worm?

View previous topic View next topic Go down

worm?

Post by Lionspridde on Sun 16 Jan 2011, 6:57 pm

I think my computer has a worm. I left my computer on over night to find that my computer space decreased by 2gb. i have system restore disabled. help before this worm eats my computer!

Lionspridde

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-03-06
Operating System : Windows Vista

View user profile

Back to top Go down

Re: worm?

Post by Lionspridde on Sun 16 Jan 2011, 7:00 pm

by the way I don't need system restore because I have my system restore disks

Lionspridde

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-03-06
Operating System : Windows Vista

View user profile

Back to top Go down

Re: worm?

Post by Lionspridde on Sun 16 Jan 2011, 8:34 pm

bump

Lionspridde

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-03-06
Operating System : Windows Vista

View user profile

Back to top Go down

Re: worm?

Post by Belahzur on Mon 17 Jan 2011, 12:06 pm

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: worm?

Post by Lionspridde on Mon 17 Jan 2011, 10:02 pm

OTL logfile created on: 1/17/2011 5:44:35 AM - Run 2
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Layth\Desktop
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 45.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.58 Gb Total Space | 10.86 Gb Free Space | 14.96% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.74 Gb Free Space | 89.16% Space Free | Partition Type: NTFS
Drive G: | 550.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LAYTH-PC | User Name: Layth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/16 22:25:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Layth\Desktop\OTL.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/12/11 08:28:38 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/11 08:28:34 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/10/15 20:38:51 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/15 03:34:02 | 001,094,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/03/26 10:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/11/04 01:53:49 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/26 09:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/08/07 07:57:54 | 000,202,048 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2008/07/01 21:57:10 | 000,110,592 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
PRC - [2008/04/28 19:21:28 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
PRC - [2008/04/28 19:18:04 | 000,013,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
PRC - [2008/04/07 10:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/07/09 23:40:30 | 001,282,048 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/05/23 17:30:32 | 000,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007/02/13 15:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
PRC - [2007/02/06 01:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/16 22:25:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Layth\Desktop\OTL.exe
MOD - [2010/04/01 08:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2008/01/20 21:24:11 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MySQL)
SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/12/06 08:31:48 | 001,238,408 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/26 10:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/03/25 20:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2009/06/17 10:18:42 | 006,582,912 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/12/10 00:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)
SRV - [2008/08/26 09:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/08/07 07:57:54 | 000,202,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
SRV - [2008/07/01 21:57:10 | 000,110,592 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2008/04/28 19:21:28 | 000,144,704 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield)
SRV - [2008/04/28 19:18:04 | 000,013,632 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer)
SRV - [2008/04/07 10:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/01/20 21:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/23 17:30:32 | 000,841,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2007/02/13 15:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service)
SRV - [2007/02/06 01:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)


========== Driver Services (SafeList) ==========

DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/09/04 16:24:01 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/04/12 03:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010/03/25 20:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/02/24 17:18:49 | 000,464,384 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/02/20 19:04:38 | 000,195,456 | R--- | M] (Symantec Corp.) [File_System | System | Running] -- C:\Windows\System32\drivers\fslx.sys -- (FSLX)
DRV - [2009/02/13 18:50:34 | 004,385,280 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/10/29 10:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/07/18 19:46:46 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BASFND.sys -- (BASFND)
DRV - [2008/07/10 01:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/06/25 11:39:42 | 000,212,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/05/28 13:16:38 | 000,075,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2008/05/07 15:29:32 | 000,120,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/28 19:25:00 | 000,055,112 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/04/28 19:23:22 | 000,034,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeRKDK.sys -- (MfeRKDK)
DRV - [2008/04/28 19:22:44 | 000,205,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/04/28 19:22:18 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MfeBOPK.sys -- (MfeBOPK)
DRV - [2008/04/28 19:22:10 | 000,079,560 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MfeAVFK.sys -- (MfeAVFK)
DRV - [2008/01/20 21:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2008/01/20 21:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/03 06:19:08 | 000,170,000 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
DRV - [2007/07/10 05:25:38 | 000,347,648 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/06/29 17:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/30 05:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\atipcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.035
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.105
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:4.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.9.1.14019
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=UT2V5&o=15150&locale=en_US&apn_uid=5F92F0A3-AEF1-43F5-A65D-8B9DC8872571&apn_ptnrs=UF&apn_sauid=E8DADCF0-6EEF-4429-96AF-440C57576BFC&apn_dtid=YYYYYYYYUS&q="

FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.15\extensions\\Components: C:\Program Files\Virtual Firefox\components [2009/11/03 23:16:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.15\extensions\\Plugins: C:\Program Files\Virtual Firefox\plugins [2009/11/03 23:16:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/04 17:06:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/01/11 23:01:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 08:28:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 08:28:45 | 000,000,000 | ---D | M]

