Jump to content

Dom

Honorary Members
  • Posts

    48
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks very much for the quick response! I'll leave it be.
  2. I found what looks like a fairly serious virus in the Utilu IE Bundle. You can download it from here: http://utilu.com/IECollection/ It's a tool used by web developers to install multiple versions of IE for backwards compatibility testing. It's also fairly widely used. Could the virus I found on it be a false positive? ieutilitu bundle.rar MBAM-log-2013-12-26 (11-46-45).txt
  3. Did not occur. Probably should've done. Did you know the only place with worse internet than a tropical island is anywhere in Australia? ComboFix 12-12-07.01 - top 12/09/2012 18:51:43.1.2 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1878.339 [GMT 7:00] Running from: c:\users\top\Downloads\Programs\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 ))))))))))))))))))))))))))))))) . . 2012-12-09 12:02 . 2012-12-09 12:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-08 11:28 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{11E017EE-2E06-44DA-8D7D-80BF99A85206}\mpengine.dll 2012-12-06 11:08 . 2012-12-06 11:08 -------- d-----w- c:\users\top\AppData\Local\Apps 2012-12-06 11:06 . 2012-12-06 11:06 -------- d-----w- c:\users\top\AppData\Local\Apple Computer 2012-12-06 11:06 . 2012-12-06 11:13 -------- d-----w- c:\users\top\AppData\Roaming\Apple Computer 2012-12-06 11:06 . 2012-08-21 06:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-12-06 11:06 . 2012-12-06 11:06 -------- dc----w- c:\windows\system32\DRVSTORE 2012-12-06 11:05 . 2012-12-06 11:05 -------- d-----w- c:\program files\iPod 2012-12-06 11:05 . 2012-12-06 11:06 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-12-06 11:05 . 2012-12-06 11:06 -------- d-----w- c:\program files\iTunes 2012-12-06 11:05 . 2012-12-06 11:05 -------- d-----w- c:\programdata\Apple Computer 2012-12-06 11:03 . 2012-12-06 11:03 -------- d-----w- c:\users\top\AppData\Local\Apple 2012-12-06 11:03 . 2012-12-06 11:03 -------- d-----w- c:\program files\Apple Software Update 2012-12-06 11:02 . 2012-12-06 11:02 -------- d-----w- c:\program files\Bonjour 2012-12-06 11:02 . 2012-12-06 11:05 -------- d-----w- c:\program files\Common Files\Apple 2012-12-06 11:02 . 2012-12-06 11:03 -------- d-----w- c:\programdata\Apple 2012-12-05 06:25 . 2012-12-05 06:25 -------- d-----w- c:\users\top\AppData\Local\Mozilla 2012-12-05 05:48 . 2012-05-31 05:25 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-12-03 10:58 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-03 10:58 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-03 10:58 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-03 10:57 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-03 10:57 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-03 10:57 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-03 10:57 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-03 10:57 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-03 10:57 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-03 10:57 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-03 10:53 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-12-03 10:52 . 2011-04-22 19:14 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2012-12-03 10:52 . 2011-01-17 05:47 161792 ----a-w- c:\windows\system32\d3d10_1.dll 2012-12-03 10:52 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll 2012-12-03 10:48 . 2012-08-02 16:57 490496 ----a-w- c:\windows\system32\d3d10level9.dll 2012-12-03 10:47 . 2011-02-03 05:54 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2012-12-03 10:46 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-12-03 10:46 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-12-03 10:46 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-12-03 10:03 . 2011-02-19 06:30 805376 ----a-w- c:\windows\system32\FntCache.dll 2012-12-03 10:03 . 2011-02-19 06:30 739840 ----a-w- c:\windows\system32\d2d1.dll 2012-12-03 08:14 . 2012-12-03 08:14 -------- d-----w- c:\program files\Unlocker 2012-12-03 06:48 . 2012-12-03 06:48 -------- d-----w- c:\users\top\AppData\Roaming\Malwarebytes 2012-12-03 06:47 . 2012-12-03 06:47 -------- d-----w- c:\programdata\Malwarebytes 2012-12-03 06:47 . 2012-12-03 06:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-03 06:47 . 2012-09-29 12:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-01 00:45 . 2012-12-01 00:45 -------- d-----w- c:\windows\system32\Wat 2012-11-30 19:14 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-11-30 19:14 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll 2012-11-30 19:14 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll 2012-11-30 19:10 . 2012-11-30 19:10 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-11-30 16:40 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-11-30 16:40 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-11-30 16:40 . 2012-10-15 15:59 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-11-30 16:40 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-11-30 16:40 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-11-30 16:39 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-11-30 16:39 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr 2012-11-30 16:39 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-11-30 16:39 . 