Help
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
DDS:
Quote
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by galaxyAbstractor at 11:23:32 on 2011-09-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.6142.2818 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\Windows\system32\dlcccoms.exe
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Windows\SysWOW64\osirisd.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\galaxyAbstractor\AppData\Local\Pokki\v0.238\pokki.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\WhatPulse\WhatPulse.exe
D:\Program Files\Steam\Steam.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files\ZScreen\ZScreen.exe
C:\Program Files (x86)\Wakoopa\Wakoopa.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Personal\bin\Personal.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program\Bitcoin\bitcoin.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Users\galaxyAbstractor\AppData\Roaming\Dropbox\bin\Dropbox.exe
H:\Program\guiminer\guiminer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\galaxyAbstractor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quassel-0.7.1.exe
C:\Program Files (x86)\TweetDeck\TweetDeck.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1161629.exe
C:\Windows\splwow64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\galaxyAbstractor\AppData\Local\Pokki\v0.238\pokki.exe
C:\Users\galaxyAbstractor\AppData\Local\Pokki\v0.238\pokki.exe
C:\Users\galaxyAbstractor\AppData\Local\Pokki\v0.238\pokki.exe
C:\Users\galaxyAbstractor\AppData\Local\Pokki\v0.238\pokki.exe
C:\Users\galaxyAbstractor\AppData\Local\Pokki\v0.238\pokki.exe
C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar =
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - D:\PROGRA~1\Office14\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - D:\PROGRA~1\Office14\Office14\URLREDIR.DLL
BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe
uRun: [Steam] "D:\Program Files\Steam\steam.exe" -silent
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [ZScreen] "C:\Program Files\ZScreen\ZScreen.exe"
uRun: [Wakoopa] C:\Program Files (x86)\Wakoopa\Wakoopa.exe
uRun: [Pokki] "C:\Users\galaxyAbstractor\AppData\Local\Pokki\v0.238\pokki.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state
StartupFolder: C:\Users\GALAXY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Bitcoin.lnk - H:\Program\Bitcoin\bitcoin.exe
StartupFolder: C:\Users\GALAXY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe
StartupFolder: C:\Users\GALAXY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\galaxyAbstractor\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\GALAXY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GUIMIN~1.LNK - H:\Program\guiminer\guiminer.exe
StartupFolder: C:\Users\galaxyAbstractor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quassel-0.7.1.exe
StartupFolder: C:\Users\GALAXY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TWEETD~1.LNK - C:\Program Files (x86)\TweetDeck\TweetDeck.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: E&xport to Microsoft Excel - D:\PROGRA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - D:\PROGRA~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 193.11.164.10 193.11.164.11
TCP: Interfaces\{0CD73B7E-CCEF-4A7A-BF5B-A5BA40A9FF51} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{2CDAFCDB-5563-421B-BE71-15B4F8F3D15D} : DhcpNameServer = 193.11.164.10 193.11.164.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - D:\PROGRA~1\Office14\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{D4027C7F-154A-4066-A1AD-4243D8127440}
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce-x64: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\galaxyAbstractor\AppData\Roaming\Mozilla\Firefox\Profiles\85p4d8k5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Users\galaxyAbstractor\AppData\Roaming\Mozilla\Firefox\Profiles\85p4d8k5.default\extensions\TwentyTenBuddy@ReduxTeam\components\dwmxpcom.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll
FF - plugin: C:\Users\galaxyAbstractor\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.1.0.75.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: D:\PROGRA~1\Office14\Office14\NPAUTHZ.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-9-12 44768]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-1-9 68136]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2011-1-8 72304]
R2 osirisd;Osiris_IDS_Scanner;C:\Windows\System32\osirisd.exe [2007-1-8 3816634]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-1-8 114688]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-7-8 815704]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 osirismd;Osiris_IDS_Management;C:\Windows\System32\osirismd.exe [2007-1-8 4858228]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-5-10 1431888]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-8 30528]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;D:\Program Files\Office14\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pspdisp;pspdisp;C:\Windows\system32\DRIVERS\pspdisp_x64.sys --> C:\Windows\system32\DRIVERS\pspdisp_x64.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;H:\Program\hamachi\hamachi-2.exe -s --> H:\Program\hamachi\hamachi-2.exe -s [?]
.
=============== Created Last 30 ================
.
