Spyware Adware Virus Hijack Removal Forums - Malware Crypt  

Go Back   Spyware Adware Virus Hijack Removal Forums - Malware Crypt > Malware Removal > HijackThis logs and Malware Removal
Reload this Page HiJack This log help
Register FAQ Calendar Search Today's Posts Mark Forums Read

HijackThis logs and Malware Removal Post your HijackThis logs and requests here for help in removing infections - spyware, adware, viruses, hijackers.

Closed Thread
 
Thread Tools Display Modes
  #1  
Old 02-07-2010, 12:10 PM
voodoodave voodoodave is offline
Junior Member
  
Join Date: Feb 2010
Posts: 7
Default HiJack This log help
Can somebody look through this log please... I've removed somethings, but I am still having problems...It seems to be lagging a lot, and I have slow boot/shut down times.

I have run the usual MBAM, and SuperAnti Spyware, with no infections found.
Also, my ESET 4 does not load on boot up, but I can load the program when I've booted up.

Also the logfile always shows i'm using explorer as my browser, but I use Firefox, with ADblock plus, flash block plus, No script, and WOT. I just wondered why explorer always comes up as my browser.

Regards
Last edited by voodoodave; 02-07-2010 at 12:12 PM. Reason: Missed details
  #2  
Old 02-07-2010, 12:10 PM
voodoodave voodoodave is offline
Junior Member
  
Join Date: Feb 2010
Posts: 7
Default
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:00:00, on 07/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\eBoostr\EBstrSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Farstone\HackerSmacker\FWMain.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\Program Files\Farstone\HackerSmacker\FWCOM.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Orbitdownloader\Grab.exe
C:\Documents and Settings\Voodoo\Desktop\MalwareAndSpyware\hijackth is\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Farstone Webflt1 - {F0CABD54-804C-452A-AAA0-C8264997FC6D} - C:\Program Files\Farstone\HackerSmacker\webflt.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HS3_AutoRun] C:\Program Files\Farstone\HackerSmacker\FWMain.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} (DellSystemLite.Scanner) - http://support.dell.com/systemprofil...SystemLite.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FWCOM - FarStone Technology Inc. - C:\Program Files\Farstone\HackerSmacker\FWCOM.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 6833 bytes
  #3  
Old 02-07-2010, 12:59 PM
jintan's Avatar
jintan jintan is offline
MalwareCrypt Guy
  
Join Date: Sep 2008
Posts: 2,789
Default
Welcome to MalwareCrypt voodoodave,

Often these scans reference IE due to past times when it was the most commonly used browser, but also still list it as it is still interwoven in many ways with Windows, and a more likely target for malware changes. No infection showing in the logs, but you do have Stopzilla installed. This has been around for years, has never been seen as a beneficial security software, and tends to bring slowness to systems and net accesses. See the info and links on it's toolbar here.


But let's check in more detail as well.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

--------------

Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.
  #4  
Old 02-07-2010, 04:10 PM
voodoodave voodoodave is offline
Junior Member
  
Join Date: Feb 2010
Posts: 7
Default
Logfile of random's system information tool 1.06 (written by random/random)
Run by Voodoo at 2010-02-07 17:08:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (32%) free of 57 GB
Total RAM: 1023 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:08:46, on 07/02/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\eBoostr\EBstrSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Farstone\HackerSmacker\FWMain.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\Program Files\Farstone\HackerSmacker\FWCOM.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Orbitdownloader\Grab.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Voodoo\Desktop\RSIT.exe
C:\Documents and Settings\Voodoo\Desktop\MalwareAndSpyware\hijackth is\Voodoo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/yco...//uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Farstone Webflt1 - {F0CABD54-804C-452A-AAA0-C8264997FC6D} - C:\Program Files\Farstone\HackerSmacker\webflt.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HS3_AutoRun] C:\Program Files\Farstone\HackerSmacker\FWMain.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6F6FDB9E-5072-498C-BCB0-2B7F00C49EE7} (DellSystemLite.Scanner) - http://support.dell.com/systemprofil...SystemLite.CAB
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - eBoostr.com - C:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FWCOM - FarStone Technology Inc. - C:\Program Files\Farstone\HackerSmacker\FWCOM.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

