DDS (Ver_10-03-17.01) - NTFSX64 Run by Espen at 18:46:33,49 on 10.04.2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.47.1033.18.4095.2812 [GMT 2:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Program Files (x86)\AVG\AVG9\avgchsva.exe C:\Program Files (x86)\AVG\AVG9\avgrsa.exe C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\AEADISRV.EXE C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\Espen\AppData\Local\Apps\2.0\P8Z62YNO.VEP\M23RWTC6.PW5\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\AVG\AVG9\avgnsa.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Opera\opera.exe C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Espen\AppData\Local\Opera\Opera\temporary_downloads\dds.scr C:\Windows\system32\conhost.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE ============== Pseudo HJT Report =============== uSearch Page = ${URL_SEARCHPAGE} uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2088657 mLocal Page = c:\windows\syswow64\blank.htm mSearch Page = ${URL_SEARCHPAGE} uURLSearchHooks: ToggleNO Toolbar: {af543a13-f8e6-4423-a4ac-1cc0475ecb44} - c:\program files (x86)\toggleno\tbTogg.dll mURLSearchHooks: ToggleNO Toolbar: {af543a13-f8e6-4423-a4ac-1cc0475ecb44} - c:\program files (x86)\toggleno\tbTogg.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: ToggleNO Toolbar: {af543a13-f8e6-4423-a4ac-1cc0475ecb44} - c:\program files (x86)\toggleno\tbTogg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll TB: ToggleNO Toolbar: {af543a13-f8e6-4423-a4ac-1cc0475ecb44} - c:\program files (x86)\toggleno\tbTogg.dll uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe" mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe" mRun: [SoundMAXPnP] c:\program files (x86)\analog devices\core\smax4pnp.exe mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe StartupFolder: c:\users\espen\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File TB-X64: {AF543A13-F8E6-4423-A4AC-1CC0475ECB44} - No File mRun-x64: [RivaTunerStartupDaemon] "c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTunerWrapper.exe" /S AppInit_DLLs-X64: avgrssta.dll ============= SERVICES / DRIVERS =============== R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-4-9 269320] R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-4-9 35464] R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-4-9 316936] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 203264] R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-4-9 308064] R3 RivaTuner64;RivaTuner64;c:\program files (x86)\rivatuner v2.24 msi master overclocking arena 2009 edition\RivaTuner64.sys [2009-8-22 19952] =============== Created Last 30 ================ 2010-04-10 16:29:47 0 d-----w- c:\users\espen\appdata\roaming\Malwarebytes 2010-04-10 16:29:37 24664 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-10 16:29:37 0 d-----w- c:\programdata\Malwarebytes 2010-04-10 16:29:37 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2010-04-10 14:20:31 0 d-----w- c:\program files (x86)\VideoLAN 2010-04-09 13:32:51 0 d--h--w- C:\$AVG 2010-04-09 13:25:55 316936 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2010-04-09 13:25:55 12976 ----a-w- c:\windows\system32\avgrssta.dll 2010-04-09 13:25:53 269320 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2010-04-09 13:25:52 35464 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2010-04-09 13:25:52 0 d-----w- c:\windows\system32\drivers\Avg 2010-04-09 13:25:50 0 