2012-11-30 16:39 -------- d-----w- c:\programdata\AVAST Software 2012-11-30 16:39 . 2012-11-30 16:39 -------- d-----w- c:\program files\AVAST Software 2012-11-30 15:48 . 2012-11-30 15:48 -------- d-----w- c:\program files\Recuva 2012-11-30 13:46 . 2011-04-25 02:18 338944 ----a-w- c:\windows\system32\drivers\afd.sys 2012-11-30 13:46 . 2011-04-29 02:46 311808 ----a-w- c:\windows\system32\drivers\srv.sys 2012-11-30 13:46 . 2011-04-29 02:46 310272 ----a-w- c:\windows\system32\drivers\srv2.sys 2012-11-30 13:46 . 2011-04-29 02:46 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys 2012-11-30 13:46 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll 2012-11-30 13:46 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-11-30 13:46 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys 2012-11-30 13:46 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-11-30 13:44 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll 2012-11-30 13:43 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-11-30 13:31 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll 2012-11-30 13:31 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-11-30 13:23 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-11-30 13:23 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-11-30 13:23 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-11-30 13:23 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-11-30 13:22 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-11-30 13:22 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-11-30 13:22 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-11-30 13:22 . 2012-06-02 08:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-11-30 13:22 . 2012-06-02 08:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-11-30 10:48 . 2012-11-30 10:48 -------- d-----w- c:\users\top\AppData\Roaming\ACD Systems 2012-11-30 10:06 . 2012-11-30 13:29 -------- d-----w- c:\users\top\AppData\Local\Adobe 2012-11-30 08:01 . 2012-11-30 08:24 -------- d-----w- c:\windows\AutoKMS 2012-11-30 08:00 . 2012-12-09 09:26 151552 ----a-w- c:\windows\KMSEmulator.exe 2012-11-30 07:52 . 2012-11-30 07:52 -------- d-----w- c:\program files\Microsoft Synchronization Services 2012-11-30 07:52 . 2012-12-08 11:13 -------- d-----w- c:\program files\Microsoft.NET 2012-11-30 07:52 . 2012-11-30 07:52 -------- d-----w- c:\program files\Microsoft Sync Framework 2012-11-30 07:52 . 2012-11-30 07:52 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2012-11-30 07:50 . 2012-11-30 07:50 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2012-11-30 07:49 . 2012-11-30 07:49 -------- d-----w- c:\program files\Microsoft Analysis Services 2012-11-30 07:48 . 2012-11-30 07:48 -------- d-----r- C:\MSOCache 2012-11-30 07:40 . 2012-11-30 07:40 -------- d-----w- c:\users\top\AppData\Roaming\Synaptics 2012-11-30 07:40 . 2012-11-30 07:40 -------- d-----w- c:\programdata\Synaptics 2012-11-30 07:22 . 2012-12-09 09:25 58288 ----a-w- c:\windows\system32\rpcnet.dll 2012-11-30 07:22 . 2012-11-30 07:22 58288 ------w- c:\windows\system32\rpcnet.exe 2012-11-18 11:19 . 2012-11-18 11:19 -------- d-----w- c:\programdata\CyberLink 2012-11-18 11:19 . 2012-11-18 11:19 -------- d-----w- c:\users\top\AppData\Roaming\CyberLink 2012-11-18 11:18 . 2012-11-18 11:18 -------- d-----w- c:\users\top\AppData\Local\CyberLink 2012-11-18 11:16 . 2012-11-18 11:16 -------- d-----w- C:\Intel 2012-11-18 11:14 . 2010-01-06 06:13 506368 ----a-w- c:\windows\system32\sqlite3.dll 2012-11-18 11:11 . 2012-11-18 11:11 -------- d-----w- c:\program files\Synaptics 2012-11-18 11:11 . 2009-08-07 02:49 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-11-18 11:11 . 2012-03-29 13:13 323344 ----a-w- c:\windows\system32\drivers\SynTP.sys 2012-11-18 11:11 . 2012-03-29 13:13 122128 ----a-w- c:\windows\system32\SynTPCo9.dll 2012-11-18 11:11 . 2012-03-29 13:13 175376 ----a-w- c:\windows\system32\SynTPAPI.dll 2012-11-18 11:11 . 2012-03-29 13:13 146704 ----a-w- c:\windows\system32\SynGlwPadShlExt.dll 2012-11-18 11:11 . 2012-03-29 13:13 396560 ----a-w- c:\windows\system32\SynCOM.dll 2012-11-18 11:11 . 2012-03-29 13:13 228624 ----a-w- c:\windows\system32\SynCtrl.dll 2012-11-18 11:11 . 2011-09-14 11:11 1048576 ----a-w- c:\windows\system32\syndata.bin 2012-11-18 10:57 . 2012-12-01 00:49 17920 ----a-w- c:\windows\system32\rpcnetp.dll 2012-11-18 10:56 . 2012-12-09 11:34 17920 ----a-w- c:\windows\system32\rpcnetp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-18 11:14 . 2011-03-28 11:36 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-10-16 07:39 . 2012-12-03 10:54 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-09-28 03:32 . 2012-09-28 03:32 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-09-28 03:32 . 2012-09-28 03:32 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2012-04-21 01:19 . 