DDS (Ver_09-12-01.01) - NTFSX64 Run by Andreas at 9:11:13,80 on 26.02.2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.4095.2611 [GMT 1:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe C:\Spill\Steam\steam.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Opera\opera.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\MCUI32.EXE C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\MCUI32.EXE C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\GIMP-2.0\bin\gimp-2.6.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files (x86)\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe C:\Windows\system32\taskhost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Andreas\Downloads\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== mLocal Page = c:\windows\syswow64\blank.htm BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\17.5.0.127\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\17.5.0.127\IPSBHO.DLL BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~1\office12\GR469A~1.DLL BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\17.5.0.127\coIEPlg.dll uRun: [Steam] "c:\spill\steam\Steam.exe" -silent uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background mRun: [HDAudDeck] c:\program files (x86)\via\viaudioi\vdeck\VDeck.exe -r mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [ATICustomerCare] "c:\program files (x86)\ati\aticustomercare\ATICustomerCare.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe" mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe" StartupFolder: c:\users\andreas\appdata\roaming\micros~1\windows\startm~1\programs\startup\regist~1.lnk - c:\spill\the settlers ii - 10th anniversary\bin\RegistrationReminder.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office12\EXCEL.EXE/3000 IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\poker)\partypoker\partypoker\RunApp.exe IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\poker)\bodog poker\BPGame.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~2\micros~1\office12\GRA32A~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~1\office12\GR469A~1.DLL TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File ============= SERVICES / DRIVERS =============== R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [2009-5-11 178728] R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nisx64\1105000.07f\SymDS64.sys [2010-2-17 433200] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1105000.07f\SymEFA64.sys [2010-2-17 221232] R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100211.001\BHDrvx64.sys [2010-2-11 676912] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1105000.07f\cchpx64.sys [2010-2-17 615040] R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100224.002\IDSviA64.sys [2010-2-25 466992] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nisx64\1105000.07f\Ironx64.sys [2010-2-17 148528] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nisx64\1105000.07f\symtdiv.sys [2010-2-17 451120] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-25 202752] R2 NIS;Norton Internet Security;c:\program files (x86)\norton internet security\engine\17.5.0.127\ccSvcHst.exe [2010-2-17 126392] R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-17 132656] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-1-27 215040] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-1-27 1207808] =============== Created Last 30 ================ 2010-02-26 08:10:04 2714 ----a-w- c:\users\andreas\.recently-used.xbel 2010-02-26 07:58:18 0 d-----w- c:\users\andreas\appdata\roaming\Malwarebytes 2010-02-26 07:58:14 22104 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-02-26 07:58:14 0 d-----w- c:\programdata\Malwarebytes 2010-02-26 07:58:14 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-02-21 18:47:50 0 d-----w- c:\users\andreas\appdata\roaming\Feedreader 2010-02-21 18:47:48 0 d-----w- c:\program files (x86)\FeedReader30 2010-02-20 15:47:00 0 d-----w- c:\program files (x86)\TT 2010-02-17 15:13:40 0 d-----w- c:\program files (x86)\common files\Symantec Shared 2010-02-17 15:03:57 2048 ----a-w- c:\windows\syswow64\tzres.dll 2010-02-17 15:03:57 2048 ----a-w- c:\windows\system32\tzres.dll 2010-02-17 15:03:35 311808 ----a-w- c:\windows\system32\msv1_0.dll 2010-02-17 15:03:35 257024 ----a-w- c:\windows\syswow64\msv1_0.dll 2010-02-17 14:57:17 854 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF 2010-02-17 14:57:17 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT 2010-02-17 14:57:17 173104 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2010-02-17 14:57:17 0 d-----w- c:\program files\Symantec 2010-02-17 14:57:17 0 d-----w- c:\program files\common files\Symantec Shared 2010-02-17 14:57:09 0 d-----w- c:\windows\system32\drivers\NISx64 2010-02-17 14:57:07 0 d-----w- c:\programdata\Norton 2010-02-17 14:57:07 0 d-----w- c:\program files (x86)\Norton Internet Security 2010-02-17 