[2010/03/04 19:59:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Layth\AppData\Roaming\Mozilla\Extensions
[2011/01/16 02:54:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Layth\AppData\Roaming\Mozilla\Firefox\Profiles\1xms9nxb.default\extensions
[2010/09/04 16:58:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Layth\AppData\Roaming\Mozilla\Firefox\Profiles\1xms9nxb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/04 13:35:03 | 000,000,000 | ---D | M] () -- C:\Users\Layth\AppData\Roaming\Mozilla\Firefox\Profiles\1xms9nxb.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2010/11/05 16:21:24 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Layth\AppData\Roaming\Mozilla\Firefox\Profiles\1xms9nxb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/22 16:51:57 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Layth\AppData\Roaming\Mozilla\Firefox\Profiles\1xms9nxb.default\extensions\illimitux@illimitux.net
[2010/10/29 17:00:33 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Layth\AppData\Roaming\Mozilla\Firefox\Profiles\1xms9nxb.default\extensions\toolbar@ask.com
[2010/11/05 16:21:28 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Users\Layth\AppData\Roaming\Mozilla\Firefox\Profiles\1xms9nxb.default\extensions\unplug@compunach
[2011/01/17 02:45:04 | 000,002,397 | ---- | M] () -- C:\Users\Layth\AppData\Roaming\Mozilla\Firefox\Profiles\1xms9nxb.default\searchplugins\askcom.xml
[2010/10/08 06:17:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/01 14:01:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/03/04 17:06:22 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2011/01/11 23:01:07 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2010/04/12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/04 20:09:05 | 000,002,024 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cacaoweb] C:\Users\Layth\AppData\Roaming\cacaoweb\cacaoweb.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.0.387.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Layth\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Layth\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/07/05 10:05:52 | 001,019,904 | R--- | M] (Microsoft Corporation) - G:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/05/18 10:59:05 | 000,000,228 | R--- | M] () - G:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/16 22:25:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Layth\Desktop\OTL.exe
[2011/01/16 10:42:35 | 000,000,000 | ---D | C] -- C:\Users\Layth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2011/01/16 00:24:15 | 000,000,000 | ---D | C] -- C:\Users\Layth\AppData\Roaming\.minecraft
[2011/01/14 21:33:48 | 000,000,000 | ---D | C] -- C:\Akmin Folder
[2011/01/14 21:26:07 | 000,000,000 | ---D | C] -- C:\RecipeMaker
[2011/01/14 21:26:06 | 000,000,000 | ---D | C] -- C:\Users\Layth\Desktop\Minecraft Recipe Creator
[2011/01/14 21:12:52 | 000,000,000 | ---D | C] -- C:\Users\Layth\Documents\mcregion_v5_server_1.2_01
[2011/01/12 18:05:29 | 000,000,000 | ---D | C] -- C:\Users\Layth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fable TLC Application Suite
[2011/01/12 18:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fable TLC Application Suite
[2011/01/12 17:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Albion Explorer
[2011/01/12 17:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\FableTLCMod
[2011/01/11 13:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
[2011/01/11 13:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\PowerISO
[2011/01/11 13:53:15 | 000,000,000 | ---D | C] -- C:\Users\Layth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011/01/11 13:53:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011/01/11 13:53:08 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010/12/30 13:35:35 | 000,000,000 | ---D | C] -- C:\Program Files\BreakPoint Software
[2010/12/30 13:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hex Workshop v6
[2010/12/27 09:33:06 | 000,000,000 | ---D | C] -- C:\Users\Layth\AppData\Local\LogMeIn Hamachi
[2010/12/27 09:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2010/12/27 09:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/12/21 01:31:33 | 000,000,000 | ---D | C] -- C:\Users\Layth\Documents\RSBot
[1 C:\Users\Layth\*.tmp files -> C:\Users\Layth\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/17 05:46:42 | 000,009,577 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2011/01/17 05:46:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/17 05:34:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2004106930-1308426128-469573354-1001UA.job
[2011/01/17 04:27:24 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/17 04:27:24 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/16 23:55:19 | 002,533,826 | ---- | M] () -- C:\Users\Layth\Desktop\World2.rar
[2011/01/16 22:25:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Layth\Desktop\OTL.exe
[2011/01/16 21:46:07 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/16 16:34:03 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2004106930-1308426128-469573354-1001Core.job
[2011/01/16 10:42:35 | 000,000,524 | ---- | M] () -- C:\Users\Layth\Desktop\Fraps.lnk
[2011/01/14 22:12:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/12 00:08:48 | 000,003,120 | ---- | M] () -- C:\Windows\f96ac0e5-19d2-42c5-8f68-eb7a99861769.ocx
[2011/01/12 00:08:48 | 000,003,120 | ---- | M] () -- C:\Windows\System32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
[2011/01/11 14:20:49 | 000,705,216 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/11 14:20:49 | 000,142,558 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/11 13:57:14 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/01/11 13:53:15 | 000,002,008 | ---- | M] () -- C:\Users\Layth\Desktop\Fable - The Lost Chapters.lnk
[2011/01/11 10:02:36 | 608,446,464 | ---- | M] () -- C:\Users\Layth\Documents\Fable Disk 4.iso
[2011/01/11 10:02:36 | 577,296,384 | ---- | M] () -- C:\Users\Layth\Documents\Fable Disk 1.iso
[2011/01/11 10:02:05 | 485,941,248 | ---- | M] () -- C:\Users\Layth\Documents\Fable Disk 3.iso
[2011/01/11 10:02:00 | 646,782,976 | ---- | M] () -- C:\Users\Layth\Documents\Fable Disk 2.iso
[2011/01/08 01:28:11 | 000,000,117 | ---- | M] () -- C:\Users\Layth\jagex_runescape_preferences2.dat
[2011/01/08 01:21:32 | 000,000,046 | ---- | M] () -- C:\Users\Layth\jagex_runescape_preferences.dat
[2010/12/30 13:35:43 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Hex Workshop Hex Editor.lnk
[2010/12/27 09:26:59 | 000,000,804 | ---- | M] () -- C:\Users\Layth\Desktop\HeidiSQL.lnk
[2010/12/21 01:36:49 | 000,000,000 | ---- | M] () -- C:\Users\Layth\AppData\Roaming\RSBot_Accounts.ini
[2010/12/20 21:12:08 | 000,001,062 | ---- | M] () -- C:\Users\Layth\Desktop\Play Roblox.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Users\Layth\*.tmp files -> C:\Users\Layth\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/16 23:53:25 | 002,533,826 | ---- | C] () -- C:\Users\Layth\Desktop\World2.rar
[2011/01/16 10:42:35 | 000,000,524 | ---- | C] () -- C:\Users\Layth\Desktop\Fraps.lnk
[2011/01/12 00:08:48 | 000,003,120 | ---- | C] () -- C:\Windows\f96ac0e5-19d2-42c5-8f68-eb7a99861769.ocx
[2011/01/12 00:08:48 | 000,003,120 | ---- | C] () -- C:\Windows\System32\2d2ca2ce-704a-428c-8cbe-0736b29190aa.dll
[2011/01/11 13:57:14 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\PowerISO.lnk
[2011/01/11 13:53:15 | 000,002,008 | ---- | C] () -- C:\Users\Layth\Desktop\Fable - The Lost Chapters.lnk
[2011/01/05 14:30:33 | 608,446,464 | ---- | C] () -- C:\Users\Layth\Documents\Fable Disk 4.iso
[2011/01/05 14:30:23 | 577,296,384 | ---- | C] () -- C:\Users\Layth\Documents\Fable Disk 1.iso
[2011/01/05 14:29:31 | 485,941,248 | ---- | C] () -- C:\Users\Layth\Documents\Fable Disk 3.iso
[2011/01/05 14:29:12 | 646,782,976 | ---- | C] () -- C:\Users\Layth\Documents\Fable Disk 2.iso
[2010/12/30 13:35:43 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Hex Workshop Hex Editor.lnk
[2010/12/27 09:26:59 | 000,000,804 | ---- | C] () -- C:\Users\Layth\Desktop\HeidiSQL.lnk
[2010/12/21 01:35:59 | 000,000,000 | ---- | C] () -- C:\Users\Layth\AppData\Roaming\RSBot_Accounts.ini
[2010/12/20 21:12:08 | 000,001,062 | ---- | C] () -- C:\Users\Layth\Desktop\Play Roblox.lnk
[2010/09/28 19:28:27 | 000,000,091 | ---- | C] () -- C:\Users\Layth\AppData\Roaming\RSBot Accounts.ini
[2010/09/06 15:55:18 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/09/04 16:24:00 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/09/04 16:19:32 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010/08/16 05:40:35 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010/04/07 19:38:06 | 000,202,382 | ---- | C] () -- C:\Users\Layth\AppData\Local\debuggee.mdmp
[2010/03/22 17:12:33 | 000,001,407 | ---- | C] () -- C:\Windows\disney.ini
[2009/11/17 07:47:25 | 000,000,680 | ---- | C] () -- C:\Users\Layth\AppData\Local\d3d9caps.dat
[2009/11/09 03:43:51 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2009/11/05 02:54:39 | 000,030,208 | ---- | C] () -- C:\Users\Layth\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/04 01:42:01 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/07/08 20:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Files - Unicode (All) ==========
[2010/12/02 08:00:46 | 000,000,000 | ---D | M](C:\Users\Layth\Documents\?? ???) -- C:\Users\Layth\Documents\넥슨 플러그
[2010/12/02 08:00:46 | 000,000,000 | ---D | C](C:\Users\Layth\Documents\?? ???) -- C:\Users\Layth\Documents\넥슨 플러그