d-----w- c:\programdata\avg9 2010-04-08 21:41:33 0 d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2 2010-04-08 21:19:29 0 d-----w- c:\program files (x86)\CCleaner 2010-04-08 20:38:49 215128 ----a-w- c:\windows\syswow64\PnkBstrB.exe 2010-04-08 20:38:31 215128 ----a-w- c:\windows\syswow64\PnkBstrB.xtr 2010-04-08 20:38:26 75064 ----a-w- c:\windows\syswow64\PnkBstrA.exe 2010-04-08 20:28:40 0 d-----w- c:\programdata\SonicFocus 2010-04-08 20:28:40 0 d-----w- c:\program files (x86)\Analog Devices 2010-04-08 20:15:46 0 d-----w- c:\users\espen\appdata\roaming\Spotify 2010-04-08 20:15:44 0 d-----w- c:\program files (x86)\Spotify 2010-04-08 20:15:25 183808 ----a-w- c:\windows\Usemaa.exe 2010-04-07 21:29:08 0 d-----w- c:\users\espen\appdata\roaming\JAM Software 2010-04-07 21:29:06 0 d-----w- c:\program files (x86)\JAM Software 2010-04-07 21:20:58 0 d-----w- c:\program files\Microsoft Office 2010-04-07 21:20:53 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2010-04-07 21:20:28 0 d-----w- c:\programdata\Microsoft Help 2010-04-07 18:27:35 0 d-----w- c:\programdata\Blizzard Entertainment 2010-04-07 16:53:39 0 d-----w- c:\program files (x86)\common files\Blizzard Entertainment 2010-04-07 16:50:59 0 d-----w- c:\programdata\Blizzard 2010-04-07 16:19:50 0 d-----w- c:\windows\pss 2010-04-07 05:39:43 0 d-----w- c:\windows\Panther 2010-04-06 22:05:20 0 d-----w- c:\program files (x86)\AVG 2010-04-06 22:04:17 0 d-----w- c:\program files (x86)\ToggleNO 2010-04-06 22:04:17 0 d-----w- c:\program files (x86)\Conduit 2010-04-06 21:57:15 311808 ----a-w- c:\windows\system32\msv1_0.dll 2010-04-06 21:57:15 257024 ----a-w- c:\windows\syswow64\msv1_0.dll 2010-04-06 21:52:52 0 d-----w- c:\users\espen\Tracing 2010-04-06 21:51:59 0 d-----w- c:\program files (x86)\Microsoft 2010-04-06 21:51:47 0 d-----w- c:\program files (x86)\Windows Live SkyDrive 2010-04-06 21:51:32 0 d-----w- c:\windows\PCHEALTH 2010-04-06 21:50:31 0 d-----w- c:\windows\system32\appmgmt 2010-04-06 21:50:03 0 d-----w- c:\program files (x86)\common files\Windows Live 2010-04-06 21:49:07 0 d-----w- c:\programdata\Symantec 2010-04-06 21:49:07 0 d-----w- c:\programdata\Norton 2010-04-06 21:49:06 0 d-----w- c:\programdata\NortonInstaller 2010-04-06 21:26:34 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys 2010-04-06 21:26:34 0 d-----w- c:\program files (x86)\PowerISO 2010-04-06 21:21:07 0 d-----w- c:\program files (x86)\uTorrent 2010-04-06 21:20:26 0 d-----w- c:\users\espen\appdata\roaming\uTorrent 2010-04-06 21:19:04 0 d-----w- c:\programdata\Azureus 2010-04-06 21:19:03 0 d-----w- c:\users\espen\appdata\roaming\Azureus 2010-04-06 21:18:50 0 d-----w- c:\program files (x86)\Vuze 2010-04-06 21:18:01 0 d-----w- c:\programdata\Sun 2010-04-06 21:17:55 411368 ----a-w- c:\windows\syswow64\deploytk.dll 2010-04-06 21:17:55 153376 ----a-w- c:\windows\syswow64\javaws.exe 2010-04-06 21:17:55 145184 ----a-w- c:\windows\syswow64\javaw.exe 2010-04-06 21:17:55 145184 ----a-w- c:\windows\syswow64\java.exe 2010-04-06 21:16:12 0 d-----w- c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition 2010-04-06 21:11:24 0 d-----w- c:\windows\syswow64\Macromed 2010-04-06 21:08:34 0 d-----w- c:\program files (x86)\Creative 2010-04-06 21:07:40 402976 ----a-w- c:\windows\system32\nvraiins.dll 2010-04-06 21:05:14 0 d-----w- c:\programdata\ATI 2010-04-06 21:05:02 0 d-----w- c:\program files (x86)\ATI Technologies 2010-04-06 21:04:49 0 d-sh--w- c:\windows\Installer 2010-04-06 