DDS (Ver_09-07-30.01) - NTFSx86 Run by lega at 0:54:28.37 on Mon 09/07/2009 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2047.1332 [GMT 2:00] AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe C:\WINDOWS\system32\ctfmon.exe svchost.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\WinFast\WFDTV\DTVSchdl.exe C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\WINDOWS\system32\sstray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\MonitorSoftware\UPSMS.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe C:\Program Files\MonitorSoftware\jre\bin\javaw.exe C:\Program Files\BOINC\boincmgr.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\BOINC\boinctray.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\VMware\VMware Workstation\vmware-tray.exe C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\Wallpaper Master\Wallpaper.exe C:\Program Files\Desktop Sidebar\dsidebar.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\Program Files\MSI\PC Alert 4\PCAlert4.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\PROGRA~1\MONITO~1\wpRMI.exe C:\Program Files\MonitorSoftware\jre\bin\javaw.exe C:\Program Files\BOINC\boinc.exe C:\WINDOWS\system32\notepad.exe C:\PROGRA~1\MONITO~1\monitor.exe C:\Program Files\MonitorSoftware\jre\bin\javaw.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\download\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.neobee.net/ uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Idea2 SidebarBrowserMonitor Class: {45ad732c-2ce2-4666-b366-b2214ad57a49} - c:\program files\desktop sidebar\sbhelp.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [WallpaperChanger] c:\program files\wallpaper master\Wallpaper.exe uRun: [SIDEBAR] "c:\program files\desktop sidebar\dsidebar.exe" uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [WinFastDTV] c:\program files\winfast\wfdtv\DTVSchdl.exe mRun: [WinFast Schedule] c:\program files\winfast\wftvfm\WFWIZ.exe mRun: [nForce Tray Options] sstray.exe /r mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe" mRun: [UPSMS] c:\program files\monitorsoftware\UPSMS.exe mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe" mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s mRun: [boinctray] "c:\program files\boinc\boinctray.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe" dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 StartupFolder: c:\docume~1\dragan~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pcaler~1.lnk - c:\program files\msi\pc alert 4\PCAlert4.exe mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1) IE: &NeoTrace It! - c:\progra~1\neotra~1\NTXcontext.htm IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Prevedi sa Di recnikom - c:\program files\di recnik\diie.htm IE: Translate with Di dictionary - IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {09FE188B-6E85-479e-9411-51FB2220DF80} - {45AD732C-2CE2-4666-B366-B2214AD57A49} - c:\program files\desktop sidebar\sbhelp.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL LSP: c:\program files\vmware\vmware workstation\vsocklib.dll DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.1.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1243450452041 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1243464585953 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: {13ED3C5E-5695-46B1-A09B-252C4F9A8E0B} = 80.74.14.249,208.67.222.222,208.67.220.220,80.74.164.12,80.74.164.52,156.154.70.1,156.154.71.1,67.138.54.100,207.225.209.66 TCP: {DC804003-9274-442E-BCD4-12C4A976455C} = 80.74.164.12,80.74.164.52 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\dragan~1\applic~1\mozilla\firefox\profiles\3bb3uivk.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.neobee.net FF - component: c:\documents and settings\dragan legic\application data\mozilla\firefox\profiles\3bb3uivk.