2011-09-24 08:17:07 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D574F6E-F3A1-4E6E-AE71-841B78A2B320}\offreg.dll
2011-09-23 18:14:47 -------- d-----w- C:\Users\galaxyAbstractor\AppData\Roaming\Malwarebytes
2011-09-23 18:14:37 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-23 18:14:34 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-23 18:14:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-23 09:20:20 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D574F6E-F3A1-4E6E-AE71-841B78A2B320}\mpengine.dll
2011-09-15 16:16:47 -------- d-----w- C:\Users\galaxyAbstractor\VirtualBox VMs
2011-09-15 16:16:13 -------- d-----w- C:\Users\galaxyAbstractor\.VirtualBox
2011-09-15 16:15:55 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-09-15 16:15:52 128816 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-09-12 16:34:27 -------- d-----w- C:\Users\galaxyAbstractor\AppData\Roaming\MySQL
2011-09-12 16:34:20 -------- d-----w- C:\Program Files (x86)\MySQL
2011-09-12 08:12:31 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-09-02 15:28:07 -------- d-----w- C:\Users\galaxyAbstractor\AppData\Roaming\Dropbox
.
==================== Find3M ====================
.
2011-09-24 08:15:03 25640 ----a-w- C:\Windows\gdrv.sys
2011-09-06 20:45:29 41184 ----a-w- C:\Windows\avastSS.scr
2011-09-06 20:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-09-06 20:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-08-24 18:19:10 56320 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-08-24 18:18:30 13601280 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-08-18 08:05:15 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-15 12:32:10 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-08-11 17:31:36 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2011-08-11 17:31:32 95544 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2011-07-28 22:23:16 9980416 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-07-28 22:09:06 23921664 ----a-w- C:\Windows\System32\atio6axx.dll
2011-07-28 21:44:06 18388480 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-07-28 21:40:58 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-07-28 21:40:44 726528 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-07-28 21:39:14 852992 ----a-w- C:\Windows\System32\aticfx64.dll
2011-07-28 21:36:26 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-07-28 21:36:12 485376 ----a-w- C:\Windows\System32\atieclxx.exe
2011-07-28 21:35:34 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-07-28 21:34:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-07-28 21:34:00 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-07-28 21:33:54 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-07-28 21:33:42 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-07-28 21:33:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-07-28 21:33:32 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-07-28 21:33:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-07-28 21:30:26 4198912 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-07-28 21:20:36 4943360 ----a-w- C:\Windows\System32\atidxx64.dll
2011-07-28 21:12:14 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-07-28 21:11:42 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-07-28 21:11:30 3871744 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-07-28 21:11:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-07-28 21:11:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-07-28 21:11:04 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-07-28 21:11:02 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-07-28 21:10:50 9644544 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-07-28 21:09:10 4256768 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-07-28 21:07:24 8247296 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-07-28 21:03:58 4056064 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-07-28 21:02:28 5399040 ----a-w- C:\Windows\System32\atiumd64.dll
2011-07-28 21:01:50 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-07-28 20:54:52 378368 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-07-28 20:54:44 266240 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-07-28 20:54:34 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-07-28 20:54:30 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-07-28 20:54:30 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-07-28 20:54:26 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-07-28 20:54:18 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-07-28 20:54:10 309248 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-07-28 20:53:22 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-07-28 20:53:14 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-07-28 20:53:08 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-07-28 20:53:00 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-07-28 20:52:26 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-07-28 20:51:10 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-07-28 20:51:10 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-07-28 20:51:04 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-07-28 20:51:04 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-07-28 15:49:14 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-07-28 15:48:48 16552960 ----a-w- C:\Windows\System32\amdocl64.dll
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-04 17:51:44 18432 ----a-w- C:\addusers.exe
.
