DDS (Ver_09-12-01.01) - NTFSX64 Run by Odd-Helge at 12:12:18,18 on 25.01.2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.47.1044.18.3997.2709 [GMT 1:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\PROGRA~2\COMMON~1\McAfee\McProxy\McProxy.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe C:\Program Files (x86)\McAfee\MSK\MskSrver.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Telenor\Mobilt Bredbånd\Sesam\BIN\SecMIPService.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\WUDFHost.exe c:\PROGRA~2\mcafee.com\agent\mcagent.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Program Files (x86)\Battery Meter\BTMeter.exe C:\Program Files (x86)\WSED\WSED.exe C:\Program Files (x86)\CapsLKNotify\CapsLKNotify.exe C:\Program Files (x86)\Java\jre6\bin\jusched.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Windows\system32\SearchIndexer.exe c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files (x86)\Common Files\mcafee\mna\mcnasvc.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Odd-Helge\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYACH1UN\dds[1].scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.startsiden.no/ mLocal Page = c:\windows\syswow64\blank.htm BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~2\mcafee\msk\mskapbho.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~2\mcafee\viruss~1\scriptsn.dll BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background mRun: [BTMeter] c:\program files (x86)\battery meter\BTMeter.exe mRun: [WSED] c:\program files (x86)\wsed\WSED.exe mRun: [] mRun: [CapsLKNotify] c:\program files (x86)\capslknotify\CapsLKNotify.exe mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [mcagent_exe] "c:\program files (x86)\mcafee.com\agent\mcagent.exe" /runkey mRun: [DellSupportCenter] "c:\program files (x86)\dell support center\bin\sprtcmd.exe" /P DellSupportCenter mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe" mRun: [EEventManager] c:\progra~2\epsons~1\eventm~1\EEventManager.exe StartupFolder: c:\users\odd-he~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Send bilde til &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send side til &Bluetooth-enhet... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab {27B4851A-3207-45A2-B947-BE8AFE6163AB} {7DB2D5A0-7241-4E79-B68D-6309F01C5231} {DBC80044-A445-435b-BC74-9C25C1C588A9} TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [ETDWare] c:\program files\elantech\ETDCtrl.exe mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe mRun-x64: [Broadcom Wireless Manager UI] c:\program files\dell\dell wireless wlan card\WLTRAY.exe IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm ============= SERVICES / DRIVERS =============== R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2009-6-26 16752] R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-19 308296] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-11-19 35104] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-11-19 172160] R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2009-11-19 136192] R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-11-19 138752] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x64.sys [2009-9-4 62464] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-19 102472] R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-11-19 49480] S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-11-19 41032] S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-11-19 40904] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-11-19 216064] =============== Created Last 30 ================ 2010-01-25 10:51:56 0 d-----w- c:\users\odd-he~1\appdata\roaming\Malwarebytes 2010-01-25 10:51:50 0 d-----w- c:\programdata\Malwarebytes 2010-01-25 10:51:49 22104 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-25 10:51:49 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-01-22 17:09:39 5961728 ----a-w- c:\windows\syswow64\mshtml.dll 2010-01-22 17:09:38 10976768 ----a-w- c:\windows\syswow64\ieframe.dll 2010-01-22 17:09:37 977920 ----a-w- c:\windows\syswow64\wininet.dll 2010-01-22 17:09:37 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-01-22 17:09:37 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-01-22 17:09:37 1224704 ----a-w- c:\windows\syswow64\urlmon.dll 2010-01-22 17:09:37 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-01-13 12:17:44 70656 ----a-w- c:\windows\syswow64\fontsub.dll 2010-01-13 12:17:44 148480 ----a-w- c:\windows\system32\t2embed.dll 2010-01-13 12:17:44 108544 ----a-w- c:\windows\syswow64\t2embed.dll 2010-01-13 12:17:44 100864 ----a-w- c:\windows\system32\fontsub.dll 2010-01-07 16:38:17 0 d-----w- c:\programdata\BrowserZinc 2010-01-07 16:38:17 0 d-----w- c:\program files (x86)\BrowserZinc 2010-01-07 16:36:59 0 d-----w- c:\program files (x86)\GameRaving Toolbar 2010-01-07 16:36:47 0 dc-h--w- c:\programdata\{CA18C3F7-41F4-4621-AD86-DD4072A2A8B4} 2009-12-28 19:04:55 0 d-----w- c:\users\odd-helge\Tracing ==================== Find3M ==================== 2010-01-25 11:10:06 74124 ----a-w- c:\windows\system32\perfc014.dat 2010-01-25 11:10:06 448210 ----a-w- c:\windows\system32\perfh014.dat 2009-12-10 16:04:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2009-12-08 11:30:34 0 ----a-w- c:\users\odd-he~1\appdata\roaming\wklnhst.dat 2009-11-19 00:42:11 455680 ----a-w- c:\windows\system32\deploytk.dll 2009-10-29 07:48:16 2048 ----a-w- c:\windows\system32\tzres.dll 2009-10-29 07:22:37 2048 ----a-w- c:\windows\syswow64\tzres.dll 2009-07-14 09:15:51 36156 ----a-w- c:\windows\inf\perflib\0414\perfd.dat 2009-07-14 09:15:51 36156 ----a-w- c:\windows\inf\perflib\0414\perfc.dat 2009-07-14 09:15:51 298300 ----a-w- c:\windows\inf\perflib\0414\perfi.dat 2009-07-14 09:15:51 298300 ----a-w- c:\windows\inf\perflib\0414\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 12:13:43,47 ===============