--
End of file - 6926 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Voodoo.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Voodoo.job
C:\WINDOWS\tasks\SmartDefrag.job
C:\WINDOWS\tasks\WECPUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2010-01-12 240912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{1827766B-9F49-4854-8034-F6EE26FCB1EC}]
ZILLAbar Browser Helper Object - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll [2009-12-23 262800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{2B9F5787-88A5-4945-90E7-C4B18563BC5E}]
KeyScramblerBHO Class - C:\Program Files\KeyScrambler\KeyScramblerIE.dll [2009-12-28 796400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E3215F20-3212-11D6-9F8B-00D0B743919D}]
STOPzilla Browser Helper Object - C:\Program Files\STOPzilla!\SZIEBHO.dll [2010-01-28 247232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{F0CABD54-804C-452A-AAA0-C8264997FC6D}]
HookIe Class - C:\Program Files\Farstone\HackerSmacker\webflt.DLL [2005-07-18 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{C55BBCD6-41AD-48AD-9953-3609C48EACC7} - Grab Pro - C:\Program Files\Orbitdownloader\GrabPro.dll [2010-01-12 662720]
SITEguard
{98828DED-A591-462F-83BA-D2F62A68B8B8} - STOPzilla - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll [2009-12-23 262800]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-05-28 86016]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.e xe [2001-09-04 28672]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-07-29 335872]
"HS3_AutoRun"=C:\Program Files\Farstone\HackerSmacker\FWMain.exe [2005-07-23 323584]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MS CONFIG.EXE [2008-04-14 169984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint\Apoint.exe [2003-08-20 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\Program Files\Eraser\Eraser.exe [2009-06-10 334224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\Program Files\OO Software\Defrag\oodtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
C:\Program Files\Sandboxie\SbieCtrl.exe [2009-01-05 336896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-03-11 24095528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster2]
C:\Program Files\Uniblue\RegistryBooster2\RegistryBooster.exe [2007-04-13 1848864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Orbit.lnk]
C:\PROGRA~1\ORBITD~1\orbitdm.exe [2010-01-12 1785104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^MemTurbo.lnk]
C:\PROGRA~1\MEMTUR~1\MemTurbo.exe [2006-05-15 2314752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^WordWeb Pro.lnk]
C:\PROGRA~1\WordWeb\wweb32.exe [2007-01-27 44384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Voodoo^Start Menu^Programs^Startup^WordWeb.lnk]
C:\PROGRA~1\WordWeb\wweb32.exe [2007-01-27 44384]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
eBoostr Control Panel.lnk - C:\Program Files\eBoostr\eBoostrCP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2003-07-29 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
C:\WINDOWS\system32\LgNotify.dll [2003-06-20 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit "
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Spotify\spotify.exe"="C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\sys tem32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe"="C:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe:*:Enabled:Camfrog Client Module"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\sys tem32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Super Internet TV\Super Internet TV.exe"="C:\Program Files\Super Internet TV\Super Internet TV.exe:*:Enabled:Super Internet TV"
"C:\Program Files\MSN BackUp\MSNBackup.exe"="C:\Program Files\MSN BackUp\MSNBackup.exe:*:Enabled:MSN BackUp"
"C:\Program Files\Directory Lister Pro\DirListerPro.exe"="C:\Program Files\Directory Lister Pro\DirListerPro.exe:*:Enabledirectory Lister Pro"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ"
"C:\Program Files\PPStream\PPSAP.exe"="C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Directory Lister Pro\DirListerPro.exe"="C:\Program Files\Directory Lister Pro\DirListerPro.exe:*:Enabledirectory Lister Pro"

======List of files/folders created in the last 1 months======

2010-02-07 17:08:41 ----D---- C:\rsit
2010-02-06 17:41:42 ----D---- C:\Documents and Settings\Voodoo\Application Data\Rainmeter
2010-02-06 17:40:50 ----SHD---- C:\Config.Msi
2010-02-06 17:39:50 ----D---- C:\Program Files\Rainmeter
2010-02-01 22:45:27 ----D---- C:\Documents and Settings\Voodoo\Application Data\Foxit Software
2010-02-01 22:36:09 ----D---- C:\Program Files\AskBarDis
2010-01-31 13:05:38 ----D---- C:\Program Files\Zyzzyva-2.0.5
2010-01-28 22:39:58 ----D---- C:\Documents and Settings\All Users\Application Data\eboostr
2010-01-27 20:04:56 ----D---- C:\Program Files\eBoostr
2010-01-25 16:10:28 ----D---- C:\Documents and Settings\Voodoo\Application Data\Simply Super Software
2010-01-25 16:01:40 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-25 15:47:44 ----A---- C:\WINDOWS\system32\PARTIZAN.TXT
2010-01-25 15:25:40 ----A---- C:\WINDOWS\rootkitno.ini
2010-01-25 15:25:24 ----D---- C:\RootkitNO
2010-01-25 15:21:47 ----RASHOT---- C:\WINDOWS\winstart.bat
2010-01-21 23:20:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$
2010-01-15 00:32:14 ----D---- C:\WINDOWS\Applian FLV Player
2010-01-15 00:32:14 ----D---- C:\Program Files\FLV Player
2010-01-13 13:47:02 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