2012-10-15 13:37 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-11-20 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7601.17514] . . c:\windows\System32\user32.dll [7] 2010-11-20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-05-30 16:50 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-04-05 17356424] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-10-15 3405208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ACPW05EN"="c:\program files\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe" [2011-11-16 822384] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "MagicLinker3"="c:\program files\ThaiSoftware Enterprise\ThaiSoftware Dictionary\Bin\MagicLnk.exe" [2005-10-20 155648] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-03-29 2346256] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x] S3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [x] S3 MEI;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-12-09 c:\windows\Tasks\AutoKMS.job - c:\windows\AutoKMS\AutoKMS.exe [2012-11-30 08:01] . 2012-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-15 13:37] . 2012-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-10-15 13:37] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: ??????????????? IDM IE: ??????????????????????????? IDM IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: ??????????????????????????? IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: ??????????????? IDM - c:\program files\Internet Download Manager\IEExt.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\top\AppData\Roaming\Mozilla\Firefox\Profiles\4dyzyjpq.default\ FF - ExtSQL: 2012-10-15 21:07; mozilla_cc@internetdownloadmanager.com; c:\users\top\AppData\Roaming\IDM\idmmzcc5 FF - ExtSQL: 2012-12-05 13:26; {DDC359D1-844A-42a7-9AA1-88A850A938A8}; c:\users\top\AppData\Roaming\Mozilla\Firefox\Profiles\4dyzyjpq.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.032" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.abr" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.apd" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.arw" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.bay" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.bw" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.cr2" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.crw" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.cs1" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.dcr" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.dcx" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.djv" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.djvu" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.dng" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.eps" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.erf" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.fff" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.fpx" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.hdr" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.icn" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.iff" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.ilbm" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.int" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.inta" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.iw4" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.j2c" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.j2k" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.jbr" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.jif" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.jp2" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.jpc" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.jpk" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.jpx" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.kdc" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.lbm" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.mef" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.mos" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.mrw" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.nef" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.nrw" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.orf" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.pbm" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.pbr" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.pcd" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.pct" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.pcx" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.pef" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.pgm" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.pic" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.pict" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.pix" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.ppm" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.psd" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.psp" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.pspbrush" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.pspimage" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.raf" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.ras" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.raw" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.rgb" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.rgba" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.rsb" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.rw2" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.rwl" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.sgi" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.sr2" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.srf" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.srw" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.tga" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.thm" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.v50po" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.v50pp" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.v50ppf" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.wbm" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.wbmp" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.xbm" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.xif" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.xmp" . [HKEY_USERS\S-1-5-21-1565109452-1158753834-2774069199-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Pro 5.xpm" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(1844) c:\program files\ThaiSoftware Enterprise\ThaiSoftware Dictionary\Bin\ActWndHk.dll . Completion time: 2012-12-09 19:06:27 ComboFix-quarantined-files.txt 2012-12-09 12:06 . Pre-Run: 694,001,664 bytes free Post-Run: 952,274,944 bytes free . - - End Of File - - 87A40DD13BE04459D31D379BC114C28F
  4. Ok cool I managed to get the script to run. (Windows affixed .txt on the end of .vbs and I missed it). It didn't work on the harddrive, Maybe because it had all already appeared? But it worked great on the memory stick and revealed all the folders. Here's the combo fix log. I ran combo fix with both the harddrive and memory stick plugged in. I've not checked through all the photos yet. I have around 9000 and it's taking awhile. Up to 5000, it's all good. combofix log.txt
  5. Ok so the folders have magically reappeared and I don't have the faintest idea. However there seems to be some size discrepancies; one of my jpg folders is 10.9gb but I can only see about 8 gb so I'm going to take a proper look and put down the results when I'm done. I'm also going to run combofix anyway.
  6. Sorry about the delay, I'm stuck on an island in Thailand and the internet is shocking. Unfortunately I couldn't even run the text file. I was going to post pictures however nothing is working and the picture function on the forum is failing. Hopefully descriptions will be enough. I created the text file. I right clicked on it however the menu "Open with Command Prompt." was missing. I clicked on "Open With". Command Prompt was not an option so I manually went to the path C:\Windows\System32\cmd.exe and selected that. This was apparently a bad move. Now opening any notepad file opens up command prompt. The "Always use the selected programme to open this kind of file" check box on "Open With" is now permanently grayed out. I think I found the relevant registry entry: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\UserChoice Inside there is a file named Progid which contains: Value Name: Progid Value Data: Applications\cmd.exe However I don't know what to change this to, to solve the problem. I tried solving the problem using the default programme options in the control panel however this didn't work. So two new questions. 1. How do I remove this association? 2. How do I run a text file as a command prompt script when the context menu option, run as command prompt is missing. I'm running Windows 7 32bit.
  7. Hi all, I'm currently travelling around the world, using a hard-drive to store my photos. I'd been putting them on via internet cafes, virus scanning each computer before I used it. The one time I didn't do this, my hard drive picked up a nasty virus. It turned all my jpg.s into .exe files along with my folders. It also infected two of my memory cards that were plugged in at the time. I then rescanned the cards and the harddrive using a computer with ESET NOD 32 Anti Virus. It quarantined all the folders along with the jpg.s that were infected. The viruses found were Ramnit.F and D.Dorkbot. I'm now backing everything up onto a laptop I bought and I'm trying to recover the photos. The space on the hard drive is still occupied however I can't view the folders. Running command prompt and using attrib -s -h /s /d *.* hasn't worked. I get Access Denied - F:\System Volume Information As far as I can tell the hard-drive is now disinfected although it seems peculiar that I still can't access it. I've attached a MBAM full scan of the harddrive and dds. logs. I also suspect the copy of windows that came with the laptop isn't genuine, however I can't reinstall with my genuine copy until I get back in a couple months. Hopefully this won't be an issue. What should be my next step? dds.txt attach.txt mbam-log-2012-12-03 (13-50-41).txt
  8. Thanks very much for all the time an effort. It's really appreciated.
  9. Good, only weird thing is windows still thinks automatic updates is turned off but when I go to the control panel it's turned on. (This may be a double post but for some reason I can't see my previous one.