============= FINISH: 11:25:16,70 ===============
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by galaxyAbstractor at 11:23:32 on 2011-09-24
Microsoft Windows 7 Professional 6.1.7601.1.1252.46.1053.18.6142.2818 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
C:\Windows\system32\dlcccoms.exe
C:\Windows\SysWOW64\XSrvSetup.exe
C:\Windows\SysWOW64\osirisd.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\galaxyAbstractor\AppData\Local\Pokki\v0.238\pokki.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\WhatPulse\WhatPulse.exe
D:\Program Files\Steam\Steam.exe
C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe
C:\Program Files\ZScreen\ZScreen.exe
C:\Program Files (x86)\Wakoopa\Wakoopa.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Personal\bin\Personal.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
H:\Program\Bitcoin\bitcoin.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Users\galaxyAbstractor\AppData\Roaming\Dropbox\bin\Dropbox.exe
H:\Program\guiminer\guiminer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\galaxyAbstractor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quassel-0.7.1.exe
C:\Program Files (x86)\TweetDeck\TweetDeck.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\DisplayFusion\DisplayFusionHookx86.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1161629.exe
C:\Windows\splwow64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\galaxyAbstractor\AppData\Local\Pokki\v0.238\pokki.exe
C:\Users\galaxyAbstractor\AppData\Local\Pokki\v0.238\pokki.exe
C:\Users\galaxyAbstractor\AppData\Local\Pokki\v0.238\pokki.exe
C:\Users\galaxyAbstractor\AppData\Local\Pokki\v0.238\pokki.exe
C:\Users\galaxyAbstractor\AppData\Local\Pokki\v0.238\pokki.exe
C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uSearch Bar =
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - D:\PROGRA~1\Office14\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - D:\PROGRA~1\Office14\Office14\URLREDIR.DLL
BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [WhatPulse] C:\Program Files (x86)\WhatPulse\WhatPulse.exe
uRun: [Steam] "D:\Program Files\Steam\steam.exe" -silent
uRun: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
uRun: [ZScreen] "C:\Program Files\ZScreen\ZScreen.exe"
uRun: [Wakoopa] C:\Program Files (x86)\Wakoopa\Wakoopa.exe
uRun: [Pokki] "C:\Users\galaxyAbstractor\AppData\Local\Pokki\v0.238\pokki.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state
StartupFolder: C:\Users\GALAXY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Bitcoin.lnk - H:\Program\Bitcoin\bitcoin.exe
StartupFolder: C:\Users\GALAXY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe
StartupFolder: C:\Users\GALAXY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\galaxyAbstractor\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\GALAXY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GUIMIN~1.LNK - H:\Program\guiminer\guiminer.exe
StartupFolder: C:\Users\galaxyAbstractor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quassel-0.7.1.exe
StartupFolder: C:\Users\GALAXY~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\TWEETD~1.LNK - C:\Program Files (x86)\TweetDeck\TweetDeck.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BANKID~1.LNK - C:\Program Files (x86)\Personal\bin\Personal.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: E&xport to Microsoft Excel - D:\PROGRA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - D:\PROGRA~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 193.11.164.10 193.11.164.11
TCP: Interfaces\{0CD73B7E-CCEF-4A7A-BF5B-A5BA40A9FF51} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{2CDAFCDB-5563-421B-BE71-15B4F8F3D15D} : DhcpNameServer = 193.11.164.10 193.11.164.11
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - D:\PROGRA~1\Office14\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{D4027C7F-154A-4066-A1AD-4243D8127440}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{D4027C7F-154A-4066-A1AD-4243D8127440}
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRunOnce-x64: [DES2] C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2.exe state
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\galaxyAbstractor\AppData\Roaming\Mozilla\Firefox\Profiles\85p4d8k5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Users\galaxyAbstractor\AppData\Roaming\Mozilla\Firefox\Profiles\85p4d8k5.default\extensions\TwentyTenBuddy@ReduxTeam\components\dwmxpcom.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Personal\bin\np_prsnl.dll
FF - plugin: C:\Users\galaxyAbstractor\AppData\Local\Pokki\Download Helper\npPokkiDownloadHelper.1.1.0.75.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: D:\PROGRA~1\Office14\Office14\NPAUTHZ.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-9-12 44768]
R2 DES2 Service;DES2 Service for Energy Saving.;C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-1-9 68136]
R2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe [2011-1-8 72304]
R2 osirisd;Osiris_IDS_Scanner;C:\Windows\System32\osirisd.exe [2007-1-8 3816634]
R2 Smart TimeLock;Smart TimeLock Service;C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe [2011-1-8 114688]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2010-7-8 815704]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 osirismd;Osiris_IDS_Management;C:\Windows\System32\osirismd.exe [2007-1-8 4858228]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-5-10 1431888]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2011-1-8 30528]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;D:\Program Files\Office14\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pspdisp;pspdisp;C:\Windows\system32\DRIVERS\pspdisp_x64.sys --> C:\Windows\system32\DRIVERS\pspdisp_x64.sys [?]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;H:\Program\hamachi\hamachi-2.exe -s --> H:\Program\hamachi\hamachi-2.exe -s [?]
.
=============== Created Last 30 ================
.
2011-09-24 08:17:07 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D574F6E-F3A1-4E6E-AE71-841B78A2B320}\offreg.dll
2011-09-23 18:14:47 -------- d-----w- C:\Users\galaxyAbstractor\AppData\Roaming\Malwarebytes
2011-09-23 18:14:37 -------- d-----w- C:\ProgramData\Malwarebytes
2011-09-23 18:14:34 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-09-23 18:14:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-09-23 09:20:20 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8D574F6E-F3A1-4E6E-AE71-841B78A2B320}\mpengine.dll
2011-09-15 16:16:47 -------- d-----w- C:\Users\galaxyAbstractor\VirtualBox VMs
2011-09-15 16:16:13 -------- d-----w- C:\Users\galaxyAbstractor\.VirtualBox
2011-09-15 16:15:55 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
2011-09-15 16:15:52 128816 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
2011-09-12 16:34:27 -------- d-----w- C:\Users\galaxyAbstractor\AppData\Roaming\MySQL
2011-09-12 16:34:20 -------- d-----w- C:\Program Files (x86)\MySQL
2011-09-12 08:12:31 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-09-05 17:04:56 183696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-09-02 15:28:07 -------- d-----w- C:\Users\galaxyAbstractor\AppData\Roaming\Dropbox
.