======List of files/folders modified in the last 1 months======

2010-02-07 17:08:43 ----D---- C:\WINDOWS\Temp
2010-02-07 17:08:41 ----D---- C:\WINDOWS\Prefetch
2010-02-07 12:57:35 ----D---- C:\downloads
2010-02-07 01:26:18 ----D---- C:\Documents and Settings\Voodoo\Application Data\Orbit
2010-02-07 01:24:47 ----D---- C:\Documents and Settings\Voodoo\Application Data\foobar2000
2010-02-06 17:41:10 ----SHD---- C:\WINDOWS\Installer
2010-02-06 17:41:01 ----D---- C:\WINDOWS\WinSxS
2010-02-06 17:39:50 ----D---- C:\Program Files
2010-02-06 15:55:02 ----D---- C:\Program Files\XYplorer
2010-02-05 19:28:22 ----RASH---- C:\boot.ini
2010-02-05 19:28:22 ----A---- C:\WINDOWS\win.ini
2010-02-05 19:28:22 ----A---- C:\WINDOWS\system.ini
2010-02-05 19:14:39 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2010-02-05 19:14:28 ----D---- C:\WINDOWS\system32\drivers
2010-02-05 19:10:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-05 19:10:26 ----A---- C:\Debug.txt
2010-02-05 19:10:11 ----D---- C:\WINDOWS\system32\config
2010-02-05 18:59:34 ----D---- C:\WINDOWS
2010-02-05 17:25:00 ----D---- C:\Documents and Settings\Voodoo\Application Data\Spotify
2010-02-02 10:33:57 ----D---- C:\WINDOWS\Config
2010-02-01 22:42:04 ----D---- C:\Program Files\Foxit Software
2010-01-29 14:43:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-01-29 14:36:08 ----D---- C:\Program Files\STOPzilla!
2010-01-29 14:34:21 ----D---- C:\WINDOWS\system32
2010-01-28 17:12:40 ----HD---- C:\WINDOWS\inf
2010-01-28 03:40:17 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-28 03:36:20 ----D---- C:\Program Files\UnHackMe
2010-01-25 16:11:45 ----D---- C:\Program Files\Trojan Remover
2010-01-25 16:02:08 ----D---- C:\Program Files\SUPERAntiSpyware
2010-01-25 16:01:40 ----D---- C:\Program Files\Common Files
2010-01-25 15:35:23 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-25 14:58:15 ----D---- C:\Program Files\SpywareBlaster
2010-01-24 13:12:41 ----D---- C:\Program Files\Orbitdownloader
2010-01-23 22:25:03 ----SD---- C:\WINDOWS\Tasks
2010-01-23 20:21:34 ----D---- C:\Program Files\Mozilla Firefox
2010-01-22 03:17:18 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-21 23:20:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-21 23:18:27 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-17 20:36:02 ----D---- C:\Minidump
2010-01-17 20:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2010-01-17 19:41:12 ----D---- C:\WINDOWS\Debug
2010-01-08 20:12:59 ----D---- C:\Program Files\TVAnts
2010-01-08 20:11:15 ----D---- C:\Program Files\PPStream
2010-01-08 20:11:14 ----D---- C:\Documents and Settings\Voodoo\Application Data\PPStream
2010-01-08 19:42:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-02-06 56280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-10-09 17153]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-02-06 130952]
R2 fsnet;fsnet; C:\WINDOWS\system32\drivers\fsnet.sys [2005-07-18 18882]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2009-03-13 14037]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys [2001-04-09 17784]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2003-06-20 10970]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2003-08-21 94600]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2003-07-29 587264]
R3 b57w2k;Broadcom 570x Gigabit Integrated Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2003-05-21 175360]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 33792]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-02-06 33096]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-07-03 1063936]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2003-07-03 189056]
R3 KeyScrambler;KeyScrambler; C:\WINDOWS\System32\drivers\keyscrambler.sys [2009-10-04 115312]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2002-11-08 20579]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys []
R3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2009-04-06 23064]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2002-11-11 193840]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-07-03 631680]
S2 ATE_PROCMON;ATE_PROCMON; \\??\\C:\\Program Files\\Anti Trojan Elite\\ATEPMon.sys []
S3 a7al103e;a7al103e; C:\WINDOWS\system32\drivers\a7al103e.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\drivers\BTDriver.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 btwhid;btwhid; C:\WINDOWS\system32\drivers\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\system32\drivers\BTWUSB.sys []
S3 HidBth;Microsoft Bluetooth HID Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-14 25600]
S3 JakNDisMP;JakNDisMP; C:\WINDOWS\system32\DRIVERS\JakNDis.sys []
S3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-17 25505]
S3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-17 37887]
S3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801]
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\DA9.tmp []
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-09-10 47360]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver; C:\WINDOWS\system32\DRIVERS\w70n51.sys [2003-06-11 2477952]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2003-07-16 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2003-07-29 323584]
R2 EBOOSTRSVC;eBoostr Service; C:\Program Files\eBoostr\EBstrSvc.exe [2010-01-29 634488]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 MA_CMIDI_InstallerService;M-Audio Series II MIDI Installer; C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe [2007-01-08 94208]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 RegSrvc;RegSrvc; C:\WINDOWS\system32\RegSrvc.exe [2003-06-20 122880]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\system32\S24EvMon.exe [2003-06-20 303171]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2009-01-05 52224]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 FWCOM;FWCOM; C:\Program Files\Farstone\HackerSmacker\FWCOM.exe [2005-07-18 69632]
R4 szserver;STOPzilla Service; C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe [2009-12-23 57344]
S2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2008-07-25 69632]
S2 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-02-06 20680]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2008-07-25 34312]
S3 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-04-29 139264]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-03-29 72704]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
  #5  
Old 02-07-2010, 04:11 PM
voodoodave voodoodave is offline
Junior Member
  