  10. Nothing seems particulary weird. Only noticeable thing is windows still things automatic updates are turned off but they're on in the control panel.
  11. Here is the log. Took barely any time. 2011/04/08 18:29:32.0796 3672 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28 2011/04/08 18:29:33.0015 3672 ================================================================================ 2011/04/08 18:29:33.0015 3672 SystemInfo: 2011/04/08 18:29:33.0015 3672 2011/04/08 18:29:33.0015 3672 OS Version: 5.1.2600 ServicePack: 3.0 2011/04/08 18:29:33.0015 3672 Product type: Workstation 2011/04/08 18:29:33.0015 3672 ComputerName: DOMS-MACHINE 2011/04/08 18:29:33.0015 3672 UserName: Dom 2011/04/08 18:29:33.0015 3672 Windows directory: C:\WINDOWS 2011/04/08 18:29:33.0015 3672 System windows directory: C:\WINDOWS 2011/04/08 18:29:33.0015 3672 Processor architecture: Intel x86 2011/04/08 18:29:33.0015 3672 Number of processors: 2 2011/04/08 18:29:33.0015 3672 Page size: 0x1000 2011/04/08 18:29:33.0015 3672 Boot type: Normal boot 2011/04/08 18:29:33.0015 3672 ================================================================================ 2011/04/08 18:29:33.0531 3672 Initialize success 2011/04/08 18:29:36.0031 2900 ================================================================================ 2011/04/08 18:29:36.0031 2900 Scan started 2011/04/08 18:29:36.0031 2900 Mode: Manual; 2011/04/08 18:29:36.0031 2900 ================================================================================ 2011/04/08 18:29:36.0500 2900 Aavmker4 (479c9835b91147be1a92cb76fad9c6de) C:\WINDOWS\system32\drivers\Aavmker4.sys 2011/04/08 18:29:36.0640 2900 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/04/08 18:29:36.0687 2900 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/04/08 18:29:36.0765 2900 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys 2011/04/08 18:29:36.0859 2900 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys 2011/04/08 18:29:36.0875 2900 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/04/08 18:29:36.0921 2900 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/04/08 18:29:36.0984 2900 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 2011/04/08 18:29:37.0062 2900 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/04/08 18:29:37.0125 2900 aswFsBlk (cba53c5e29ae0a0ce76f9a2be3a40d9e) C:\WINDOWS\system32\drivers\aswFsBlk.sys 2011/04/08 18:29:37.0187 2900 aswMon2 (a1c52b822b7b8a5c2162d38f579f97b7) C:\WINDOWS\system32\drivers\aswMon2.sys 2011/04/08 18:29:37.0187 2900 aswRdr (b6e8c5874377a42756c282fac2e20836) C:\WINDOWS\system32\drivers\aswRdr.sys 2011/04/08 18:29:37.0203 2900 aswSP (b93a553c9b0f14263c8f016a44c3258c) C:\WINDOWS\system32\drivers\aswSP.sys 2011/04/08 18:29:37.0234 2900 aswTdi (1408421505257846eb336feeef33352d) C:\WINDOWS\system32\drivers\aswTdi.sys 2011/04/08 18:29:37.0265 2900 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/04/08 18:29:37.0312 2900 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/04/08 18:29:37.0359 2900 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/04/08 18:29:37.0406 2900 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/04/08 18:29:37.0453 2900 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/04/08 18:29:37.0515 2900 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/04/08 18:29:37.0546 2900 CCDECODE (fdc06e2ada8c468ebb161624e03976cf) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2011/04/08 18:29:37.0578 2900 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/04/08 18:29:37.0609 2900 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/04/08 18:29:37.0656 2900 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/04/08 18:29:37.0781 2900 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/04/08 18:29:37.0828 2900 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/04/08 18:29:37.0890 2900 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/04/08 18:29:37.0890 2900 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/04/08 18:29:37.0953 2900 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/04/08 18:29:37.0968 2900 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/04/08 18:29:38.0046 2900 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/04/08 18:29:38.0109 2900 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/04/08 18:29:38.0125 2900 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/04/08 18:29:38.0156 2900 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/04/08 18:29:38.0203 2900 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2011/04/08 18:29:38.0250 2900 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/04/08 18:29:38.0265 2900 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/04/08 18:29:38.0312 2900 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 2011/04/08 18:29:38.0343 2900 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys 2011/04/08 18:29:38.0375 2900 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/04/08 18:29:38.0437 2900 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/04/08 18:29:38.0484 2900 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/04/08 18:29:38.0546 2900 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/04/08 18:29:38.0593 2900 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/04/08 18:29:38.0656 2900 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/04/08 18:29:38.0718 2900 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2011/04/08 18:29:38.0765 2900 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/04/08 18:29:38.0781 2900 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/04/08 18:29:38.0812 2900 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/04/08 18:29:38.0859 2900 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/04/08 18:29:38.0921 2900 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/04/08 18:29:38.0937 2900 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/04/08 18:29:38.0953 2900 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/04/08 18:29:38.0968 2900 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/04/08 18:29:39.0031 2900 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/04/08 18:29:39.0078 2900 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/04/08 18:29:39.0140 2900 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/04/08 18:29:39.0187 2900 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/04/08 18:29:39.0265 2900 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/04/08 18:29:39.0312 2900 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/04/08 18:29:39.0359 2900 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/04/08 18:29:39.0375 2900 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/04/08 18:29:39.0421 2900 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/04/08 18:29:39.0437 2900 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/04/08 18:29:39.0484 2900 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/04/08 18:29:39.0500 2900 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/04/08 18:29:39.0531 2900 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/04/08 18:29:39.0578 2900 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/04/08 18:29:39.0609 2900 MSTEE (d5059366b361f0e1124753447af08aa2) C:\WINDOWS\system32\drivers\MSTEE.sys 2011/04/08 18:29:39.0656 2900 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 2011/04/08 18:29:39.0687 2900 NABTSFEC (ac31b352ce5e92704056d409834beb74) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2011/04/08 18:29:39.0734 2900 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/04/08 18:29:39.0781 2900 NdisIP (abd7629cf2796250f315c1dd0b6cf7a0) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2011/04/08 18:29:39.0796 2900 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/04/08 18:29:39.0843 2900 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/04/08 18:29:39.0875 2900 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/04/08 18:29:39.0906 2900 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/04/08 18:29:39.0921 2900 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/04/08 18:29:39.0937 2900 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/04/08 18:29:39.0984 2900 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/04/08 18:29:40.0000 2900 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/04/08 18:29:40.0046 2900 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/04/08 18:29:40.0078 2900 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/04/08 18:29:40.0281 2900 nv (c4267be1fa6b5dfe5a7559f804e31cf5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/04/08 18:29:40.0515 2900 nvata (4d6c6b46b3edf6f2e219a86b61d104ae) C:\WINDOWS\system32\DRIVERS\nvata.sys 2011/04/08 18:29:40.0562 2900 NVENETFD (1b83b60541be1b6db81641c448007f21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 2011/04/08 18:29:40.0578 2900 nvnetbus (57b669f9234604a350174b86764444b0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 2011/04/08 18:29:40.0593 2900 NVTCP (c0e7437765a694328579c4674ef3ab20) C:\WINDOWS\system32\DRIVERS\NVTcp.sys 2011/04/08 18:29:40.0656 2900 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/04/08 18:29:40.0656 2900 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/04/08 18:29:40.0703 2900 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/04/08 18:29:40.0750 2900 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/04/08 18:29:40.0765 2900 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/04/08 18:29:40.0812 2900 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/04/08 18:29:40.0859 2900 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/04/08 18:29:40.0890 2900 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/04/08 18:29:40.0921 2900 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/04/08 18:29:41.0093 2900 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/04/08 18:29:41.0156 2900 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 2011/04/08 18:29:41.0187 2900 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/04/08 18:29:41.0250 2900 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/04/08 18:29:41.0390 2900 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/04/08 18:29:41.0421 2900 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/04/08 18:29:41.0437 2900 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/04/08 18:29:41.0468 2900 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/04/08 18:29:41.0500 2900 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/04/08 18:29:41.0515 2900 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/04/08 18:29:41.0593 2900 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/04/08 18:29:41.0625 2900 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/04/08 18:29:41.0671 2900 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/04/08 18:29:41.0750 2900 RTLWUSB (05552e37b5c0b53b7e4b95a850447e85) C:\WINDOWS\system32\DRIVERS\RTL8187.sys 2011/04/08 18:29:41.0812 2900 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/04/08 18:29:41.0859 2900 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys 2011/04/08 18:29:41.0906 2900 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/04/08 18:29:41.0921 2900 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/04/08 18:29:41.0937 2900 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/04/08 18:29:42.0000 2900 SI3132 (9604998d0c578608151b6e59266fcae1) C:\WINDOWS\system32\DRIVERS\SI3132.sys 2011/04/08 18:29:42.0015 2900 SiFilter (72cf151fb410e544904dbc7d7f29b796) C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys 2011/04/08 18:29:42.0078 2900 SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys 2011/04/08 18:29:42.0140 2900 SLIP (1ffc44d6787ec1ea9a2b1440a90fa5c1) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2011/04/08 18:29:42.0218 2900 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys 2011/04/08 18:29:42.0265 2900 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/04/08 18:29:42.0312 2900 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 2011/04/08 18:29:42.0312 2900 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 2011/04/08 18:29:42.0312 2900 sptd - detected Locked file (1) 2011/04/08 18:29:42.0343 2900 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/04/08 18:29:42.0421 2900 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/04/08 18:29:42.0484 2900 streamip (a9f9fd0212e572b84edb9eb661f6bc04) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2011/04/08 18:29:42.0531 2900 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/04/08 18:29:42.0578 2900 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/04/08 18:29:42.0625 2900 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/04/08 18:29:42.0687 2900 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/04/08 18:29:42.0718 2900 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/04/08 18:29:42.0734 2900 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/04/08 18:29:42.0781 2900 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/04/08 18:29:42.0875 2900 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/04/08 18:29:42.0953 2900 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/04/08 18:29:43.0031 2900 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/04/08 18:29:43.0078 2900 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/04/08 18:29:43.0093 2900 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/04/08 18:29:43.0125 2900 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/04/08 18:29:43.0140 2900 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 2011/04/08 18:29:43.0187 2900 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/04/08 18:29:43.0234 2900 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys 2011/04/08 18:29:43.0296 2900 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/04/08 18:29:43.0328 2900 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/04/08 18:29:43.0343 2900 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/04/08 18:29:43.0390 2900 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/04/08 18:29:43.0437 2900 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/04/08 18:29:43.0468 2900 WSTCODEC (233cdd1c06942115802eb7ce6669e099) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2011/04/08 18:29:43.0578 2900 ================================================================================ 2011/04/08 18:29:43.0578 2900 Scan finished 2011/04/08 18:29:43.0578 2900 ================================================================================ 2011/04/08 18:29:43.0593 2836 Detected object count: 1 2011/04/08 18:29:49.0093 2836 Locked file(sptd) - User select action: Skip
  12. Here we go. ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_USERS\S-1-5-21-2000478354-436374069-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. C:\Documents and Settings\Dom\Local Settings\Application Data\325cq8r6ceko405fg moved successfully. C:\Documents and Settings\All Users\Application Data\325cq8r6ceko405fg moved successfully. OTL by OldTimer - Version 3.2.22.3 log created on 04082011_181259
  13. Here's the MBAM log and I attached the two OTL files as it was less messy. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6311 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 08/04/2011 17:39:22 mbam-log-2011-04-08 (17-39-22).txt Scan type: Full scan (C:\|) Objects scanned: 234927 Time elapsed: 1 hour(s), 9 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) OTL.Txt Extras.Txt
  14. Also should be noted that windows security alerts are now turned off.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.