Nastasja
2011-04-05, 13:57
Eset Smart Security keeps giving me the same warning: address has been blocked. All addresses have cloudfront.net within, different IP addresses though.
Here are DDS logs:
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ena at 12:48:39,12 on uto 05.04.2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.387.1033.18.3327.2152 [GMT 2:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
E:\Ena\My Documents\Programi\Sigurnost\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: GamePlayLabsBHO Class: {984a9162-8891-4d19-8cfe-17648bb4e1ec} - c:\users\ena\appdata\local\gameplaylabs plugin\BHO.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\oxford\oxford~1\quickf~1\plugins\IEHelp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\ena\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rocket~1.lnk - c:\program files\rocketdock\RocketDock.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {4F3D5DD0-4D3D-4294-B471-2A0A2A4A8951} = 77.239.1.4,217.75.192.10
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ena\appdata\roaming\mozilla\firefox\profiles\t9g7e0d6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\ena\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\ena\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\ena\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\ena\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
.
============= SERVICES / DRIVERS ===============
.
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-7-29 136632]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-8-12 810144]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-7-29 41336]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-12 303952]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-12 20824]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-4-12 38224]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-14 1381632]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [2009-3-13 357182]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-26 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-11-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-11-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-11-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-11-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-11-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-11-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-11-16 115752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-23 1343400]
.
=============== Created Last 30 ================
.
2011-04-05 09:12:49 -------- d-----w- c:\users\ena\appdata\local\{737869E2-D759-4BE9-ACB2-3F9402AA005B}
2011-04-04 21:12:11 -------- d-----w- c:\users\ena\appdata\local\{6132F592-3FCD-41F1-BEE3-0C59513EBF73}
2011-04-04 13:28:22 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f5fef3a3-8add-4933-9256-cdd6253f7e99}\mpengine.dll
2011-04-04 09:11:33 -------- d-----w- c:\users\ena\appdata\local\{20F584A1-7F21-4AA9-9383-4753091E8F2C}
2011-04-03 21:10:56 -------- d-----w- c:\users\ena\appdata\local\{E2F2111F-3CB3-47D6-A4A0-5A31830CEDD4}
2011-04-03 09:10:17 -------- d-----w- c:\users\ena\appdata\local\{8E300FA4-C0CC-4C50-9A03-410D53CC0816}
2011-04-02 21:01:23 -------- d-----w- c:\users\ena\appdata\local\{3AEA21ED-25CF-4E1A-AD49-6F7F00567D7B}
2011-04-02 09:00:41 -------- d-----w- c:\users\ena\appdata\local\{2F258F88-9813-45DB-946E-1488192DF99B}
2011-04-01 21:00:03 -------- d-----w- c:\users\ena\appdata\local\{C75EA527-F7B1-4872-AACE-0EC064815B8C}
2011-04-01 08:59:18 -------- d-----w- c:\users\ena\appdata\local\{C6FF29D1-9065-4F09-A67C-8052B54BB61E}
2011-03-31 20:57:32 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-25 10:18:26 -------- d-----w- c:\users\ena\appdata\local\GamePlayLabs Plugin
2011-03-09 23:00:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 23:00:33 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 23:00:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 23:00:20 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 23:00:19 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 23:00:18 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 23:00:17 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 23:00:17 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 23:00:16 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-08 09:13:05 -------- d-----w- c:\users\ena\appdata\local\Yahoo!
2011-03-06 18:52:07 1044210 ----a-w- c:\users\ena\appdata\local\winUpdate.exe
.
==================== Find3M ====================
.
2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2009-11-25 21:44:51 474368 ----a-w- c:\program files\fxdecod1.dll
2009-04-06 12:54:18 6806784 ----a-w- c:\program files\Foxit Reader.exe
.
============= FINISH: 12:49:34,46 ===============
Thank you!
Here are DDS logs:
DDS (Ver_11-03-05.01) - NTFSx86
Run by Ena at 12:48:39,12 on uto 05.04.2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.387.1033.18.3327.2152 [GMT 2:00]
.