Join Date: Feb 2010
Posts: 7
Default
info.txt logfile of random's system information tool 1.06 2010-02-07 17:08:51

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.64-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_acti veX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plug in.exe
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
AMR Player 1.3-->"C:\Program Files\AMR Player\unins000.exe"
Applian FLV Player-->"C:\WINDOWS\Applian FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
Applied Acoustics Systems - String Studio VS-1 v1.1-->C:\Program Files\AAS\String Studio VS-1\Uninstall.exe
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallI NFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
Broadcom Gigabit Integrated Controller-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\I Driver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Clean Virus MSN-->"C:\Program Files\AxBx\Clean Virus MSN\unins000.exe"
C-Major Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Conexant D480 MDC V.9x Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SU BSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Connect Four 1.1.0-->"C:\Program Files\Novel Games\Connect Four\unins000.exe"
Directory Lister v0.9.1-->"C:\Program Files\Directory Lister\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DVD Flick 1.3.0.7-->"C:\Program Files\DVD Flick\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
eBoostr 3-->C:\Program Files\eBoostr\uninstall.exe
Eraser 5.8.7-->"C:\Program Files\Eraser\unins000.exe"
eSobi v2-->C:\Program Files\InstallShield Installation Information\{15D967B5-A4BE-42AE-9E84-64CD062B25AA}\setup.exe -runfromtemp -l0x0409
eSobi v2-->MsiExec.exe /X{15D967B5-A4BE-42AE-9E84-64CD062B25AA}
Flash Video Grabber-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C53332CE-CB92-4164-A876-A0AC0DE26164}\Setup.exe" -l0x9
FLVPlayer4Free Free FLV Player 3.3.0.0-->"C:\Program Files\FLVPlayer4Free\unins000.exe"
foobar2000 v0.9.6.2-->"C:\Program Files\foobar2000\uninstall.exe" _?=C:\Program Files\foobar2000
Foxit Creator-->C:\Program Files\Foxit Software\PDF Creator\uninstall.exe
Foxit PDF Editor-->C:\Program Files\Foxit Software\PDF Editor\uninstall.exe
Foxit PDF IFilter-->MsiExec.exe /I{93099B48-E36A-46C9-A03F-C85201D9B1C1}
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Foxit Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
HackerSmacker-->MsiExec.exe /X{E02C35F1-9621-41C0-A812-4C27D66B0B03}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spunin st.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spunin st.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
I-Doser 4.5-->C:\Program Files\I-Doser\WickedFriends\Uninstall.exe
IL Autogun-->C:\Program Files\Image-Line\IL Autogun\uninstall.exe
Intel(R) PROSet-->MsiExec.exe /I{181934AF-3E7B-450D-804F-2B812E018ED1}
Jamstix 2.2.1 Update-->"C:\Program Files\Steinberg\VstPlugins\jamstix2\unins000.exe"
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
KeyScrambler-->C:\Program Files\KeyScrambler\uninstall.exe
Logitech MouseWare 9.79.1 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
M-Audio Series II MIDI-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\ 50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{379BD39E-F13E-458F-96D8-56BD7F2CC516}\setup.exe" -l0x9 -removeonly
Memturbo (TM) 4-->"C:\Program Files\Memturbo 4\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microso ft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Miroslav Philharmonik CE-->C:\Program Files\InstallShield Installation Information\{8ED43CF1-5E56-4D0C-AEB1-A9F9C164B9BC}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Morgan Stream Switcher-->"C:\Program Files\Morgan\mmswitch\uninst.exe"
MorphVOX Junior-->MsiExec.exe /I{402ED8C0-824E-48A2-AB07-C8820E9CD8E9}
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN BackUp 1.3.4-->C:\Program Files\MSN BackUp\uninst.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Native Instruments Kontakt 2-->C:\PROGRA~1\NATIVE~1\KONTAK~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KONTAK~1\INSTALL.LOG
Native Instruments Kontakt 3-->C:\PROGRA~1\NATIVE~1\KONTAK~2\UNWISE.EXE C:\PROGRA~1\NATIVE~1\KONTAK~2\INSTALL.LOG
NoteWorthy Composer-->C:\PROGRA~1\NOTEWO~1\Uninstal.exe
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
Personal Chess Trainer 2007 3.02-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{7514B~1\S etup.exe /remove /q0
PixiePack Codec Pack-->MsiExec.exe /I{621FCD24-4498-4324-A81E-07D331376EDF}
PrimoPDF-->"C:\WINDOWS\PrimoPDF4\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstallPrimoP DF4.xml"
Rainmeter (remove only)-->"C:\Program Files\Rainmeter\uninst.exe"
Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"
Recuva (remove only)-->"C:\Program Files\Recuva\uninst.exe"
SampleTank 2-->C:\Program Files\InstallShield Installation Information\{6559654F-2F38-491F-8411-211517C3E635}\setup.exe -runfromtemp -l0x0009 uninstall -removeonly
Sandboxie 3.34-->"C:\WINDOWS\Installer\SandboxieInstall.exe" /remove
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\sp uninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\sp uninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\sp uninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\sp uninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spunin st.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spunin st.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spunin st.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spunin st.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spunin st.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spunin st.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spunin st.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spunin st.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spunin st.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spunin st.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spunin st.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spunin st.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spunin st.