Jump to content

MSIE 8 infected with Spyware Virtumonde ???


Recommended Posts

I only titled this Spyware Virtumonde because a scan from Panda ActiveScan 2.0 website told me that I was infected with this.

MSIE 8 will not let me click on links and open then in a new window or tab.

I have to copy the shortcut, open a new tab, paste the shortcut and press enter to navigate.

I have run the apps you suggested. GMER says that it hasn't found any system modifications.

It also cannot find a file in C:\Windows\System32\Config\System that is needs on startup.

It complains that it is in use by another process.

I also cannot run anything in Administrator mode.

It is missing from my right click menu.

I am running MBAM, SAS PRO 64 bit, AVG IS 9.0, ThreatFire.

None of these detected anything wrong with the PC.

When I run MBAM, it freezes for a second or two while scanning files.

It never did that before.

Here are the logs...

HiJack This

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 8:43:36 AM, on 3/16/2010

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

C:\Program Files (x86)\AVG\AVG9\avgfws9.exe

C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe

C:\Program Files (x86)\ThreatFire\TFService.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\AVG\AVG9\avgemc.exe

C:\Program Files (x86)\AVG\AVG9\avgam.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe

C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe

C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe

C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\ThreatFire\TFTray.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [ThreatFire] C:\Program Files (x86)\ThreatFire\TFTray.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKCU\..\Run: [MtdAcqu] "C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe" /s

O4 - HKCU\..\Run: [softAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe"

O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CtxfiReg] CTXFIREG.exe /FAIL2 (User 'Default user')

O13 - Gopher Prefix:

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareup...15111/CTPID.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgemc.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgfws9.exe

O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

O23 - Service: Creative Media Toolbox 6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe

O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe

O23 - Service: Creative Centrale Media Server (CTUPnPSv) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SAS Core Service (SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCore64.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: ThreatFire - PC Tools - C:\Program Files (x86)\ThreatFire\TFService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10195 bytes

DEFOGGER LOG

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 08:47 on 16/03/2010 (MIB-PC)

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

DDS LOG

DDS (Ver_09-12-01.01) - NTFSX64

Run by MIB-PC at 8:48:39.12 on Tue 03/16/2010

Internet Explorer: 8.0.7600.16385

Microsoft Windows 7 Enterprise N 6.1.7600.0.1252.1.1033.18.8190.6436 [GMT -4:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Program Files (x86)\AVG\AVG9\avgchsva.exe

C:\Program Files (x86)\AVG\AVG9\avgrsa.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe

C:\Program Files (x86)\AVG\AVG9\avgfws9.exe

C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\SUPERAntiSpyware\SASCore64.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\ThreatFire\TFService.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\AVG\AVG9\avgemc.exe

C:\Program Files (x86)\AVG\AVG9\avgam.exe

C:\Program Files (x86)\AVG\AVG9\avgnsa.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Creative\ZEN Media Explorer\CTCheck.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe

C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe

C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files (x86)\AVG\AVG9\avgtray.exe

C:\Program Files (x86)\ThreatFire\TFTray.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\taskhost.exe

C:\Users\MIB-PC\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com

mLocal Page = c:\windows\syswow64\blank.htm

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [MtdAcqu] "c:\program files (x86)\creative\mediasource5\MtdAcqu.exe" /s

uRun: [softAuto.exe] "c:\program files (x86)\creative\software update 3\SoftAuto.exe"

uRun: [CTSyncU.exe] "c:\program files (x86)\creative\sync manager unicode\CTSyncU.exe"

mRun: [startCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

mRun: [ATICustomerCare] "c:\program files (x86)\ati\aticustomercare\ATICustomerCare.exe"

mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe

mRun: [ThreatFire] c:\program files (x86)\threatfire\TFTray.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [CTxfiHlp] CTXFIHLP.EXE

dRun: [CtxfiReg] CTXFIREG.exe /FAIL2

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

Trusted Zone: intuit.com\ttlc

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

mRun-x64: [iAAnotif] c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe

mRun-x64: [CTCheck] c:\program files\creative\zen media explorer\CTCheck.exe

AppInit_DLLs-X64: avgrssta.dll

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSwa.sys [2010-2-26 27144]

