DDS (Ver_10-03-17.01) - NTFSx86 Run by Undefined at 14:32:11.57 on Sun 06/06/2010 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1015.512 [GMT 5.5:30] AV: ESET NOD32 Antivirus 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe Z:\eBooster\EBstrSvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe Z:\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\WINDOWS\system32\vmnat.exe C:\WINDOWS\system32\vmnetdhcp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe Z:\Download\Required files\dds.scr ============== Pseudo HJT Report =============== uInternet Settings,ProxyServer = http=;ftp=;https=; uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [Malwarebytes' Anti-Malware] "z:\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice uPolicies-explorer: NoSMBalloonTip = 1 (0x1) IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: z:\vmware\vsocklib.dll Notify: igfxcui - igfxdev.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\ninad\applic~1\mozilla\firefox\profiles\0e75op1o.default\ FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 eBoost;eBoostr caching filter driver;c:\windows\system32\drivers\eBoost.sys [2010-4-15 150616] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-29 114984] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-3-29 95872] R2 EBOOSTRSVC;eBoostr Service;z:\ebooster\EBstrSvc.exe [2010-5-31 340992] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-29 810120] R2 MBAMService;MBAMService;z:\malwarebytes' anti-malware\mbamservice.exe [2010-5-20 304464] R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-10-22 70704] R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2009-10-22 563760] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-20 20952] =============== Created Last 30 ================ 2010-06-02 13:02:07 0 d-----w- c:\docume~1\alluse~1\applic~1\AMMYY 2010-05-31 15:24:29 0 d-----w- c:\docume~1\ninad\applic~1\PlatinumHideIP 2010-05-31 15:24:29 0 d-----w- c:\docume~1\alluse~1\applic~1\PlatinumHideIP 2010-05-31 14:18:55 0 d-----w- c:\docume~1\ninad\applic~1\TeamViewer 2010-05-31 14:18:48 0 d-----w- c:\documents and settings\ninad\temp 2010-05-31 07:44:02 0 d-----w- c:\docume~1\alluse~1\applic~1\eboostr 2010-05-29 23:29:31 0 d-s---w- c:\documents and settings\ninad\UserData 2010-05-29 23:17:17 0 d-----w- c:\program files\ESET 2010-05-28 15:59:57 0 d-----w- c:\program files\common files\DirectX 2010-05-28 11:28:57 300 ----a-w- c:\documents and settings\ninad\msgbox.vbs 2010-05-28 08:42:08 299008 ----a-w- c:\windows\uninst.exe 2010-05-28 08:42:06 0 d-----w- c:\documents and settings\ninad\WINDOWS 2010-05-26 06:14:05 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll 2010-05-26 06:07:40 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll 2010-05-25 12:33:04 432 --sha-r- c:\documents and settings\ninad\ntuser.pol 2010-05-24 23:17:24 466944 ----a-w- c:\windows\system32\wmv8dmoe.dll 2010-05-24 19:06:41 0 d-----w- c:\program files\uCertify 2010-05-24 15:29:53 31280 ----a-r- c:\windows\system32\drivers\vmusb.sys 2010-05-23 19:09:09 0 d-----w- c:\program files\Yahoo! 