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spunin st.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spunin st.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spunin st.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spunin st.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spunin st.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spunin st.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spunin st.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spunin st.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spunin st.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spunin st.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spunin st.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spunin st.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spunin st.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spunin st.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spunin st.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spunin st.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spunin st.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spunin st.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spunin st.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spunin st.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spunin st.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spunin st.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spunin st.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spunin st.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spunin st.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spunin st.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spunin st.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spunin st.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spunin st.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spunin st.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spunin st.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spunin st.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spunin st.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spunin st.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spunin st.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spunin st.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spunin st.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spunin st.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spunin st.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spunin st.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spunin st.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spunin st.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spunin st.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spunin st.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spunin st.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spunin st.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spunin st.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sibelius 5-->MsiExec.exe /I{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}
SigmaTel AC97 Audio Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7959721D-8268-4565-9E0E-C41A9F4848A9}\setup.exe" -l0x9 -nodialog -uninstall
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Smart Defrag-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
Sophos Anti-Rootkit 1.3.1-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove
SOWPODS (SCRABBLE) Dictionary-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\SOWPODS (SCRABBLE) Dictionary\ST6UNST.LOG"
Spotify-->"C:\Program Files\Spotify\uninstall.exe"
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Steinberg Cubase SX v3.0.2.623-->C:\PROGRA~1\STEINB~1\CUBASE~1\UNWISE.EXE C:\PROGRA~1\STEINB~1\CUBASE~1\INSTALL.LOG
STOPzilla Toolbar-->MsiExec.exe /X{A5653E98-C00B-421B-86A2-E7DA75BFD97A}
STOPzilla-->MsiExec.exe /X{1D0D9BF9-E44B-4666-A41E-924D1E1F205F}
Super Internet TV v8.0 (Free Edition)-->"C:\Program Files\Super Internet TV\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
SyncroSoft Emu (Remove only)-->C:\Program Files\SyncroSoft\Pos\H2O\Uninst.exe
Syncrosoft's License Control-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
Tank wars 1.1-->"C:\Program Files\Absolutist.com\Tank wars\unins000.exe"
Trojan Remover 6.8.0-->"C:\Program Files\Trojan Remover\unins000.exe"
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TweetDeck-->MsiExec.exe /X{0FA9A7F0-B2B3-52C9-2034-5F28C9DB525C}
Ulisess Seguridad 9.99 C rev1-->C:\Archivos de programa\ESET\Ulisess Seguridad\uninstall.exe
Uniblue RegistryBooster 2010-->"C:\Program Files\Uniblue\RegistryBooster\unins000.exe"
Uniblue RegistryBooster2-->"C:\Program Files\Uniblue\RegistryBooster2\unins000.exe"
Uniblue SpeedUpMyPC 2009-->"C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spunin st.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spunin st.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spunin st.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spunin st.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spunin st.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spunin st.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spunin st.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spunin st.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spunin st.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spunin st.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spunin st.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spunin st.exe"
USBKVM Switcher 2.12-->"C:\Program Files\USBKVM Switcher\unins000.exe"
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Veetle TV 0.9.15-->C:\Program Files\Veetle\UninstallVeetleTV.exe
VLC media player 0.9.8a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Essentials Media Codec Pack 2.2c-->C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spu ninst.exe"
WordWeb Pro-->C:\Program Files\WordWeb\uninst.exe
XYplorer 8.40-->C:\Program Files\XYplorer\Uninstall.exe
Zyzzyva-->C:\Program Files\Zyzzyva-2.0.5\uninstall.exe