R0 AvgRkx64;avgrkx64.sys;c:\windows\system32\drivers\avgrkx64.sys [2010-2-26 56008]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot64.sys [2010-3-16 33800]

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-1-14 65072]

R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-1-14 59880]

R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6a.sys [2010-2-26 29976]

R1 AvgLdx64;AVG AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-2-26 269320]

R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-2-26 35464]

R1 AvgTdiA;AVG Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-2-26 316936]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv64.sys [2009-12-23 14920]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\saskutil64.sys [2009-12-23 12360]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-2-26 202752]

R2 avg9emc;AVG E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-3-4 916760]

R2 avg9wd;AVG WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-3-4 308064]

R2 avgfws9;AVG Firewall;c:\program files (x86)\avg\avg9\avgfws9.exe [2010-3-4 2325816]

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files (x86)\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-3-4 5888008]

R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2010-2-26 27136]

R2 SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-2-2 141824]

R2 ThreatFire;ThreatFire;c:\program files (x86)\threatfire\tfservice.exe service --> c:\program files (x86)\threatfire\TFService.exe service [?]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-2-26 6366720]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-2-26 186880]

R3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_win764\AVGIDSDriver.sys [2010-2-26 132616]

R3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\avg\avg9\identity protection\agent\driver\platform_win764\AVGIDSFilter.sys [2010-2-26 35848]

R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-7-14 230424]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-7-14 1445912]

R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-7-14 95256]

R3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2009-7-14 1613336]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2010-2-26 239616]

R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-1-14 41888]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\AL6Licensing.exe [2010-2-26 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\common files\creative labs shared\service\CTAELicensing.exe [2010-2-26 79360]

S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\common files\creative labs shared\service\MT6Licensing.exe [2010-3-4 79360]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-7-14 230424]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-7-14 1445912]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-7-14 95256]

S3 CTUPnPSv;Creative Centrale Media Server;c:\program files (x86)\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000]

S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2010-2-26 50688]

S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2010-2-26 24064]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-26 1255736]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 23040]

=============== Created Last 30 ================

2010-03-16 12:47:23 0 ----a-w- c:\users\mib-pc\defogger_reenable

2010-03-16 12:43:28 0 d-----w- c:\program files (x86)\Trend Micro

2010-03-16 12:23:40 0 d-----w- c:\program files (x86)\TrendMicro

2010-03-16 10:01:01 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys

2010-03-16 10:00:56 0 d-----w- c:\program files (x86)\Panda Security

2010-03-15 14:26:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2010-03-15 14:21:39 0 d--h--w- c:\programdata\{26D901A1-2540-4430-81DC-0317F01BD7BE}

2010-03-15 14:20:32 0 d--h--w- c:\programdata\{C8754401-336A-464F-9518-B1330985CE63}

2010-03-15 13:26:07 417792 ----a-w- c:\windows\syswow64\awrdscdc.ax

2010-03-15 13:26:02 24576 ------w- c:\windows\syswow64\msxml3a.dll

2010-03-15 13:26:02 1060864 ------w- c:\windows\syswow64\mfc71.dll

2010-03-15 13:25:48 0 d-----w- c:\program files (x86)\Audible

2010-03-05 15:56:19 0 d-----w- c:\users\mib-pc\appdata\roaming\Trillian

2010-03-05 07:27:47 820 ----a-w- c:\windows\system32\DVCState-{00000003-00000000-00000000-00001102-0000000B-00431102}.rfx

2010-03-05 07:27:47 61948 ----a-w- c:\windows\system32\BMXState-{00000003-00000000-00000000-00001102-0000000B-00431102}.rfx