2010-05-23 02:56:10 0 d-----w- c:\docume~1\ninad\applic~1\Atari 2010-05-22 10:40:21 59952 ----a-r- c:\windows\system32\vnetinst.dll 2010-05-22 10:40:21 16560 ----a-r- c:\windows\system32\drivers\vmnetadapter.sys 2010-05-22 10:40:15 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe 2010-05-22 10:40:12 395824 ----a-w- c:\windows\system32\vmnat.exe 2010-05-22 10:40:11 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys 2010-05-22 10:40:10 0 d-----w- c:\windows\system32\appmgmt 2010-05-22 10:40:08 18736 ----a-r- c:\windows\system32\drivers\vmnet.sys 2010-05-22 10:40:02 760368 ----a-w- c:\windows\system32\vnetlib.dll 2010-05-22 10:39:41 23216 ----a-w- c:\windows\system32\drivers\VMkbd.sys 2010-05-22 10:39:28 1024 ----a-w- C:\.rnd 2010-05-22 10:38:55 0 d-----w- c:\program files\common files\VMware 2010-05-22 10:36:32 0 d-----w- c:\program files\VMware 2010-05-21 10:44:26 0 d-----w- c:\windows\system32\explorer 2010-05-21 10:41:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2010-05-20 18:57:31 0 d-----w- c:\docume~1\ninad\applic~1\uTorrent 2010-05-20 13:19:42 0 d-----w- c:\program files\MSXML 6.0 2010-05-20 07:56:40 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-05-20 07:56:39 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-05-20 07:56:39 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-05-20 07:56:39 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-05-20 07:41:38 0 d-----w- c:\docume~1\ninad\applic~1\twinsplay 2010-05-20 05:13:59 0 d-----w- c:\docume~1\ninad\applic~1\Malwarebytes 2010-05-20 05:13:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-20 05:13:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-20 05:13:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-05-20 03:56:20 0 d-----w- c:\windows\system32\CatRoot_bak 2010-05-20 03:39:49 0 d--h--w- c:\windows\system32\GroupPolicy 2010-05-20 00:36:30 0 d--h--w- c:\windows\PIF 2010-05-19 23:50:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Zbshareware Lab 2010-05-19 22:19:43 472198 ----a-r- C:\txtsetup.sif 2010-05-19 22:19:43 260288 ----a-r- C:\$LDR$ 2010-05-19 22:19:41 0 d-----w- c:\windows\setup.pss 2010-05-19 22:18:22 0 d-----w- c:\windows\setupupd 2010-05-19 22:12:45 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2010-05-19 22:12:45 272128 ------w- c:\windows\system32\drivers\bthport.sys 2010-05-19 22:09:17 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-05-19 06:36:28 0 d-----w- c:\windows\system32\PreInstall 2010-05-19 06:36:27 0 d--h--w- c:\windows\$hf_mig$ 2010-05-19 05:56:59 0 d-----w- c:\windows\system32\XPSViewer 2010-05-19 05:55:23 14048 ------w- c:\windows\system32\spmsg2.dll 2010-05-19 05:52:05 0 d-----r- C:\Sandbox 2010-05-19 05:30:52 0 d-----w- c:\windows\system32\SoftwareDistribution 2010-05-19 04:37:58 0 d-----w- c:\program files\common files\ODBC 2010-05-19 04:37:55 0 d-----w- c:\program files\common files\SpeechEngines 2010-05-19 04:37:24 0 d-----r- c:\documents and settings\all users\Documents 2010-05-18 23:27:11 0 d-----w- c:\program files\Realtek 2010-05-18 23:15:13 0 d-sh--w- c:\documents and settings\all users\DRM 2010-05-18 23:14:55 0 d--h--w- c:\program files\WindowsUpdate 2010-05-18 23:13:59 0 d-----w- c:\program files\common files\MSSoap 2010-05-18 23:12:40 0 d-----w- c:\program files\Online Services 2010-05-18 23:12:35 0 d-----w- c:\program files\Messenger 2010-05-18 23:12:32 0 d-----w- c:\program files\MSN Gaming Zone 2010-05-18 23:11:49 0 d-----w- c:\program files\Windows NT ==================== Find3M ==================== 2010-05-26 05:28:16 16608 ----a-w- c:\windows\gdrv.sys 2010-05-18 23:27:08 315392 ----a-w- c:\windows\HideWin.exe 2010-05-18 23:13:07 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2010-04-15 13:58:50 150616 ----a-w- c:\windows\system32\drivers\eBoost.sys 2010-03-10 08:02:04 417792 ----a-w- c:\windows\system32\vbscript.dll ============= FINISH: 14:32:30.46 ===============