==================== Find3M ====================
.
2011-09-24 08:15:03 25640 ----a-w- C:\Windows\gdrv.sys
2011-09-06 20:45:29 41184 ----a-w- C:\Windows\avastSS.scr
2011-09-06 20:38:18 601944 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-09-06 20:36:30 65368 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-08-24 18:19:10 56320 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-08-24 18:18:30 13601280 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-08-18 08:05:15 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-15 12:32:10 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
2011-08-11 17:31:36 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2011-08-11 17:31:32 95544 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2011-07-28 22:23:16 9980416 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-07-28 22:09:06 23921664 ----a-w- C:\Windows\System32\atio6axx.dll
2011-07-28 21:44:06 18388480 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-07-28 21:40:58 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-07-28 21:40:44 726528 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-07-28 21:39:14 852992 ----a-w- C:\Windows\System32\aticfx64.dll
2011-07-28 21:36:26 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-07-28 21:36:12 485376 ----a-w- C:\Windows\System32\atieclxx.exe
2011-07-28 21:35:34 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-07-28 21:34:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-07-28 21:34:00 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-07-28 21:33:54 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-07-28 21:33:42 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-07-28 21:33:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-07-28 21:33:32 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-07-28 21:33:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-07-28 21:30:26 4198912 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-07-28 21:20:36 4943360 ----a-w- C:\Windows\System32\atidxx64.dll
2011-07-28 21:12:14 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-07-28 21:11:42 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-07-28 21:11:30 3871744 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-07-28 21:11:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-07-28 21:11:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-07-28 21:11:04 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-07-28 21:11:02 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-07-28 21:10:50 9644544 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-07-28 21:09:10 4256768 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-07-28 21:07:24 8247296 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-07-28 21:03:58 4056064 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-07-28 21:02:28 5399040 ----a-w- C:\Windows\System32\atiumd64.dll
2011-07-28 21:01:50 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-07-28 20:54:52 378368 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-07-28 20:54:44 266240 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-07-28 20:54:34 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-07-28 20:54:30 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-07-28 20:54:30 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-07-28 20:54:26 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-07-28 20:54:18 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-07-28 20:54:10 309248 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-07-28 20:53:22 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-07-28 20:53:14 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-07-28 20:53:08 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-07-28 20:53:00 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-07-28 20:52:26 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-07-28 20:51:10 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-07-28 20:51:10 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-07-28 20:51:04 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-07-28 20:51:04 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-07-28 15:49:14 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-07-28 15:48:48 16552960 ----a-w- C:\Windows\System32\amdocl64.dll
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-07-04 17:51:44 18432 ----a-w- C:\addusers.exe
.
============= FINISH: 11:25:16,70 ===============
GMER:
Quote
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-23 20:45:53
Windows 6.1.7601 Service Pack 1
Running: z7w9xo27.exe
---- Services - GMER 1.0.15 ----
Service C:\Program (*** hidden *** ) [MANUAL] Steam Client Service <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows Live\Companion\vigge.swe@gmail.com@191b22a530ef2f433e27f83812691bee\r\n 0x82 0x38 0x99 0xA4 ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\vigge.swe@gmail.com@0bd5882882a452f1b6943d456e723a0f\r\n 0xE5 0x17 0x4B 0xFE ...
---- EOF - GMER 1.0.15 ----
Rootkit scan 2011-09-23 20:45:53
Windows 6.1.7601 Service Pack 1
Running: z7w9xo27.exe
---- Services - GMER 1.0.15 ----
Service C:\Program (*** hidden *** ) [MANUAL] Steam Client Service <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows Live\Companion\vigge.swe@gmail.com@191b22a530ef2f433e27f83812691bee\r\n 0x82 0x38 0x99 0xA4 ...
Reg HKCU\Software\Microsoft\Windows Live\Companion\vigge.swe@gmail.com@0bd5882882a452f1b6943d456e723a0f\r\n 0xE5 0x17 0x4B 0xFE ...
---- EOF - GMER 1.0.15 ----
Attached File(s)
-
Attach.txt (8.73K)
Number of downloads: 0
Back to top
In order to continue receiving help at BleepingComputer.com, 
If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:
