 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-07-15 18:49:49 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-07-15 18:49:49 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-07-15 18:30:35 -------- d-----w- C:\Users\Master\AppData\Local\Apps

2012-07-15 05:44:20 -------- d-----w- C:\Windows\Panther

2012-07-15 04:57:07 -------- d-----w- C:\Users\Master\AppData\Local\VirtualStore

2012-07-05 16:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

==================== Find3M ====================

.

2012-07-16 22:08:27 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2012-07-16 22:08:26 175616 ----a-w- C:\Windows\System32\msclmd.dll

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 15:25:16.94 ===============

ATACH:

----------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 7/15/2012 6:56:49 AM

System Uptime: 7/19/2012 7:19:42 AM (56 hours ago)

.

Motherboard: MEDIONPC | | MS-7616

Processor: Intel® Core i7 CPU 870 @ 2.93GHz | CPU 1 | 1173/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 890 GiB total, 846.208 GiB free.

D: is FIXED (NTFS) - 40 GiB total, 39.528 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is FIXED (FAT32) - 596 GiB total, 216.933 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP14: 7/17/2012 2:35:46 AM - Installed Adobe Reader X (10.1.0).

RP13: 7/17/2012 3:28:50 AM - Installed Snagit 10.0.2

RP15: 7/18/2012 3:00:34 AM - Windows Update

RP16: 7/19/2012 2:06:44 AM - Installed Java 7 Update 5

RP17: 7/19/2012 2:08:07 AM - Installed JavaFX 2.1.1

RP18: 7/19/2012 3:00:15 AM - Windows Update

RP19: 7/19/2012 1:57:24 PM - Installed 7-Zip 9.20 (x64 edition)

RP20: 7/19/2012 3:35:01 PM - Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

RP21: 7/19/2012 3:35:50 PM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

RP22: 7/19/2012 3:37:38 PM - Installed OpenOffice.org 3.4

RP23: 7/20/2012 3:00:11 AM - Windows Update

.

==== Installed Programs ======================

.

360Amigo System Speedup PRO

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.3)

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Italian

CCC Help Japanese

CCC Help Norwegian

CCC Help Spanish

CCC Help Swedish

EaseUS Partition Master 9.1.1 Home Edition

ESET Online Scanner v3

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GoToMeeting 5.2.0.952

HiJackThis

Intel® Control Center

Intel® Rapid Storage Technology

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

Jing

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

OpenOffice.org 3.4

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

RoboForm 7-7-9-9 (All Users)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Skype Click to Call

Skype™ 5.10

Snagit 10.0.2

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VC 9.0 Runtime

ZoneAlarm Antivirus

ZoneAlarm Firewall

ZoneAlarm Free Antivirus + Firewall

ZoneAlarm Security

ZoneAlarm Security Toolbar

.

==== Event Viewer Messages From Past Week ========

.

7/21/2012 3:22:12 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

7/19/2012 1:17:21 AM, Error: Service Control Manager [7034] - The TrueVector Internet Monitor service terminated unexpectedly. It has done this 1 time(s).

7/17/2012 1:03:40 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

7/16/2012 9:47:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

7/16/2012 10:54:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Software Shadow Copy Provider service to connect.

7/16/2012 10:54:26 PM, Error: Service Control Manager [7000] - The Microsoft Software Shadow Copy Provider service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/16/2012 10:52:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service swprv with arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}

7/16/2012 10:44:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the ActiveX Installer (AxInstSV) service to connect.

7/16/2012 10:44:02 PM, Error: Service Control Manager [7000] - The ActiveX Installer (AxInstSV) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/16/2012 10:43:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service AxInstSv with arguments "" in order to run the server: {90F18417-F0F1-484E-9D3C-59DCEEE5DBD8}

7/16/2012 10:23:24 PM, Error: Service Control Manager [7022] - The Microsoft iSCSI Initiator Service service hung on starting.

7/16/2012 10:19:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.

7/16/2012 10:19:41 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/16/2012 10:18:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}

.

==== End Of File ===========================

====

BTW :]]

I had to reinstall WIndows because I was not even able to control a website after loggin in.

The screen froze after .

Evreywhere:mailbox,

memberssites.

Thanks for your help .

Share this post


Link to post
Share on other sites

ok so you're saying my pc is secure now?

I don't fall for the scareware stuff..

Ok but still there is something very strange because my browser sometimes just freezes and I have to restart it. Even now after a fresh install.

flash plugins that crashes .

I have setup opendns now and will see what happens.

Share this post


Link to post
Share on other sites

You make a full hard drive format, right? Did you transfer any information?

Share this post


Link to post
Share on other sites

Hi ,

no system files ...just programs that i use or files that i had created. I did a full format and even a new partition ...but there is still someone on my pc ....

There are 3 partitions on my disk ...and that is also strange ...two are for the system files and the 3rd is what I use as c:

Sometimes i can't access certain websites ...and no it's not porno or games or any of that kind...or those strange websites..or download sites.

my pc is only used for private programs and youtube and facebook ...but that's all. I often go to webinars and i have rally huge problems to just enter a goto webinar. I have to really force my pc to go there..

and also the loadtime is very anoying. I thought formatting and reinstalling would solve the problems...it didn't.

Do you think perhaps that the other partitions are hacked? Can I just remove everything from there? because it says system files. I am using win7 and have downloaded the drivers etc.. on a removable disk

and have an win7 installation dvd./cd

Share this post


Link to post
Share on other sites

YOu create a new main system partion, but what about the other partitions? They could be infected too.

Share this post


Link to post
Share on other sites

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

Share this post


Link to post
Share on other sites

Hi Yes I am still here . I had some physical problems ,and couldn't go online.

Anyway that could be the problem.

But these partitions are not accessable by me.

How do I sole this?

Delete the partitions?

Will my windows still work?

And will I have problems to upload system files, when resinatlling windows?

Thanks

Do I have to reinstall windows

Share this post


Link to post
Share on other sites

When you re-install your Windows you should have access back to your partitions.

Share this post


Link to post
Share on other sites

yes i know...but I can only delete or create new partition, so ther's nothing you can do for me ?

thnx

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.