14:56:55 0 d-----w- c:\programdata\NortonInstaller 2010-02-17 14:56:55 0 d-----w- c:\program files (x86)\NortonInstaller 2010-02-17 14:35:44 0 d-----w- c:\users\andreas\Tracing 2010-02-17 14:35:16 0 d-----w- c:\program files (x86)\Microsoft 2010-02-17 14:34:59 0 d-----w- c:\program files (x86)\Windows Live SkyDrive 2010-02-17 14:32:13 0 d-----w- c:\program files (x86)\common files\Windows Live 2010-02-13 14:40:39 0 d-----w- c:\programdata\Sports Interactive 2010-02-13 14:40:30 0 d-----w- c:\users\andreas\appdata\roaming\Sports Interactive 2010-02-13 14:24:11 0 d-----w- c:\program files (x86)\common files\Steam 2010-02-13 14:23:50 0 d--h--w- c:\program files (x86)\Zero G Registry 2010-02-13 14:23:50 0 d-----w- c:\program files (x86)\Sports Interactive 2010-02-13 14:23:07 0 d--h--w- c:\users\andreas\InstallAnywhere 2010-02-12 18:24:37 0 d-----w- c:\program files (x86)\BitLord 2010-02-11 21:48:20 0 d-----w- c:\users\andreas\.thumbnails 2010-02-11 21:43:12 0 d-----w- c:\users\andreas\.gimp-2.6 2010-02-11 21:43:06 0 d-----w- c:\program files (x86)\GIMP-2.0 2010-02-05 14:56:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf 2010-02-04 16:59:34 0 d-----w- c:\windows\PCHEALTH 2010-02-04 16:58:13 0 d-----w- c:\program files\Microsoft Office 2010-02-04 16:58:11 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2010-02-04 16:57:54 0 d-----w- c:\programdata\Microsoft Help 2010-02-04 16:17:43 0 d-----w- c:\program files\7-Zip 2010-02-02 05:29:05 0 d-----w- C:\Poker 2010-02-01 17:39:50 0 d-----w- c:\users\andreas\logitech 2010-02-01 17:39:34 0 d-----w- c:\program files (x86)\common files\Remote Control Software Common 2010-02-01 17:39:27 0 d-----w- c:\program files (x86)\common files\Remote Control USB Driver 2010-02-01 17:25:36 0 ----a-w- c:\windows\HMHud.INI 2010-01-31 22:38:25 0 d-----w- c:\programdata\XHEO INC 2010-01-31 22:36:15 0 d-----w- c:\program files (x86)\PostgreSQL 2010-01-31 22:35:58 0 d-----w- C:\PSQLINSTALL 2010-01-31 22:35:57 0 d-----w- c:\program files (x86)\RVG Software 2010-01-31 12:30:50 0 d-----w- c:\users\andreas\appdata\roaming\.purple 2010-01-31 12:30:03 0 d-----w- c:\program files (x86)\common files\GTK 2010-01-30 14:35:43 0 d-----w- c:\programdata\Sun 2010-01-30 14:35:34 411368 ----a-w- c:\windows\syswow64\deploytk.dll 2010-01-30 14:35:34 153376 ----a-w- c:\windows\syswow64\javaws.exe 2010-01-30 14:35:34 145184 ----a-w- c:\windows\syswow64\javaw.exe 2010-01-30 14:35:34 145184 ----a-w- c:\windows\syswow64\java.exe 2010-01-28 20:14:01 783424 ----a-w- c:\windows\pkeyconfig.xrm-ms 2010-01-28 18:36:51 0 d-----w- C:\Poker) 2010-01-28 09:45:37 0 d-----w- c:\windows\Panther 2010-01-27 22:58:04 0 d-----w- c:\programdata\Adobe 2010-01-27 19:58:19 0 d-----w- c:\windows\syswow64\Macromed 2010-01-27 18:31:59 0 d-----w- c:\programdata\ATI 2010-01-27 18:31:53 0 ----a-w- c:\windows\ativpsrm.bin 2010-01-27 18:30:29 0 d-----w- c:\program files (x86)\common files\ATI Technologies 2010-01-27 18:30:29 0 d-----w- c:\program files (x86)\ATI 2010-01-27 18:30:16 0 d-----w- c:\program files (x86)\ATI Technologies 2010-01-27 18:28:38 212352 ------w- c:\windows\system32\MpSigStub.exe 2010-01-27 18:26:01 0 d-----w- c:\program files\ATI Technologies 2010-01-27 18:24:45 0 d-----w- C:\ATI 2010-01-27 18:08:58 24576 ----a-r- c:\windows\syswow64\AsIO.dll 2010-01-27 18:08:55 0 d-----w- c:\program files (x86)\ASUS 2010-01-27 18:08:48 674 ----a-w- c:\windows\setup.iss 2010-01-27 18:08:29 67584 ----a-w- c:\windows\system32\RtNicProp64.dll 2010-01-27 18:08:19 215040 ----a-w- c:\windows\system32\drivers\Rt64win7.sys 2010-01-27 18:08:18 0 d-----w- c:\program files (x86)\Realtek 2010-01-27 18:05:07 0 d-----w- c:\program files (x86)\Marvell 2010-01-27 18:04:39 0 d-----w- c:\program files (x86)\VIA 2010-01-27 18:04:20 0 d-----w- c:\program files\ATI 2010-01-27 18:03:15 35335 ----a-w- c:\windows\Ascd_log.ini 2010-01-27 18:02:46 1769 ----a-w- c:\windows\Language_trs.ini 2010-01-27 18:02:41 29234 ----a-w- c:\windows\Ascd_tmp.ini 2010-01-27 18:00:04 0 d-sh--w- c:\windows\Installer ==================== Find3M ==================== 2010-01-11 07:12:38 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-01-08 03:38:32 285696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2010-01-08 03:38:28 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-12-19 09:51:24 1192960 ----a-w- c:\windows\system32\wininet.dll 2009-12-19 09:50:56 14848 ----a-w- c:\windows\system32\tsbyuv.dll 2009-12-19 09:49:47 1572352 ----a-w- c:\windows\system32\quartz.dll 2009-12-19 09:47:56 25088 ----a-w- c:\windows\system32\msyuv.dll 2009-12-19 09:47:53 38912 ----a-w- c:\windows\system32\msvidc32.dll 2009-12-19 09:47:46 16384 ----a-w- c:\windows\system32\msrle32.dll 2009-12-19 09:46:35 54272 ----a-w- c:\windows\system32\iyuv_32.dll 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-07-14 04:55:03 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 9:11:26,16 ===============