21:04:39 0 d-----w- c:\program files\ATI Technologies 2010-04-06 21:04:37 0 d-----w- c:\program files\ATI 2010-04-06 21:04:08 0 d-----w- C:\ATI 2010-04-06 19:58:46 212864 ------w- c:\windows\system32\MpSigStub.exe 2010-04-06 19:42:07 0 ----a-w- c:\windows\ativpsrm.bin 2010-04-06 18:46:13 501280 ----a-r- c:\windows\system32\nvusmb.exe 2010-04-06 18:46:13 2344 ----a-r- c:\windows\system32\nvsmb.nvu 2010-04-06 18:46:10 7090 ----a-r- c:\windows\system32\nvnrm.nvu 2010-04-06 18:46:10 18464 ----a-w- c:\windows\system32\NvRCoDa.dll 2010-04-06 18:46:09 845736 ----a-w- c:\windows\system32\eDPInst.exe 2010-04-06 18:45:54 78336 ----a-w- c:\windows\system32\SFDAPO64.dll ==================== Find3M ==================== 2010-04-06 21:33:22 419840 ----a-w- c:\windows\system32\systemcpl.dll 2010-04-06 21:33:22 14848 ----a-w- c:\windows\system32\slwga.dll 2010-04-06 21:33:22 13824 ----a-w- c:\windows\syswow64\slwga.dll 2010-04-06 21:08:34 419840 ----a-w- c:\windows\system32\wrap_oal.dll 2010-04-06 21:08:34 413696 ----a-w- c:\windows\syswow64\wrap_oal.dll 2010-04-06 21:08:34 133632 ----a-w- c:\windows\system32\OpenAL32.dll 2010-04-06 21:08:34 110592 ----a-w- c:\windows\syswow64\OpenAL32.dll 2010-02-23 08:22:50 1192960 ----a-w- c:\windows\system32\wininet.dll 2010-02-23 07:56:00 977920 ----a-w- c:\windows\syswow64\wininet.dll 2010-02-23 07:55:56 1225216 ----a-w- c:\windows\syswow64\urlmon.dll 2010-02-23 07:55:45 606208 ----a-w- c:\windows\syswow64\mstime.dll 2010-02-23 07:55:43 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll 2010-02-23 07:55:43 5964800 ----a-w- c:\windows\syswow64\mshtml.dll 2010-02-23 07:55:24 10978816 ----a-w- c:\windows\syswow64\ieframe.dll 2010-02-23 07:55:20 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll 2010-02-02 08:36:47 2048 ----a-w- c:\windows\system32\tzres.dll 2010-02-02 07:45:54 2048 ----a-w- c:\windows\syswow64\tzres.dll 2010-01-19 09:05:57 424960 ----a-w- c:\windows\system32\secproc.dll 2010-01-19 09:05:57 422912 ----a-w- c:\windows\system32\secproc_isv.dll 2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll 2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp.dll 2010-01-19 09:00:44 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe 2010-01-19 09:00:43 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe 2010-01-19 09:00:37 356352 ----a-w- c:\windows\system32\RMActivate.exe 2010-01-19 09:00:37 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe 2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll 2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp.dll 2010-01-18 23:29:31 365568 ----a-w- c:\windows\syswow64\secproc_isv.dll 2010-01-18 23:29:30 369152 ----a-w- c:\windows\syswow64\secproc.dll 2010-01-18 23:28:33 324608 ----a-w- c:\windows\syswow64\RMActivate_isv.exe 2010-01-18 23:28:33 277504 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe 2010-01-18 23:28:30 320512 ----a-w- c:\windows\syswow64\RMActivate.exe 2010-01-18 23:28:30 280064 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini 2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat 2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\index.dat 2009-07-14 04:55:03 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat 2009-07-14 04:55:03 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\index.dat 2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe 2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe ============= FINISH: 18:46:50,45 ===============