AV: ESET Smart Security 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
E:\Ena\My Documents\Programi\Sigurnost\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: GamePlayLabsBHO Class: {984a9162-8891-4d19-8cfe-17648bb4e1ec} - c:\users\ena\appdata\local\gameplaylabs plugin\BHO.dll
BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\oxford\oxford~1\quickf~1\plugins\IEHelp.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\ena\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\rocket~1.lnk - c:\program files\rocketdock\RocketDock.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {4F3D5DD0-4D3D-4294-B471-2A0A2A4A8951} = 77.239.1.4,217.75.192.10
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ena\appdata\roaming\mozilla\firefox\profiles\t9g7e0d6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\ena\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\ena\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\users\ena\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\ena\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
.
============= SERVICES / DRIVERS ===============
.
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-7-29 136632]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-8-12 810144]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-7-29 41336]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-4-12 303952]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-4-12 20824]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-4-12 38224]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-11-14 1381632]
S2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [2009-3-13 357182]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-26 136176]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\drivers\BthAvrcp.sys [2009-8-13 22528]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-25 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2009-11-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2009-11-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2009-11-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2009-11-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2009-11-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2009-11-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2009-11-16 115752]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-23 1343400]
.
=============== Created Last 30 ================
.
2011-04-05 09:12:49 -------- d-----w- c:\users\ena\appdata\local\{737869E2-D759-4BE9-ACB2-3F9402AA005B}
2011-04-04 21:12:11 -------- d-----w- c:\users\ena\appdata\local\{6132F592-3FCD-41F1-BEE3-0C59513EBF73}
2011-04-04 13:28:22 6792528 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f5fef3a3-8add-4933-9256-cdd6253f7e99}\mpengine.dll
2011-04-04 09:11:33 -------- d-----w- c:\users\ena\appdata\local\{20F584A1-7F21-4AA9-9383-4753091E8F2C}
2011-04-03 21:10:56 -------- d-----w- c:\users\ena\appdata\local\{E2F2111F-3CB3-47D6-A4A0-5A31830CEDD4}
2011-04-03 09:10:17 -------- d-----w- c:\users\ena\appdata\local\{8E300FA4-C0CC-4C50-9A03-410D53CC0816}
2011-04-02 21:01:23 -------- d-----w- c:\users\ena\appdata\local\{3AEA21ED-25CF-4E1A-AD49-6F7F00567D7B}
2011-04-02 09:00:41 -------- d-----w- c:\users\ena\appdata\local\{2F258F88-9813-45DB-946E-1488192DF99B}
2011-04-01 21:00:03 -------- d-----w- c:\users\ena\appdata\local\{C75EA527-F7B1-4872-AACE-0EC064815B8C}
2011-04-01 08:59:18 -------- d-----w- c:\users\ena\appdata\local\{C6FF29D1-9065-4F09-A67C-8052B54BB61E}
2011-03-31 20:57:32 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-25 10:18:26 -------- d-----w- c:\users\ena\appdata\local\GamePlayLabs Plugin
2011-03-09 23:00:33 802304 ----a-w- c:\windows\system32\FntCache.dll
2011-03-09 23:00:33 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-09 23:00:32 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-09 23:00:20 2690560 ----a-w- c:\windows\system32\mstscax.dll
2011-03-09 23:00:19 1034240 ----a-w- c:\windows\system32\mstsc.exe
2011-03-09 23:00:18 642048 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-09 23:00:17 850432 ----a-w- c:\windows\system32\sbe.dll
2011-03-09 23:00:17 534528 ----a-w- c:\windows\system32\EncDec.dll
2011-03-09 23:00:16 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-08 09:13:05 -------- d-----w- c:\users\ena\appdata\local\Yahoo!
2011-03-06 18:52:07 1044210 ----a-w- c:\users\ena\appdata\local\winUpdate.exe
.
==================== Find3M ====================
.
2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11:20 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-01-07 07:31:10 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-01-07 07:31:10 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2009-11-25 21:44:51 474368 ----a-w- c:\program files\fxdecod1.dll
2009-04-06 12:54:18 6806784 ----a-w- c:\program files\Foxit Reader.exe
.
============= FINISH: 12:49:34,46 ===============
Thank you!