2010-03-05 07:27:47 1080 ----a-w- c:\windows\system32\settingsbkup.sfm

2010-03-05 07:27:47 1080 ----a-w- c:\windows\system32\settings.sfm

2010-03-05 04:35:34 0 d-----w- C:\OutputFolder

2010-03-05 04:35:32 0 d-----w- c:\users\mib-pc\appdata\roaming\Digiarty

2010-03-05 04:34:59 0 d-----w- c:\program files (x86)\Digiarty

2010-03-04 18:44:08 12976 ----a-w- c:\windows\system32\avgrssta.dll

2010-03-04 06:30:00 61948 ----a-w- c:\windows\system32\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00431102}.rfx

2010-03-01 16:27:18 0 d-----w- c:\users\mib-pc\appdata\roaming\KONICA MINOLTA

2010-03-01 16:25:41 0 d-----w- c:\program files\Konica Minolta

2010-02-27 17:50:45 0 d-----w- c:\windows\syswow64\Adobe

2010-02-27 17:40:41 0 d-----w- c:\programdata\Adobe

2010-02-27 17:40:01 0 d-----w- c:\programdata\NOS

2010-02-26 10:47:28 0 d-----w- c:\windows\syswow64\Wat

2010-02-26 10:47:28 0 d-----w- c:\windows\system32\Wat

2010-02-26 09:01:21 0 d-----w- c:\users\mib-pc\appdata\roaming\Intuit

2010-02-26 09:01:18 0 d-----w- c:\program files (x86)\common files\AnswerWorks 5.0

2010-02-26 08:59:10 0 d-----w- c:\program files (x86)\common files\Intuit

2010-02-26 08:58:54 0 d-----w- c:\program files (x86)\TurboTax

2010-02-26 08:58:41 0 d-----w- c:\programdata\Intuit

2010-02-26 08:50:44 0 d-----w- c:\programdata\PC Tools

2010-02-26 08:50:44 0 d-----w- c:\program files (x86)\ThreatFire

2010-02-26 08:45:20 0 d-----w- c:\users\mib-pc\appdata\roaming\Malwarebytes

2010-02-26 08:45:16 22104 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-26 08:45:16 0 d-----w- c:\programdata\Malwarebytes

2010-02-26 08:45:16 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2010-02-26 08:27:53 0 d-----w- c:\users\mib-pc\appdata\roaming\SUPERAntiSpyware.com

2010-02-26 08:27:53 0 d-----w- c:\programdata\SUPERAntiSpyware.com

2010-02-26 08:27:44 0 d-----w- c:\programdata\SASCORE

2010-02-26 08:27:41 0 d-----w- c:\program files\SUPERAntiSpyware

2010-02-26 08:27:06 0 d-----w- c:\program files (x86)\common files\Wise Installation Wizard

2010-02-26 08:04:38 0 d--h--w- C:\$AVG

2010-02-26 08:04:31 56008 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2010-02-26 08:04:31 27144 ----a-w- c:\windows\system32\drivers\AVGIDSwa.sys

2010-02-26 08:04:30 316936 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2010-02-26 08:04:28 269320 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2010-02-26 08:04:27 35464 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2010-02-26 08:04:27 0 d-----w- c:\windows\system32\drivers\Avg

2010-02-26 08:04:26 0 d-----w- c:\programdata\AVG Security Toolbar

2010-02-26 08:04:10 29976 ----a-w- c:\windows\system32\drivers\avgfwd6a.sys

2010-02-26 08:04:09 0 d-----w- c:\programdata\avg9

2010-02-26 08:04:09 0 d-----w- c:\program files (x86)\AVG

2010-02-26 07:09:19 0 ----a-w- c:\windows\ativpsrm.bin

2010-02-26 07:07:03 0 d-----w- c:\windows\Panther

2010-02-26 06:23:48 7572224 ----a-w- c:\windows\syswow64\CT8MGM.SF2

2010-02-26 06:23:39 7572224 ----a-w- c:\windows\system32\CT8MGM.SF2

2010-02-26 06:13:58 11406336 ----a-w- c:\windows\syswow64\wmp.dll

2010-02-26 06:13:57 12625920 ----a-w- c:\windows\system32\wmploc.DLL

2010-02-26 06:13:57 12625408 ----a-w- c:\windows\syswow64\wmploc.DLL

2010-02-26 06:13:47 552960 ----a-w- c:\windows\system32\msdri.dll

2010-02-26 06:09:59 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf

2010-02-26 06:07:52 0 d-----w- c:\program files\Windows Portable Devices

2010-02-26 06:07:52 0 d-----w- c:\program files\Windows Media Player

2010-02-26 06:07:52 0 d-----w- c:\program files\DVD Maker

2010-02-26 06:07:52 0 d-----w- c:\program files (x86)\Windows Portable Devices

2010-02-26 06:07:49 0 d-----w- c:\windows\syswow64\LogFiles

2010-02-26 06:07:49 0 d-----w- c:\windows\ehome

2010-02-26 06:01:32 61440 ------w- c:\windows\syswow64\CTChkAud.dll

2010-02-26 06:01:32 6010 ------w- c:\windows\syswow64\CTOPT352.cat

2010-02-26 06:01:32 183296 ------w- c:\windows\system32\CTOPT352.dll

2010-02-26 06:01:32 166400 ------w- c:\windows\syswow64\CTOPT352.dll

2010-02-26 06:01:31 6130 ------w- c:\windows\system32\CTOPT352.cat

2010-02-26 06:01:31 49664 ------w- c:\windows\system32\CTChkAud.dll

2010-02-26 06:01:31 42496 ------w- c:\windows\system32\AddCat.exe

2010-02-26 05:51:44 647872 ------w- c:\windows\syswow64\Mscomct2.ocx

2010-02-26 05:51:44 53248 ------w- c:\windows\Ctregrun.exe

2010-02-26 05:38:54 311808 ----a-w- c:\windows\system32\msv1_0.dll

2010-02-26 05:38:54 257024 ----a-w- c:\windows\syswow64\msv1_0.dll

2010-02-26 05:28:34 61948 ----a-w- c:\windows\system32\BMXStateBkp-{00000003-00000000-00000000-00001102-0000000B-00411102}.rfx

2010-02-26 05:28:08 7062 ----a-w- c:\windows\syswow64\audiopid.vxd

2010-02-26 05:27:49 0 d-----w- c:\program files (x86)\common files\Creative

2010-02-26 05:27:48 0 d--h--w- c:\program files (x86)\Creative Installation Information

2010-02-26 05:27:42 0 d-----w- c:\program files (x86)\common files\Creative Labs Shared

2010-02-26 05:27:16 113152 ----a-w- c:\windows\system32\cttele64.dll

2010-02-26 05:27:16 106496 ----a-w- c:\windows\syswow64\cttele32.dll

2010-02-26 05:27:16 0 d-----w- c:\programdata\Creative

2010-02-26 05:27:13 89088 ----a-w- c:\windows\system32\CmdRtr64.DLL

2010-02-26 05:27:13 73728 ----a-w- c:\windows\syswow64\CmdRtr.DLL

2010-02-26 05:27:13 419840 ----a-w- c:\windows\system32\wrap_oal.dll

2010-02-26 05:27:13 413696 ----a-w- c:\windows\syswow64\wrap_oal.dll

2010-02-26 05:27:13 214528 ----a-w- c:\windows\system32\APOMgr64.DLL

2010-02-26 05:27:13 166912 ----a-w- c:\windows\syswow64\APOMngr.DLL

2010-02-26 05:27:13 159 ---ha-r- c:\windows\ctfile.rfc

2010-02-26 05:27:13 133632 ----a-w- c:\windows\system32\OpenAL32.dll

2010-02-26 05:27:13 110592 ----a-w- c:\windows\syswow64\OpenAL32.dll

2010-02-26 05:27:13 0 d-----w- c:\program files (x86)\OpenAL

2010-02-26 05:26:57 12288 ----a-w- c:\windows\system32\INRES.DLL

2010-02-26 05:26:57 11776 ----a-w- c:\windows\syswow64\INRES.DLL

2010-02-26 05:26:57 0 d-----w- c:\windows\syswow64\Data

2010-02-26 05:26:57 0 d-----w- c:\windows\system32\Data

2010-02-26 05:24:21 0 d-----w- c:\programdata\ATI

2010-02-26 05:22:51 0 d-----w- c:\program files (x86)\ATI

2010-02-26 05:22:19 0 d-----w- c:\program files (x86)\ATI Technologies

2010-02-26 05:22:12 0 d-----w- c:\program files\ATI

2010-02-26 05:21:48 0 d-----w- c:\program files\ATI Technologies

2010-02-26 05:11:20 212864 ------w- c:\windows\system32\MpSigStub.exe

2010-02-26 04:52:54 0 d-----w- c:\program files\Creative

2010-02-26 04:52:40 0 d-----w- c:\program files (x86)\Creative

2010-02-26 04:50:04 0 d--h--w- c:\program files (x86)\Temp

2010-02-26 04:50:03 838176 ----a-w- c:\windows\RtlExUpd.dll

2010-02-26 04:47:50 50688 ----a-w- c:\windows\system32\drivers\RtTeam60.sys

2010-02-26 04:47:50 27136 ----a-w- c:\windows\system32\drivers\RtNdPt60.sys

2010-02-26 04:47:50 24064 ----a-w- c:\windows\system32\drivers\RtVlan60.sys

2010-02-26 04:46:49 97792 ----a-w- c:\windows\system32\RTNUninst64.dll

2010-02-26 04:46:49 67584 ----a-w- c:\windows\system32\RtNicProp64.dll

2010-02-26 04:46:49 239616 ----a-w- c:\windows\system32\drivers\Rt64win7.sys

2010-02-26 04:46:49 0 d-----w- c:\program files (x86)\Realtek

2010-02-26 04:44:57 0 d-sh--w- c:\windows\Installer

2010-02-26 04:40:48 408600 ----a-w- c:\windows\system32\drivers\iaStor.sys

2010-02-26 04:31:27 0 d-----w- c:\windows\syswow64\Macromed

2010-02-26 04:23:50 53248 ----a-w- c:\windows\syswow64\CSVer.dll

2010-02-26 04:23:41 0 d-----w- C:\Intel

2010-02-26 04:20:52 285696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

==================== Find3M ====================

2010-02-03 04:55:18 6366720 ----a-w- c:\windows\system32\drivers\atipmdag.sys

2010-02-03 04:55:18 6366720 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2010-02-03 04:23:36 426496 ----a-w- c:\windows\syswow64\aticfx32.dll

2010-02-03 04:22:40 471552 ----a-w- c:\windows\system32\aticfx64.dll

2010-02-03 04:20:42 18594816 ----a-w- c:\windows\system32\atio6axx.dll

2010-02-03 04:19:14 143360 ----a-w- c:\windows\system32\atiapfxx.exe

2010-02-03 04:17:56 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll

2010-02-03 04:17:46 450048 ----a-w- c:\windows\system32\atieclxx.exe

2010-02-03 04:17:10 202752 ----a-w- c:\windows\system32\atiesrxx.exe

2010-02-03 04:15:46 120320 ----a-w- c:\windows\system32\atitmm64.dll

2010-02-03 04:15:28 420864 ----a-w- c:\windows\system32\atipdl64.dll

2010-02-03 04:15:20 356352 ----a-w- c:\windows\syswow64\atipdlxx.dll

2010-02-03 04:15:06 274432 ----a-w- c:\windows\syswow64\Oemdspif.dll

2010-02-03 04:15:00 12288 ----a-w- c:\windows\system32\atimuixx.dll

2010-02-03 04:14:56 59392 ----a-w- c:\windows\system32\atiedu64.dll

2010-02-03 04:14:52 43520 ----a-w- c:\windows\syswow64\ati2edxx.dll

2010-02-03 04:12:04 3073024 ----a-w- c:\windows\syswow64\atidxx32.dll

2010-02-03 04:04:16 3688960 ----a-w- c:\windows\system32\atidxx64.dll

2010-02-03 04:01:18 14147072 ----a-w- c:\windows\syswow64\atioglxx.dll

2010-02-03 03:55:34 3653632 ----a-w- c:\windows\syswow64\atiumdag.dll

2010-02-03 03:52:48 43008 ----a-w- c:\windows\system32\aticalrt64.dll

2010-02-03 03:52:44 53248 ----a-w- c:\windows\syswow64\aticalrt.dll

2010-02-03 03:52:32 39936 ----a-w- c:\windows\system32\aticalcl64.dll

2010-02-03 03:52:30 53248 ----a-w- c:\windows\syswow64\aticalcl.dll

2010-02-03 03:52:18 4771840 ----a-w- c:\windows\system32\aticaldd64.dll

2010-02-03 03:51:18 3649536 ----a-w- c:\windows\syswow64\aticaldd.dll

2010-02-03 03:49:46 4736000 ----a-w- c:\windows\system32\atiumd64.dll

2010-02-03 03:43:14 2649088 ----a-w- c:\windows\system32\atiumd6a.dll

2010-02-03 03:40:18 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2010-02-03 03:37:10 2934272 ----a-w- c:\windows\syswow64\atiumdva.dll

2010-02-03 03:25:06 53248 ----a-w- c:\windows\system32\atimpc64.dll

2010-02-03 03:25:06 53248 ----a-w- c:\windows\system32\amdpcom64.dll

2010-02-03 03:25:00 52224 ----a-w- c:\windows\syswow64\atimpc32.dll

2010-02-03 03:25:00 52224 ----a-w- c:\windows\syswow64\amdpcom32.dll

2010-02-03 03:24:34 321536 ----a-w- c:\windows\system32\atiadlxx.dll

2010-02-03 03:24:28 229376 ----a-w- c:\windows\syswow64\atiadlxy.dll

2010-02-03 03:24:16 14848 ----a-w- c:\windows\system32\atig6pxx.dll

2010-02-03 03:24:12 12800 ----a-w- c:\windows\syswow64\atiglpxx.dll

2010-02-03 03:24:12 12800 ----a-w- c:\windows\system32\atiglpxx.dll

2010-02-03 03:24:08 16384 ----a-w- c:\windows\system32\atig6txx.dll

2010-02-03 03:24:04 14848 ----a-w- c:\windows\syswow64\atigktxx.dll

2010-02-03 03:23:58 186880 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2010-02-03 03:23:32 55296 ----a-w- c:\windows\system32\coinst.dll

2010-02-03 03:23:20 35840 ----a-w- c:\windows\system32\atiuxp64.dll

2010-02-03 03:23:14 27136 ----a-w- c:\windows\syswow64\atiuxpag.dll

2010-02-03 03:23:06 28160 ----a-w- c:\windows\system32\atiu9p64.dll

2010-02-03 03:22:58 20480 ----a-w- c:\windows\syswow64\atiu9pag.dll

2010-02-02 08:36:47 2048 ----a-w- c:\windows\system32\tzres.dll

2010-02-02 07:45:54 2048 ----a-w- c:\windows\syswow64\tzres.dll

2010-01-28 14:33:38 116736 ----a-w- c:\windows\system32\drivers\AtiHdmi.sys

2010-01-19 09:05:57 424960 ----a-w- c:\windows\system32\secproc.dll

2010-01-19 09:05:57 422912 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-19 09:05:57 121856 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-19 09:00:44 305152 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-19 09:00:43 357888 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-19 09:00:37 356352 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-19 09:00:37 306688 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp_isv.dll