=====HijackThis Backups=====

O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-06-19]
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) [2009-06-19]
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-06-19]
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [2009-11-30]
O4 - Global Startup: USBKVM Switcher.lnk = C:\Program Files\USBKVM Switcher\USBKVM.exe [2009-11-30]
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') [2009-11-30]
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [2009-11-30]
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC [2009-11-30]
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [2009-11-30]
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [2009-11-30]
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup [2009-11-30]
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [2009-11-30]
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 [2009-11-30]
O4 - HKLM\..\Run: [HS3_AutoRun] C:\Program Files\Farstone\HackerSmacker\FWMain.exe [2009-11-30]
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe -hide [2009-11-30]
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [2009-11-30]
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent [2009-11-30]
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe [2009-11-30]
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Program Files\UnHackMe\hackmon.exe [2009-11-30]
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') [2009-11-30]
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2010-02-07]
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2010-02-07]

======Security center information======

AV: ESET Smart Security 4.0 (disabled)
FW: ESET Personal firewall

======System event log======

Computer Name: HOME-43XJ81EHD3
Event Code: 18
Message: Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.

Record Number: 8607
Source Name: BTHUSB
Time Written: 20091109125918.000000+000
Event Type: warning
User:

Computer Name: HOME-43XJ81EHD3
Event Code: 4
Message: Broadcom 570x Gigabit Integrated Controller: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 8606
Source Name: b57w2k
Time Written: 20091109125918.000000+000
Event Type: warning
User:

Computer Name: HOME-43XJ81EHD3
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 8599
Source Name: W32Time
Time Written: 20091108052149.000000+000
Event Type: warning
User:

Computer Name: HOME-43XJ81EHD3
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
IntelIde

Record Number: 8585
Source Name: Service Control Manager
Time Written: 20091107154255.000000+000
Event Type: error
User:

Computer Name: HOME-43XJ81EHD3
Event Code: 18
Message: Windows cannot store Bluetooth link keys on the local transceiver because it cannot determine whether proper security is enabled for the device.

Record Number: 8583
Source Name: BTHUSB
Time Written: 20091107154156.000000+000
Event Type: warning
User:

=====Application event log=====

Computer Name: HOME-43XJ81EHD3
Event Code: 1000
Message: Faulting application pool_paradise.exe, version 0.0.0.0, faulting module pool_paradise.exe, version 0.0.0.0, fault address 0x000bc524.

Record Number: 467
Source Name: Application Error
Time Written: 20090523194908.000000+060
Event Type: error
User:

Computer Name: HOME-43XJ81EHD3
Event Code: 1517
Message: Windows saved user HOME-43XJ81EHD3\Voodoo registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 456
Source Name: Userenv
Time Written: 20090523190548.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HOME-43XJ81EHD3
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 455
Source Name: Userenv
Time Written: 20090523190547.000000+060
Event Type: warning
User: HOME-43XJ81EHD3\Voodoo

Computer Name: HOME-43XJ81EHD3
Event Code: 1000
Message: Faulting application pool_paradise.exe, version 0.0.0.0, faulting module pool_paradise.exe, version 0.0.0.0, fault address 0x000bc524.

Record Number: 453
Source Name: Application Error
Time Written: 20090523185031.000000+060
Event Type: error
User:

Computer Name: HOME-43XJ81EHD3
Event Code: 1000
Message: Faulting application pool_paradise.exe, version 0.0.0.0, faulting module pool_paradise.exe, version 0.0.0.0, fault address 0x000bc524.

Record Number: 451
Source Name: Application Error
Time Written: 20090523160953.000000+060
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemr oot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0d06
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------
  #6  
Old 02-07-2010, 04:16 PM
voodoodave voodoodave is offline
Junior Member
  
Join Date: Feb 2010
Posts: 7
Default
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-07 17:14:18
Windows 5.1.2600 Service Pack 3
Running: c02osxe2.exe; Driver: C:\DOCUME~1\Voodoo\LOCALS~1\Temp\kflyqpog.sys


---- System - GMER 1.0.15 ----

SSDT spzp.sys ZwEnumerateKey [0xF7528CA2]
SSDT spzp.sys ZwEnumerateValueKey [0xF7529030]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86F571F8

AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs eBoost.sys (eBoostr Filter Driver/eBoostr.com)
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \Fat 86B48500

AttachedDevice \FileSystem\Fastfat \Fat szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat eBoost.sys (eBoostr Filter Driver/eBoostr.com)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \Driver\Tcpip \Device\Ip fsnet.sys (fsnet/FarStone Technology Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\Tcpip \Device\Tcp fsnet.sys (fsnet/FarStone Technology Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\Tcpip \Device\Udp fsnet.sys (fsnet/FarStone Technology Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\Tcpip \Device\RawIp fsnet.sys (fsnet/FarStone Technology Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

---- Threads - GMER 1.0.15 ----

Thread System [4:576] 864FD930

---- EOF - GMER 1.0.15 ----
  #7  
Old 02-07-2010, 10:56 PM
jintan's Avatar
jintan jintan is offline
MalwareCrypt Guy
  
Join Date: Sep 2008
Posts: 2,789
Default
As a security site Malwarebytes ensures security for everyone. That means me, you and also those that create and sell software. The install list shows some premium softwares that are too often crack installs, but does show an illegal copy of Eset installed. So your most important security software comes from the same sources that create and distribute malware, and is illegal as well.

Normally at this point all assistance would end, as providing help on a system running illegal software then suggests support for those practices. If you would like to still continue with our repairs here, I will need you to uninstall ALL software on that system that is not a legal copy, and delete all files related to those. Then reboot after.

Then delete the existing C:\rsit folder, and run RSIT.exe again to create two new RSIT logs to post back here. I will not provide a tip list of what I think might be illegally installed, and expect that you know what is and is not, and remove those that are not. Best I might offer shy of just closing this request.
  #8  
Old 02-08-2010, 11:34 PM
voodoodave voodoodave is offline
Junior Member
  
Join Date: Feb 2010
Posts: 7
Default
Fair enough, can't argue with that.

Thanks for the time anyway.
  #9  
Old 02-09-2010, 04:16 PM
jintan's Avatar
jintan jintan is offline
MalwareCrypt Guy
  
Join Date: Sep 2008
Posts: 2,789
Default
I am assuming that brings this request to an end, so I will just close the thread.
Closed Thread

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT. The time now is 02:48 AM.

Contact Us - Malware Crypt - Archive - Top

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.
Copyright 2008 MalwareCrypt.com