Malware Bytes Log:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org
Database version: 5340
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
12/16/2010 6:06:45 PM
mbam-log-2010-12-16 (18-06-45).txt
Scan type: Quick scan
Objects scanned: 169209
Time elapsed: 6 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\alex\Desktop\system tool 2011.lnk (Rogue.SystemTool) -> Quarantined and deleted successfully.
GMER Log:
GMER 1.0.15.15530 -
http://www.gmer.net
Rootkit scan 2010-12-16 21:31:12
Windows 6.1.7600
Running: 0idpd07t.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x26 0x6B 0x64 0xA9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x65 0x9C 0x40 0xA5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0D 0xA7 0xBC 0x39 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC1 0x3B 0x1D 0x23 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0xB3 0x5C 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x65 0x9C 0x40 0xA5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0D 0xA7 0xBC 0x39 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xC1 0x3B 0x1D 0x23 ...
---- Files - GMER 1.0.15 ----
File C:\ADSM_PData_0150 0 bytes
File C:\ADSM_PData_0150\DB 0 bytes
File C:\ADSM_PData_0150\DB\SI.db 624 bytes
File C:\ADSM_PData_0150\DB\UL.db 1040 bytes
File C:\ADSM_PData_0150\DB\VL.db 6160 bytes
File C:\ADSM_PData_0150\DB\WAL.db 2048 bytes
File C:\ADSM_PData_0150\DragWait.exe 315392 bytes executable
File C:\ADSM_PData_0150\_avt 512 bytes
File C:\ProgramData\Microsoft\RAC\Temp\sql2348.tmp 20480 bytes
File C:\ProgramData\Microsoft\RAC\Temp\sql2368.tmp 20480 bytes
File C:\Users\alex\Safe Doc 0 bytes
File C:\Users\alex\Safe Doc\_avt 512 bytes
File C:\Users\alex\Safe Doc\_lit 512 bytes
File C:\Users\alex\Safe Music 0 bytes
File C:\Users\alex\Safe Music\_avt 512 bytes
File C:\Users\alex\Safe Music\_lit 512 bytes
File C:\Users\alex\Safe Video 0 bytes
File C:\Users\alex\Safe Video\_avt 512 bytes
File C:\Users\alex\Safe Video\_lit 512 bytes
---- EOF - GMER 1.0.15 ----
DDS.txt Log:
DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by alex at 21:32:07.57 on Thu 12/16/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4061.2696 [GMT -8:00]
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\SysWOW64\CTsvcCDA.exe
C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\alex\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://asus.msn.com
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [CinemaNowMediaManagerApp] C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe -start
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [Setwallpaper] c:\programdata\SetWallpaper.cmd
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [UVS11 Preload] C:\Program Files (x86)\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
mRun: [Standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: cinemanow.com
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
mRun-x64: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
================= FIREFOX ===================
FF - ProfilePath - C:\Users\alex\AppData\Roaming\Mozilla\Firefox\Profiles\mwx14hke.default\
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: vShare: vshareus@toolbar - %profile%\extensions\vshareus@toolbar
============= SERVICES / DRIVERS ===============
R0 lullaby;lullaby;C:\Windows\System32\drivers\lullaby.sys [2009-9-28 15928]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2009-9-28 359552]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-16 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-12-16 267944]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-9-28 14904]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-12-16 83120]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-11 127352]
R2 FastBootAgent;FastBootAgent;C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-9-28 306232]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\System32\drivers\danew.sys [2010-10-21 12032]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-7-8 140800]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2009-7-9 1222144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-27 135664]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-11-21 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 StkTMini;Syntek AVStream USB2.0 ATV;C:\Windows\System32\drivers\StkTMini.sys [2010-3-21 528256]
S3 tmpreflt;tmpreflt;C:\Windows\System32\drivers\tmpreflt.sys [2009-8-22 42000]
=============== Created Last 30 ================
2010-12-17 01:47:32 -------- d-----w- C:\Users\alex\AppData\Roaming\Malwarebytes
2010-12-17 01:47:09 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-17 01:47:04 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-17 01:47:01 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-17 01:46:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-17 01:02:14 -------- d-----w- C:\Users\alex\AppData\Roaming\Avira
2010-12-17 00:58:14 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2010-12-17 00:58:14 -------- d-----w- C:\Program Files (x86)\Avira
2010-12-17 00:58:14 -------- d-----w- C:\PROGRA~3\Avira
2010-12-16 12:56:44 -------- d-----w- C:\PROGRA~3\bLoCc06303
2010-12-14 23:18:08 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-12-14 23:18:08 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-12-14 23:18:01 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-12-14 23:18:00 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-12-14 23:18:00 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-12-14 23:18:00 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-12-14 23:18:00 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-12-14 23:18:00 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-12-14 23:18:00 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-12-14 23:18:00 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-12-14 23:18:00 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-12-14 23:18:00 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-12-14 00:33:21 -------- d-----w- C:\Program Files (x86)\vShare
2010-12-12 11:51:12 -------- d-----w- C:\Program Files (x86)\Common Files\NSV
2010-12-12 11:45:53 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
2010-12-12 11:45:12 -------- d-----w- C:\Program Files (x86)\Winamp Detect
2010-12-12 11:44:44 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine
2010-12-09 10:47:06 12800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
2010-11-25 05:38:40 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2010-11-25 05:38:40 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2010-11-21 11:45:32 -------- d-----w- C:\Windows\en
2010-11-21 11:43:40 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2010-11-21 11:42:50 -------- d-----w- C:\Program Files (x86)\MSN Toolbar
2010-11-21 11:42:37 -------- d-----w- C:\Program Files (x86)\Bing Bar Installer
2010-11-21 11:42:36 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2010-11-21 11:42:36 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2010-11-21 11:42:36 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2010-11-21 11:42:36 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2010-11-21 11:42:23 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\28448eff1cb89712a\InstallManager_WLE_WLE.exe
2010-11-21 11:42:00 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\1bca184f1cb897121\MeshBetaRemover.exe
2010-11-21 11:41:38 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e5f36a41cb89711a\DSETUP.dll
2010-11-21 11:41:38 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e5f36a41cb89711a\DXSETUP.exe
2010-11-21 11:41:38 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\e5f36a41cb89711a\dsetup32.dll
2010-11-21 11:41:36 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cb781b31cb897119\DSETUP.dll
2010-11-21 11:41:36 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cb781b31cb897119\DXSETUP.exe
2010-11-21 11:41:36 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\cb781b31cb897119\dsetup32.dll
2010-11-21 11:40:35 -------- d-----w- C:\Users\alex\AppData\Local\Windows Live
2010-11-21 11:40:01 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2010-11-21 11:40:01 206848 ----a-w- C:\Windows\System32\mfps.dll
2010-11-21 11:40:01 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2010-11-21 11:40:00 4068864 ----a-w- C:\Windows\System32\mf.dll
2010-11-21 11:40:00 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2010-11-21 11:40:00 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2010-11-21 11:39:59 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2010-11-21 11:04:59 -------- d-----w- C:\Program Files (x86)\DVDFab 8
==================== Find3M ====================
2010-12-16 22:59:05 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2010-09-23 08:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2010-09-23 08:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR
2010-09-21 22:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL
2010-09-21 22:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL
2009-04-08 17:31:56 106496 ----a-w- C:\Program Files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45:20 155648 ----a-w- C:\Program Files (x86)\Common Files\MSIactionall.dll
============= FINISH: 21:33:11.78 ===============