2010-01-18 23:29:31 85504 ----a-w- c:\windows\syswow64\secproc_ssp.dll

2010-01-18 23:29:31 365568 ----a-w- c:\windows\syswow64\secproc_isv.dll

2010-01-18 23:29:30 369152 ----a-w- c:\windows\syswow64\secproc.dll

2010-01-18 23:28:33 324608 ----a-w- c:\windows\syswow64\RMActivate_isv.exe

2010-01-18 23:28:33 277504 ----a-w- c:\windows\syswow64\RMActivate_ssp_isv.exe

2010-01-18 23:28:30 320512 ----a-w- c:\windows\syswow64\RMActivate.exe

2010-01-18 23:28:30 280064 ----a-w- c:\windows\syswow64\RMActivate_ssp.exe

2010-01-12 05:48:00 499712 ----a-w- c:\windows\syswow64\msvcp71.dll

2010-01-12 05:48:00 348160 ----a-w- c:\windows\syswow64\msvcr71.dll

2010-01-11 07:12:38 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll

2009-12-22 08:36:19 243200 ----a-w- c:\windows\system32\wow64.dll

2009-12-22 08:24:35 14336 ----a-w- c:\windows\syswow64\ntvdm64.dll

2009-12-22 08:23:35 25600 ----a-w- c:\windows\syswow64\setup16.exe

2009-12-22 08:22:10 5120 ----a-w- c:\windows\syswow64\wow32.dll

2009-12-22 04:28:10 7680 ----a-w- c:\windows\syswow64\instnm.exe

2009-12-22 04:28:08 2048 ----a-w- c:\windows\syswow64\user.exe

2009-12-19 09:51:24 1192960 ----a-w- c:\windows\system32\wininet.dll

2009-12-19 09:50:56 14848 ----a-w- c:\windows\system32\tsbyuv.dll

2009-12-19 09:49:47 1572352 ----a-w- c:\windows\system32\quartz.dll

2009-12-19 09:47:56 25088 ----a-w- c:\windows\system32\msyuv.dll

2009-12-19 09:47:53 38912 ----a-w- c:\windows\system32\msvidc32.dll

2009-12-19 09:47:46 16384 ----a-w- c:\windows\system32\msrle32.dll

2009-12-19 09:46:35 54272 ----a-w- c:\windows\system32\iyuv_32.dll

2009-07-14 05:42:52 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat

2009-07-14 05:42:52 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat

2009-07-14 05:42:52 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat

2009-07-14 05:42:52 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat

2009-07-14 04:59:33 174 --sha-w- c:\program files\desktop.ini

2009-07-14 04:59:33 174 --sha-w- c:\program files (x86)\desktop.ini

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat

2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat

2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat

2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe

2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 8:51:53.85 ===============

Attach is attached.

Attach_MENINBLK_03162010__1.txt

Link to post
Share on other sites

I ran Comedian successfully and also ran OTS.

I am attaching the OTS log for you to view.

'Run as Administrator' is now back in my right click menu.

I still can't right click in IE8 on a link in a window and tell it to open in either a tab or another window successfully.

I still have to copy the shortcut, manually open another window and paste the shortcut in the address bar.

I have turned off System Restore for now to keep whatever I have from reinfecting this PC.

The notices in the OTC file about not creating a restore point is because of this.

OTS_MENINBLK_031910.Txt

Link to post
Share on other sites

  • Staff
I don't haver Firefox installed.
Could you please install it and find out..
When MBAM scans the PC it freezes for a moment.

The title bar will read (no reponse).

When you have as many security programs running in resident mode as you do, that's not surprising. I'm willing to bet that the behavior you see would stop if all of your security applications weren't running at the same time.
Link to post
Share on other sites

Okay.

I installed Mozilla Firefox and uninstalled IE 8.

I read on the internet that my problem could be caused by Adobe Flash Player 10 and IE8 incompatibilities.

I don't know how when I have several PCs in this house running both 32 and 64 bit versions of Windows 7

and this PC is the ONLY PC that has this problem between IE 8 and Adobe Flash Player 10.

All of the features of Firefox seem to be working fine right now.

Link to post
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.