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll FF - plugin: c:\progra~1\opera1~1\program\plugins\npdsplay.dll FF - plugin: c:\progra~1\opera1~1\program\plugins\nppl3260.dll FF - plugin: c:\progra~1\opera1~1\program\plugins\npqtplugin.dll FF - plugin: c:\progra~1\opera1~1\program\plugins\npqtplugin2.dll FF - plugin: c:\progra~1\opera1~1\program\plugins\npqtplugin3.dll FF - plugin: c:\progra~1\opera1~1\program\plugins\npqtplugin4.dll FF - plugin: c:\progra~1\opera1~1\program\plugins\npqtplugin5.dll FF - plugin: c:\progra~1\opera1~1\program\plugins\npqtplugin6.dll FF - plugin: c:\progra~1\opera1~1\program\plugins\npqtplugin7.dll FF - plugin: c:\progra~1\opera1~1\program\plugins\nprpjplug.dll FF - plugin: c:\progra~1\opera1~1\program\plugins\npwmsdrm.dll FF - plugin: c:\program files\google\google earth plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\opera 10 beta\program\plugins\npdsplay.dll FF - plugin: c:\program files\opera 10 beta\program\plugins\nppl3260.dll FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin.dll FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin2.dll FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin3.dll FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin4.dll FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin5.dll FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin6.dll FF - plugin: c:\program files\opera 10 beta\program\plugins\npqtplugin7.dll FF - plugin: c:\program files\opera 10 beta\program\plugins\nprpjplug.dll FF - plugin: c:\program files\opera 10 beta\program\plugins\npwmsdrm.dll FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess"); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); ============= SERVICES / DRIVERS =============== R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-5-28 38432] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-27 64160] R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2009-7-27 27704] R1 cdrport;cdrport;c:\windows\system32\drivers\cdrport.sys [2009-7-31 4608] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256] R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-1-13 15872] R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-5-29 718880] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-5-14 731840] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-5-28 232720] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-6-15 604416] R2 UPSmonitor;UPSmonitor;c:\progra~1\monito~1\monitor.exe -zglaxservice upsmonitor --> c:\progra~1\monito~1\monitor.exe -zglaxservice UPSmonitor [?] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-8-14 54960] R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [2009-6-19 4096] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-5-28 19096] R3 PCAlertDriver;PCAlertDriver;c:\program files\msi\pc alert 4\NTGLM7X.sys [2009-6-2 28160] R3 UPSRMI;UPSRMI;c:\progra~1\monito~1\wprmi.exe -zglaxservice upsrmi --> c:\progra~1\monito~1\wpRMI.exe -zglaxservice UPSRMI [?] R3 WFIOCTL;WFIOCTL;c:\program files\winfast\wfdtv\WFIOCTL.sys [2009-5-27 9446] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456] S3 UPSmanager;UPSmanager;c:\progra~1\monito~1\manager.exe -zglaxservice upsmanager --> c:\progra~1\monito~1\manager.exe -zglaxservice UPSmanager [?] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-7-3 91472] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?] S4 gupdate1c9e1123abe1dee;Google Update Service (gupdate1c9e1123abe1dee);c:\program files\google\update\GoogleUpdate.exe [2009-5-30 133104] =============== Created Last 30 ================ 2009-08-30 15:43 --d----- c:\program files\RootkitRevealer 2009-08-28 13:49 --d----- C:\EasyBoot 2009-08-25 22:15 --d----- c:\program files\VMwareDiskresize 2009-08-24 20:12 --d----- C:\AutoPatcher 2009-08-21 19:59 55,856 a----r-- c:\windows\system32\vnetinst.dll 2009-08-21 19:59 16,560 a----r-- c:\windows\system32\drivers\vmnetadapter.sys 2009-08-21 19:59 326,192 a------- c:\windows\system32\vmnetdhcp.exe 2009-08-21 19:59 399,920 a------- c:\windows\system32\vmnat.exe 2009-08-21 19:59 26,288 a------- c:\windows\system32\drivers\vmnetuserif.sys 2009-08-21 19:59 50,736 a----r-- c:\windows\system32\vmnetbridge.dll 2009-08-21 19:59 31,280 a----r-- c:\windows\system32\drivers\vmnetbridge.sys 2009-08-21 19:59 18,736 a----r-- c:\windows\system32\drivers\vmnet.sys 2009-08-21 19:59 723,504 a------- c:\windows\system32\vnetlib.dll 2009-08-21 19:58 23,216 a------- c:\windows\system32\drivers\VMkbd.sys 2009-08-21 19:56 --d----- c:\program files\VMware 2009-08-16 01:33 --d----- c:\program files\SRWare Iron 2009-08-16 00:27 --d----- c:\program files\Symantec 2009-08-16 00:25 --d----- c:\docume~1\alluse~1\applic~1\Symantec 2009-08-14 20:20 32,304 a------- c:\windows\system32\drivers\hcmon.sys 2009-08-14 20:20 54,960 a------- c:\windows\system32\drivers\vmci.sys 2009-08-14 20:20 857,520 a------- c:\windows\system32\drivers\vmx86.sys 2009-08-14 20:19 14,896 a------- c:\windows\system32\drivers\vmparport.sys 2009-08-14 19:19 --d----- c:\program files\Windows Imaging 2009-08-14 19:18 --d----- c:\program files\Windows AIK 2009-08-14 15:17 252,464 a------- c:\windows\system32\vmnc.dll 2009-08-12 13:29 118,600 a---h--- c:\windows\system32\mlfcache.dat 2009-08-12 00:10 221,184 a------- c:\windows\system32\wmpns.dll 2009-08-11 16:07 73,728 a------- c:\windows\system32\javacpl.cpl 2009-08-11 15:40 --d----- c:\program files\VS Revo Group 2009-08-11 14:22 --d----- c:\program files\Windows Installer Clean Up ==================== Find3M ==================== 2009-08-11 16:07 411,368 a------- c:\windows\system32\deploytk.dll 2009-08-05 11:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2009-08-03 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-03 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys 2009-07-27 04:43 58,908 a------- c:\windows\system32\drivers\scdemu.sys 2009-07-22 11:51 87,608 a------- c:\docume~1\dragan~1\applic~1\inst.exe 2009-07-22 11:51 47,360 a------- c:\windows\system32\drivers\pcouffin.sys 2009-07-22 11:51 47,360 a------- c:\docume~1\dragan~1\applic~1\pcouffin.sys 2009-07-21 00:00 81,920 a------- c:\docume~1\dragan~1\applic~1\ezpinst.exe 2009-07-17 21:01 58,880 a------- c:\windows\system32\atl.dll 2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll 2009-07-10 17:51 91,472 a------- c:\windows\system32\drivers\VBoxNetAdp.sys 2009-07-10 17:51 41,424 a------- c:\windows\system32\drivers\VBoxUSBMon.sys 2009-07-10 17:51 115,856 a------- c:\windows\system32\drivers\VBoxDrv.sys 2009-07-03 19:09 915,456 a------- c:\windows\system32\wininet.dll 2009-06-25 10:25 730,112 a------- c:\windows\system32\lsasrv.dll 2009-06-25 10:25 301,568 a------- c:\windows\system32\kerberos.dll 2009-06-25 10:25 147,456 a------- c:\windows\system32\schannel.dll 2009-06-25 10:25 136,192 a------- c:\windows\system32\msv1_0.dll 2009-06-25 10:25 56,832 a------- c:\windows\system32\secur32.dll 2009-06-25 10:25 54,272 a------- c:\windows\system32\wdigest.dll 2009-06-19 16:26 30,720 a------- c:\windows\system32\bbcap.dll 2009-06-19 16:26 4,608 a------- c:\windows\system32\bbchlp.dll 2009-06-16 16:36 119,808 a------- c:\windows\system32\t2embed.dll 2009-06-16 16:36 81,920 a------- c:\windows\system32\fontsub.dll 2009-06-15 10:38 604,416 a------- c:\windows\system32\TUProgSt.exe 2009-06-15 10:38 361,216 a------- c:\windows\system32\TuneUpDefragService.exe 2009-06-12 14:31 80,896 a------- c:\windows\system32\tlntsess.exe 2009-06-12 14:31 76,288 a------- c:\windows\system32\telnet.exe 2009-06-10 22:30 6,656 a------- c:\windows\system32\haspvdd.dll 2009-06-10 16:13 84,992 a------- c:\windows\system32\avifil32.dll 2009-06-10 11:05 828,160 a------- c:\windows\boinc.scr 2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll 2009-06-10 08:14 132,096 a------- c:\windows\system32\wkssvc.dll 2009-06-10 02:53 5,642 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys 2009-06-10 02:44 8 ---shr-- c:\docume~1\alluse~1\applic~1\982C7ABED8.sys 2009-05-30 14:13 8 ---shr-- c:\docume~1\alluse~1\applic~1\A542293559.sys 2009-05-27 20:37 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat 2009-05-27 20:37 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat 2009-05-27 20:37 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009052720090528\index.dat 2009-05-27 20:37 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat ============= FINISH: 0:54:53.29 ===============