DDS (Ver_10-12-12.02) - NTFSx86 Run by XXXX at 14:08:37,56 on 18.02.2011 Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_05 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.47.1044.18.1918.896 [GMT 1:00] AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\PROGRA~1\AVG\AVG10\avgchsvx.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\Ati2evxx.exe C:\Windows\system32\svchost.exe -k apphost C:\Program Files\AVG\AVG10\avgwdsvc.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Windows\System32\svchost.exe -k ipripsvc C:\Windows\System32\svchost.exe -k LPDService C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Program Files\AVG\AVG10\avgnsx.exe C:\Program Files\AVG\AVG10\avgemcx.exe C:\Program Files\AVG\AVG10\avgtray.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\tcpsvcs.exe C:\Windows\System32\snmp.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k iissvcs C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\svchost.exe -k WindowsMobile C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wuauclt.exe C:\PROGRA~1\AVG\AVG10\avgrsx.exe C:\Program Files\AVG\AVG10\avgcsrvx.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskeng.exe C:\Users\XXXX\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://swesub.tv/ BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [DVD43] c:\progra~1\dvdreg~1\DVDRegionFree.exe /hidden mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll SEH: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - SABShellExecuteHook Class SEH: DVDIdleShell Class: {93994de8-8239-4655-b1d1-5f4e91300429} - c:\program files\dvd region+css free\DVDShell.dll mASetup: ccc-core-static - msiexec /fums {3A4E5ABE-E56F-CF60-9F13-8AB5B29C8960} /qb ================= FIREFOX =================== FF - ProfilePath - c:\users\leif-r~1\appdata\roaming\mozilla\firefox\profiles\n9u0q3zn.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.hjemme.no/abbyss/ FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} ============= SERVICES / DRIVERS =============== R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 32256] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720] R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400] R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2008-4-28 21504] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216] R3 Dvd43;Dvd43;c:\windows\system32\drivers\Dvd43.sys [2008-4-28 35296] R3 net5213;3Com 3CRDAG675B Wireless LAN PCI Adapter Service;c:\windows\system32\drivers\net5213xp.sys [2005-6-14 463232] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 FontCache;Windows skriftbuffertjeneste;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-4-28 21504] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096] S3 VNic;ULan Network Driver Module;c:\windows\system32\drivers\VNic.sys [2008-5-4 50532] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] =============== Created Last 30 ================ 2011-02-09 08:39:06 2039808 ----a-w- c:\windows\system32\win32k.sys 2011-02-09 08:39:03 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe 2011-02-09 08:39:03 1205080 ----a-w- c:\windows\system32\ntdll.dll 2011-02-09 08:39:03 1205080 ----a-w- c:\windows\system32\ntdll(102).dll 2011-02-09 08:39:02 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-02-09 08:39:00 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2011-01-22 00:59:09 4927864 ----a-w- c:\program files\common files\windows live\.cache\935437d01cbb9cf\Silverlight.2.0.exe 2011-01-22 00:53:16 -------- d-----w- c:\users\leif-r~1\appdata\roaming\MSNInstaller 2011-01-21 12:26:39 6260088 ----a-w- c:\program files\common files\windows live\.cache\70db5e981cbb96601\Silverlight.4.0.exe 2011-01-21 00:53:23 4927864 ----a-w- c:\program files\common files\windows live\.cache\9af7c8001cbb905\Silverlight.2.0.exe ==================== Find3M ==================== 2011-01-21 16:35:22 353280 ----a-w- c:\windows\system32\shlwapi(112).dll 2011-01-21 16:35:22 11586048 ----a-w- c:\windows\system32\shell32(111).dll 2011-01-20 16:08:16 478720 ----a-w- c:\windows\system32\dxgi.dll 2011-01-20 16:08:06 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2011-01-20 16:08:06 189952 ----a-w- c:\windows\system32\d3d10core.dll 2011-01-20 16:08:06 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2011-01-20 16:08:06 1029120 ----a-w- c:\windows\system32\d3d10.dll 2011-01-20 16:07:58 37376 ----a-w- c:\windows\system32\cdd.dll 2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool.drv 2011-01-20 16:07:42 258048 ----a-w- c:\windows\system32\winspool(120).drv 2011-01-20 16:07:16 586240 ----a-w- c:\windows\system32\stobject.dll 2011-01-20 16:06:38 2873344 ----a-w- c:\windows\system32\mf.dll 2011-01-20 16:06:35 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2011-01-20 16:04:54 98816 ----a-w- c:\windows\system32\mfps.dll 2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat.dll 2011-01-20 16:04:54 209920 ----a-w- c:\windows\system32\mfplat(100).dll 2011-01-20 14:28:38 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2011-01-20 14:27:50 876032 ----a-w- c:\windows\system32\XpsPrint.dll 2011-01-20 14:26:30 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2011-01-20 14:25:25 847360 ----a-w- c:\windows\system32\OpcServices.dll 2011-01-20 14:24:32 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-01-20 14:24:26 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2011-01-20 14:15:10 979456 ----a-w- c:\windows\system32\MFH264Dec.dll 2011-01-20 14:14:39 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll 2011-01-20 14:14:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll 2011-01-20 14:14:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll 2011-01-20 14:12:46 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2011-01-20 14:11:34 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2011-01-20 13:47:51 683008 ----a-w- c:\windows\system32\d2d1.dll 2011-01-20 13:44:05 1068544 ----a-w- c:\windows\system32\DWrite.dll 2011-01-20 13:44:03 797184 ----a-w- c:\windows\system32\FntCache.dll 2011-01-08 08:47:50 34304 ----a-w- c:\windows\system32\atmlib.dll 2011-01-08 06:28:49 292352 ----a-w- c:\windows\system32\atmfd.dll 2010-12-28 15:55:03 413696 ----a-w- c:\windows\system32\odbc32.dll 2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll 2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet(119).dll 2010-12-18 06:26:50 1210880 ----a-w- c:\windows\system32\urlmon(116).dll 2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll 2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-12-18 06:22:11 1991680 ----a-w- c:\windows\system32\iertutil(97).dll 2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec 2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2010-12-14 14:49:23 1169408 ----a-w- c:\windows\system32\sdclt.exe ============= FINISH: 14:08:59,64 ===============