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E36F5B57

< End of report >

I didn't get the extra.txt but on my 1st scan I did, I did 2 scans because I accidently ran the 1st one from my download folder, but i will post the 1st scan extra.txt anyways.

Lionspridde

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-03-06
Operating System : Windows Vista

View user profile

Back to top Go down

Re: worm?

Post by Lionspridde on Mon 17 Jan 2011, 10:02 pm

OTL Extras logfile created on: 1/16/2011 10:26:37 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Layth\Downloads
Windows Vista Business Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 72.58 Gb Total Space | 10.16 Gb Free Space | 14.00% Space Free | Partition Type: NTFS
Drive D: | 1.95 Gb Total Space | 1.74 Gb Free Space | 89.16% Space Free | Partition Type: NTFS
Drive G: | 550.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: LAYTH-PC | User Name: Layth | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{199786F6-EC2B-4F75-868C-79593D3EF393}" = lport=4000 | protocol=6 | dir=in | name=blizzard |
"{2F7C3500-408E-452F-BE0E-7EA8A7134AA7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31D4A356-E975-45F9-BBD1-39BC092DC07F}" = lport=62560 | protocol=6 | dir=in | name=akamai netsession interface |
"{3A4A58B0-FE22-4859-8437-FA17C22C2BB4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3DA6DAD5-EF64-4E91-9DDD-083CDD4AF601}" = lport=56736 | protocol=17 | dir=in | name=pando media booster |
"{3E6AD4D2-EC2E-4E41-8514-AAD9987C56F0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{3E914C72-4991-4593-A238-711E70CC96A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{445767DB-55A3-4A68-80BC-7028E05A4924}" = lport=56736 | protocol=17 | dir=in | name=pando media booster |
"{5ED3FCF5-C7FB-4FFF-9018-2E3B7BF35E36}" = lport=3306 | protocol=6 | dir=in | name=root |
"{63B0853C-D0CD-4BF0-8112-6927A4BBC152}" = lport=3724 | protocol=6 | dir=in | name=blizzard download |
"{65013923-0D8A-4BE2-B649-7E9A7646031B}" = lport=6113 | protocol=6 | dir=in | name=blizzard |
"{68333D97-1943-4DCC-8F7A-E8C77C763B4A}" = lport=56736 | protocol=6 | dir=in | name=pando media booster |
"{69BC4F93-E38D-41F5-9FD1-D95B4887B857}" = lport=6881 | protocol=6 | dir=in | name=blizzard |
"{77555741-F41C-4B01-B893-30D41C0963ED}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{782E71F7-DAD6-4750-A122-56BA68E0025A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{809E9809-F7AB-411F-BB1F-3CAAE3A0A886}" = lport=56736 | protocol=6 | dir=in | name=pando media booster |
"{8E22EEA8-AF94-4BAB-A99B-F6C9471012C6}" = lport=6114 | protocol=6 | dir=in | name=blizzard |
"{A34814BD-E6C1-435D-9860-AF5C0428660B}" = lport=6999 | protocol=6 | dir=in | name=blizzard |
"{ADEBC38D-698C-487C-A56D-727FE5E586B8}" = lport=57533 | protocol=17 | dir=in | name=pando media booster |
"{C5F2BF18-CCC3-46EF-9E97-FDDF215FE1A7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D6AB01C5-948C-4B2E-AA2D-FF935AA42CC4}" = lport=6112 | protocol=6 | dir=in | name=blizzard downloader |
"{D833B4C7-0A37-4168-A4B3-36FB09F44407}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{DD26CAB9-D5EB-4DEA-9B82-7F53E5EC4886}" = lport=57533 | protocol=6 | dir=in | name=pando media booster |
"{F02807CD-6CD9-4C59-B5AA-ED938DBB8A9C}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08657A31-76D5-441F-8D6C-5B7A474D800B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{0A4E636B-444D-42D0-BAD2-64DDAA3ACC8C}" = protocol=6 | dir=in | app=c:\users\layth\appdata\local\temp\blizzard installer bootstrap - 2edcb003\installer.exe |
"{12CC737E-CC8E-4201-A797-C985B4843831}" = protocol=17 | dir=in | app=c:\users\layth\appdata\local\temp\blizzard installer bootstrap - 2edcb003\installer.exe |
"{190DC311-E631-4BA6-A30A-9D5E8F6C1F2C}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-enus-downloader.exe |
"{1B9BBE4F-21CB-4F65-BA87-88FD04AAEF06}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{220D8830-3D42-47D9-B002-2E239B9A985B}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{323B292D-7525-4C5C-B1E1-6C30B0AFB717}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{37B26234-1AF0-402B-A6F6-693DFD655FF3}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{37C3ECD8-15D3-48CF-863E-5487002309A7}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{3F424837-3347-437B-9525-405EF1213BEC}" = protocol=6 | dir=in | app=c:\program files\ogplanet\lostsaga\autoupgrade.exe |
"{4806B6DD-B304-47B6-AE89-C0D66AE1E1A8}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0.10192-to-3.3.0.10958-enus-downloader.exe |
"{49748A29-0381-45E6-8D1E-1A7832A9BCB6}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{4BE9CD75-40FB-4171-8914-E34F99A111EC}" = protocol=6 | dir=in | app=c:\program files\ogplanet\lostsaga\lostsaga.exe |
"{50D3C986-96D3-4AFA-BDD3-9D489793F474}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{5AB2FDA7-A3DF-471F-8A6C-145CD595E512}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{61FE43CE-5722-4F9B-9F21-4C5C6AE80604}" = protocol=6 | dir=in | app=c:\users\layth\desktop\mangos\mangosd.exe |
"{631862F4-C2B1-4173-A535-C915852826B9}" = protocol=17 | dir=in | app=c:\users\layth\documents\[repack] lord kings test\server\apache\bin\httpd.exe |
"{671C3AD6-1DAB-43C1-B10D-03E5F81328A5}" = protocol=17 | dir=in | app=c:\nexon\combat arms\combatarms_direct.exe |
"{7A1E81D5-EE4D-4F57-BE09-C4382C4D91FF}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{7D34BC76-5390-4F8F-A68A-05B3C1EE46D1}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{7FA0B620-0E75-4FD0-8F09-CB6B5891F8E1}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{82217C06-895C-481A-BBAA-804C70E48883}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{96CCF445-E2CE-4C1C-BCA9-7C075224534D}" = protocol=17 | dir=in | app=c:\program files\z8games\crossfire\patcher_cf.exe |
"{9BA424FF-E8F8-461B-99E8-256E21F626E9}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9CD74B89-231E-4B30-901E-542B46E060DB}" = protocol=6 | dir=in | app=c:\program files\z8games\crossfire\cf_g4box.exe |
"{9F894A12-9C52-41D6-87D5-36CA70BF9089}" = protocol=6 | dir=in | app=c:\users\layth\documents\[repack] lord kings test\server\apache\bin\apache.exe |
"{A3F9444A-255B-4A8A-B7E5-BADED4108624}" = protocol=17 | dir=in | app=c:\program files\ogplanet\lostsaga\lostsaga.exe |
"{AF933BA6-3CE3-404C-9612-9D0E6D54C9B9}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B0440636-B374-4BC1-96D2-6C59845B6C15}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B13848C7-3526-424F-A8B9-603664AEE2C6}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{B4318884-F988-446C-B01E-E555B35926E8}" = protocol=17 | dir=in | app=c:\program files\z8games\crossfire2\cf_g4box.exe |
"{B9BAC13A-2682-48C5-8C28-D9D8C6D89069}" = protocol=17 | dir=in | app=c:\program files\ogplanet\lostsaga\autoupgrade.exe |
"{BF44C59F-2109-4122-AEF1-938D585AF8EA}" = protocol=17 | dir=in | app=c:\users\layth\documents\[repack] lord kings test\server\apache\bin\apache.exe |
"{C2C6301F-E946-4A0C-9C4D-F3B69ED98DAE}" = protocol=6 | dir=in | app=c:\program files\z8games\crossfire2\cf_g4box.exe |
"{C4EC9F24-B2AF-4C38-ACC4-80D907139063}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{C7875915-AE94-492D-9116-7085F3D2E58A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D573B435-EFB8-461B-83F7-DD08419D2335}" = protocol=6 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
"{D668FB3B-9456-4350-8606-5BE3F2CCFE81}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{D7AEC7E6-375B-4B9D-BD0D-F735CCA13E5F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D94092B5-1C78-4B16-A0CC-10F0865D808C}" = protocol=17 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
"{DAC1ADDC-725C-49C0-9D63-5855753273A8}" = protocol=17 | dir=in | app=c:\program files\z8games\crossfire\cf_g4box.exe |
"{E8B1DADA-435C-4C59-B560-32347C8FE2CC}" = protocol=17 | dir=in | app=c:\users\layth\desktop\mangos\mangosd.exe |
"{F254A757-0807-4F2B-A535-4AC77BA691A5}" = protocol=6 | dir=in | app=c:\nexon\combat arms\combatarms_direct.exe |
"{FA91C787-71EC-4D2B-A5F5-E849E8851E41}" = protocol=6 | dir=in | app=c:\users\layth\documents\[repack] lord kings test\server\apache\bin\httpd.exe |
"{FCDA7E6C-1938-44C6-8747-B6D7EAFDE0E4}" = protocol=6 | dir=in | app=c:\program files\z8games\crossfire\patcher_cf.exe |
"TCP Query User{06CCDF2C-CE68-43F7-9901-2B91202C95F6}C:\users\layth\appdata\local\roblox\versions\version-38688219c12c4bc8\robloxapp.exe" = protocol=6 | dir=in | app=c:\users\layth\appdata\local\roblox\versions\version-38688219c12c4bc8\robloxapp.exe |
"TCP Query User{098370D2-E284-477D-8000-1C95B21ACBBE}C:\users\layth\appdata\local\roblox\versions\version-acfd835c29bc48bb\robloxapp.exe" = protocol=6 | dir=in | app=c:\users\layth\appdata\local\roblox\versions\version-acfd835c29bc48bb\robloxapp.exe |
"TCP Query User{0A98896D-23A7-431E-B6DB-B917677EB46C}C:\users\layth\desktop\fusion arcemu 3.2.2\arcemu\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\layth\desktop\fusion arcemu 3.2.2\arcemu\arcemu-world.exe |
"TCP Query User{0B0D4E8A-5E3E-4F3B-B79F-19E2BE6F1D06}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{1DBFBEF1-09B5-4037-B1CA-5FE16DE63136}C:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 1\arcemu-world.exe" = protocol=6 | dir=in | app=c:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 1\arcemu-world.exe |
"TCP Query User{1E1CB47F-49FB-4AD4-935D-4C5003EDD5C6}C:\users\layth\desktop\fusion arcemu 3.2.2\server\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\users\layth\desktop\fusion arcemu 3.2.2\server\mysql\bin\mysqld.exe |
"TCP Query User{241B4693-684C-45DB-96B6-E1693E2DD4AA}C:\users\layth\downloads\wowclient-downloader.exe" = protocol=6 | dir=in | app=c:\users\layth\downloads\wowclient-downloader.exe |
"TCP Query User{24D1B59D-BB29-4D8A-A53B-330018BF62D1}C:\fusion arcemu 3.2.2\server\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=c:\fusion arcemu 3.2.2\server\mysql\bin\mysqld-nt.exe |
"TCP Query User{25D696DE-F29D-4B5E-B10F-9E16737FA42D}C:\program files\garena\garena.exe" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe |
"TCP Query User{27753330-FB89-4478-B896-F3D7258F7E1A}C:\users\layth\appdata\local\roblox\versions\version-5721a319bf474443\robloxapp.exe" = protocol=6 | dir=in | app=c:\users\layth\appdata\local\roblox\versions\version-5721a319bf474443\robloxapp.exe |
"TCP Query User{3666CFC2-AB1D-4F0B-A43E-D0778A9B2088}C:\users\layth\appdata\local\roblox\versions\version-b5dc796702a14251\robloxapp.exe" = protocol=6 | dir=in | app=c:\users\layth\appdata\local\roblox\versions\version-b5dc796702a14251\robloxapp.exe |
"TCP Query User{3713930F-4CC7-40C7-8773-FA7412C765B1}C:\users\layth\downloads\private server\arcemu\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\layth\downloads\private server\arcemu\arcemu-world.exe |
"TCP Query User{38E9ECC7-37D6-43C1-885F-EE243F7970AE}C:\fusion arcemu 3.2.2\arcemu\arcemu-world.exe" = protocol=6 | dir=in | app=c:\fusion arcemu 3.2.2\arcemu\arcemu-world.exe |
"TCP Query User{4855784A-E06F-458A-9FFB-0B07CBEB8CBF}C:\nexon\combat arms\engine.exe" = protocol=6 | dir=in | app=c:\nexon\combat arms\engine.exe |
"TCP Query User{552C8C0F-6B0B-45FE-A9B4-7A029F6BFAC9}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"TCP Query User{56AD5189-8A2D-436C-B8EB-DD9611B3769A}C:\users\layth\downloads\arcemu 3.3.3a\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\layth\downloads\arcemu 3.3.3a\arcemu\arcemu-logonserver.exe |
"TCP Query User{5D118BF6-7C93-46B7-AC34-EDC7AEB1A060}C:\users\public\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\users\public\games\warcraft iii\war3.exe |
"TCP Query User{60DCE796-6019-471F-8492-F01B9083E2DE}C:\fusion arcemu 3.2.2\server\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\fusion arcemu 3.2.2\server\mysql\bin\mysqld.exe |
"TCP Query User{701B103E-5591-4720-BCBE-5BFF384AA756}C:\users\layth\desktop\fusion arcemu 3.2.2\server\apache\bin\apache.exe" = protocol=6 | dir=in | app=c:\users\layth\desktop\fusion arcemu 3.2.2\server\apache\bin\apache.exe |
"TCP Query User{7337CCB0-35F9-4DA9-B8A9-92C79B676376}C:\users\layth\desktop\fusion arcemu 3.2.2\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\layth\desktop\fusion arcemu 3.2.2\arcemu\arcemu-logonserver.exe |
"TCP Query User{747BCC94-8954-452B-B3A9-D9F4E0C23611}C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" = protocol=6 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
"TCP Query User{78F98744-2F84-44F4-A65A-FFC54EFBA1A6}C:\users\layth\documents\[repack] lord kings test\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\layth\documents\[repack] lord kings test\arcemu\arcemu-logonserver.exe |
"TCP Query User{7EE2F6DA-C387-425E-90F1-E737DE39FE4D}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{8FAB0E2C-B38D-4C02-82B0-DB49B050D2A1}C:\nexon\vindictus\en-us\nmservice.exe" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"TCP Query User{9196FA07-4FC2-463E-9464-A425461C4463}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{980354DD-0F15-493D-9F85-00B2982BAA19}C:\users\layth\downloads\private server\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\layth\downloads\private server\arcemu\arcemu-logonserver.exe |
"TCP Query User{BEAADB14-551E-4590-98D1-F1AA65E443CC}C:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 1\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 1\arcemu-logonserver.exe |
"TCP Query User{C3695865-E999-4C06-AF5E-91FFF8376A5A}C:\users\layth\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=6 | dir=in | app=c:\users\layth\appdata\roaming\cacaoweb\cacaoweb.exe |
"TCP Query User{CEF2B56F-03E7-4703-9910-0662FDF8A71C}C:\users\layth\desktop\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\layth\desktop\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-logonserver.exe |
"TCP Query User{D48EF89C-8593-4766-8EFC-6C6C8591F069}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{D5F0766E-FF70-415C-8E6C-54A434B97F3E}C:\fusion arcemu 3.2.2\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\fusion arcemu 3.2.2\arcemu\arcemu-logonserver.exe |
"TCP Query User{D9F3200F-D9CB-4014-B196-0E737D6B9B2F}C:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-world.exe" = protocol=6 | dir=in | app=c:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-world.exe |
"TCP Query User{E360FBC3-C699-4637-BE50-5D35EB6F0C1E}C:\users\layth\documents\[repack] lord kings test\arcemu\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\layth\documents\[repack] lord kings test\arcemu\arcemu-world.exe |
"TCP Query User{E8384436-4A33-46A0-9EE1-0C37132F34BD}C:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-logonserver.exe |
"TCP Query User{EB739A70-E162-4E28-8192-174972298B8A}C:\program files\microsoft games\halo trial\halo.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\halo trial\halo.exe |
"TCP Query User{F000389C-CBF8-439F-BB88-8C47D7825C3F}C:\users\layth\downloads\repack\arcemu\arcemu-logonserver.exe" = protocol=6 | dir=in | app=c:\users\layth\downloads\repack\arcemu\arcemu-logonserver.exe |
"TCP Query User{F32D899E-E90E-487C-AF62-5135955BB1D2}C:\users\layth\desktop\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-world.exe" = protocol=6 | dir=in | app=c:\users\layth\desktop\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-world.exe |
"TCP Query User{FB0D8466-D542-4B37-ACDD-79666457D97B}C:\users\layth\downloads\remote desktop server\remote desktop server\bin\windowsapplication2.vshost.exe" = protocol=6 | dir=in | app=c:\users\layth\downloads\remote desktop server\remote desktop server\bin\windowsapplication2.vshost.exe |
"UDP Query User{044E4480-D89C-4AFD-AC6E-08BF24351131}C:\users\layth\desktop\fusion arcemu 3.2.2\server\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\users\layth\desktop\fusion arcemu 3.2.2\server\mysql\bin\mysqld.exe |
"UDP Query User{09E7F0F8-D38C-4F90-8563-B9EDCF47C2A7}C:\users\layth\downloads\private server\arcemu\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\layth\downloads\private server\arcemu\arcemu-world.exe |
"UDP Query User{0AA9826D-89F5-4CC6-9D17-C0EFF4EA5803}C:\users\layth\appdata\local\roblox\versions\version-acfd835c29bc48bb\robloxapp.exe" = protocol=17 | dir=in | app=c:\users\layth\appdata\local\roblox\versions\version-acfd835c29bc48bb\robloxapp.exe |
"UDP Query User{0B56DFCE-8174-443A-BE60-31AC25C41DA8}C:\users\layth\appdata\local\roblox\versions\version-5721a319bf474443\robloxapp.exe" = protocol=17 | dir=in | app=c:\users\layth\appdata\local\roblox\versions\version-5721a319bf474443\robloxapp.exe |
"UDP Query User{185A28D7-2120-43FB-BBA5-2A2D608F18AF}C:\users\layth\desktop\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\layth\desktop\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-world.exe |
"UDP Query User{21B10019-2224-4110-B69C-A452B4AD82F1}C:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 1\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 1\arcemu-logonserver.exe |
"UDP Query User{2EB79173-F35E-459C-A44A-B71D52CE2329}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{31ADECBC-4D67-4107-89B1-04FF8A9041A8}C:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 1\arcemu-world.exe" = protocol=17 | dir=in | app=c:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 1\arcemu-world.exe |
"UDP Query User{3CEE38E3-1E1E-4C6D-90A0-E60245CD5A3C}C:\users\layth\downloads\private server\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\layth\downloads\private server\arcemu\arcemu-logonserver.exe |
"UDP Query User{3CFA06CC-6A46-4EAC-89DB-05FDD0F79D61}C:\nexon\combat arms\engine.exe" = protocol=17 | dir=in | app=c:\nexon\combat arms\engine.exe |
"UDP Query User{51F1BEC1-6992-4C3D-BA91-4AB22B45A600}C:\users\layth\appdata\local\roblox\versions\version-b5dc796702a14251\robloxapp.exe" = protocol=17 | dir=in | app=c:\users\layth\appdata\local\roblox\versions\version-b5dc796702a14251\robloxapp.exe |
"UDP Query User{59D37322-7EB4-4E48-9416-70B2513F10A2}C:\fusion arcemu 3.2.2\arcemu\arcemu-world.exe" = protocol=17 | dir=in | app=c:\fusion arcemu 3.2.2\arcemu\arcemu-world.exe |
"UDP Query User{6009CAAF-C1EA-4D71-A29D-A6DB16F35D47}C:\users\layth\documents\[repack] lord kings test\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\layth\documents\[repack] lord kings test\arcemu\arcemu-logonserver.exe |
"UDP Query User{61A3117F-DEBA-465C-8A65-055ACF93E6F3}C:\fusion arcemu 3.2.2\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\fusion arcemu 3.2.2\arcemu\arcemu-logonserver.exe |
"UDP Query User{61D479C4-459F-4E58-A42C-FF140C9E7262}C:\users\layth\desktop\fusion arcemu 3.2.2\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\layth\desktop\fusion arcemu 3.2.2\arcemu\arcemu-logonserver.exe |
"UDP Query User{634C6EA4-1407-4E22-A373-8FBE1581798A}C:\users\layth\appdata\roaming\cacaoweb\cacaoweb.exe" = protocol=17 | dir=in | app=c:\users\layth\appdata\roaming\cacaoweb\cacaoweb.exe |
"UDP Query User{8542700C-207E-455F-83BF-5E7956AA9FDC}C:\users\public\games\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\backgrounddownloader.exe |
"UDP Query User{97696BAF-70A6-47A9-84CA-61C674103C60}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{9AFF9062-ED3C-4290-9633-00790782C03A}C:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-world.exe" = protocol=17 | dir=in | app=c:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-world.exe |
"UDP Query User{AADCD53E-5F42-40C9-931B-FAC2FE6DD1AF}C:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\program files\disney\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-logonserver.exe |
"UDP Query User{AB923CD2-9052-4372-8CD9-E505EC3C2DF3}C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe" = protocol=17 | dir=in | app=c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe |
"UDP Query User{ABE7C68B-8EB7-42B7-B177-E79F893183CE}C:\nexon\vindictus\en-us\nmservice.exe" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"UDP Query User{B36D8AE2-7C40-4DF3-B582-0A8FDB3E6FE6}C:\users\layth\appdata\local\roblox\versions\version-38688219c12c4bc8\robloxapp.exe" = protocol=17 | dir=in | app=c:\users\layth\appdata\local\roblox\versions\version-38688219c12c4bc8\robloxapp.exe |
"UDP Query User{B9D2AEEC-FFDD-4735-9D40-9082D634CA4C}C:\users\layth\desktop\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\layth\desktop\atree arcemu 3.3.a 11159 & 11403x2\arcemu 2\arcemu-logonserver.exe |
"UDP Query User{C591E7EC-5885-454E-9572-DEE2EA0054EE}C:\users\layth\downloads\wowclient-downloader.exe" = protocol=17 | dir=in | app=c:\users\layth\downloads\wowclient-downloader.exe |
"UDP Query User{C5F0FC71-9E27-4B72-ACAE-6B68F0F7C111}C:\fusion arcemu 3.2.2\server\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\fusion arcemu 3.2.2\server\mysql\bin\mysqld.exe |
"UDP Query User{C9BA414E-9748-4E35-8017-344C5D7B799F}C:\users\layth\downloads\remote desktop server\remote desktop server\bin\windowsapplication2.vshost.exe" = protocol=17 | dir=in | app=c:\users\layth\downloads\remote desktop server\remote desktop server\bin\windowsapplication2.vshost.exe |
"UDP Query User{CAE7FEED-C5FC-41B8-9710-2786D8B62D88}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{D6F538AC-8471-49BC-8218-528388529211}C:\users\layth\documents\[repack] lord kings test\arcemu\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\layth\documents\[repack] lord kings test\arcemu\arcemu-world.exe |
"UDP Query User{D84B28BD-AAE0-45B9-9A33-37AD73419708}C:\users\layth\desktop\fusion arcemu 3.2.2\arcemu\arcemu-world.exe" = protocol=17 | dir=in | app=c:\users\layth\desktop\fusion arcemu 3.2.2\arcemu\arcemu-world.exe |
"UDP Query User{DD1897DC-A9E0-4C18-BAD9-2EF99D5BA749}C:\users\layth\desktop\fusion arcemu 3.2.2\server\apache\bin\apache.exe" = protocol=17 | dir=in | app=c:\users\layth\desktop\fusion arcemu 3.2.2\server\apache\bin\apache.exe |
"UDP Query User{DE95C3F8-1B6D-4D1F-B57B-EBAE10B214B9}C:\users\layth\downloads\arcemu 3.3.3a\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\layth\downloads\arcemu 3.3.3a\arcemu\arcemu-logonserver.exe |
"UDP Query User{E32FE452-C55A-4C4A-9DA7-10C245623BDA}C:\program files\microsoft games\halo trial\halo.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\halo trial\halo.exe |
"UDP Query User{E67FD708-2BD7-4A83-8E27-2065548C5807}C:\users\public\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\users\public\games\warcraft iii\war3.exe |
"UDP Query User{E76C3692-94CB-4DB6-870E-2D831F76E067}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{E7735DF3-FB4A-44E3-93FD-AC53D158262C}C:\program files\garena\garena.exe" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe |
"UDP Query User{ECF0388E-6743-45EB-8B85-8303272844F7}C:\users\layth\downloads\repack\arcemu\arcemu-logonserver.exe" = protocol=17 | dir=in | app=c:\users\layth\downloads\repack\arcemu\arcemu-logonserver.exe |
"UDP Query User{F8F05ECC-863E-4493-A13F-5CF2FBA5B8A3}C:\fusion arcemu 3.2.2\server\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=c:\fusion arcemu 3.2.2\server\mysql\bin\mysqld-nt.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}" = Pirates of the Caribbean - At Worlds End
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox
"{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3BB19A2B-B9C5-3872-8FDF-3047CC9F9841}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6ED37A91-7710-3183-BE50-AB043FF6689E}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7BB045C3-D5E4-4620-B536-DC11AACD5942}" = Broadcom Management Programs
"{7D8DBB7C-1C55-4950-A107-043C164F379A}" = Software Virtualization Agent
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8487219F-6929-4FC9-B5F7-7D990DD6EECB}" = HP Advisor
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97CE8B73-AA5A-4987-A1BE-50DD1A187478}" = Microsoft Sync Framework SDK v1.0 SP1
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}" = Pivot Stickfigure Animator
"{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"{C6DD625F-4B61-4561-8286-87CA0275CEA1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86)
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F990B526-8F7C-46E0-B1F1-6C893A8B478F}" = Microsoft Sync Framework Services v1.0 SP1 (x86)
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI-SV92EX Soft Modem
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CCleaner" = CCleaner
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX Setup
"Fable TLC Application Suite" = Fable TLC Application Suite
"Flash Movie Player" = Flash Movie Player 1.5
"Fraps" = Fraps (remove only)
"GamersFirst LIVE!" = GamersFirst LIVE!
"HeidiSQL_is1" = HeidiSQL 6.0
"HyperCam 2" = HyperCam 2
"HyperCam Toolbar" = HyperCam Toolbar
"InstallShield_{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}" = Fable - The Lost Chapters
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Managed Firewall" = McAfee Firewall Protection Service
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Mozilla Firefox (2.0.0.15)" = Mozilla Firefox (2.0.0.15)
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MVS" = McAfee Virus and Spyware Protection Service
"PDF Complete" = PDF Complete
"PowerISO" = PowerISO
"PowerShow_is1" = OfficeOne PowerShow 7.5
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.2
"WampServer 2_is1" = WampServer 2.0
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Layth
"Google Chrome" = Google Chrome
"SOE-Free Realms" = Free Realms
"UnityWebPlayer" = Unity Web Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/11/2011 6:57:03 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/11/2011 6:57:05 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/11/2011 6:57:14 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/11/2011 6:57:14 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/11/2011 6:57:17 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/11/2011 7:00:42 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/11/2011 7:00:44 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/11/2011 7:00:51 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/11/2011 8:32:23 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 1/11/2011 8:32:47 AM | Computer Name = Layth-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ System Events ]
Error - 12/31/2010 8:54:41 AM | Computer Name = Layth-PC | Source = DCOM | ID = 10010
Description =

Error - 1/5/2011 1:19:24 PM | Computer Name = Layth-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:15:33 PM on 1/5/2011 was unexpected.

Error - 1/5/2011 1:19:15 PM | Computer Name = Layth-PC | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.

Error - 1/5/2011 1:19:28 PM | Computer Name = Layth-PC | Source = HTTP | ID = 15016
Description =

Error - 1/5/2011 1:20:55 PM | Computer Name = Layth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/9/2011 3:15:29 AM | Computer Name = Layth-PC | Source = HTTP | ID = 15016
Description =

Error - 1/9/2011 3:17:05 AM | Computer Name = Layth-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 1/11/2011 3:14:48 PM | Computer Name = Layth-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:12:16 PM on 1/11/2011 was unexpected.

Error - 1/11/2011 3:14:52 PM | Computer Name = Layth-PC | Source = HTTP | ID = 15016
Description =

Error - 1/11/2011 3:15:54 PM | Computer Name = Layth-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

Lionspridde

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-03-06
Operating System : Windows Vista

View user profile

Back to top Go down

Re: worm?

Post by Lionspridde on Mon 17 Jan 2011, 10:57 pm

bump

Lionspridde

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-03-06
Operating System : Windows Vista

View user profile

Back to top Go down

Re: worm?

Post by Belahzur on Tue 18 Jan 2011, 12:12 pm

Hello.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: worm?

Post by Lionspridde on Tue 18 Jan 2011, 12:51 pm

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 5543

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

1/17/2011 8:50:08 PM
mbam-log-2011-01-17 (20-50-08).txt

Scan type: Quick scan
Objects scanned: 155501
Time elapsed: 11 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Lionspridde

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-03-06
Operating System : Windows Vista

View user profile

Back to top Go down

Re: worm?

Post by Lionspridde on Tue 18 Jan 2011, 2:40 pm

bump

Lionspridde

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-03-06
Operating System : Windows Vista

View user profile

Back to top Go down

Re: worm?

Post by Lionspridde on Wed 19 Jan 2011, 4:38 am

bumpity bump bump bump bump

Lionspridde

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-03-06
Operating System : Windows Vista

View user profile

Back to top Go down

Re: worm?

Post by Belahzur on Wed 19 Jan 2011, 1:18 pm

Please have some patience, real life sometimes gets in the way a little.


  • Download combofix from here
    Link 1
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See HERE for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: worm?

Post by Lionspridde on Wed 19 Jan 2011, 2:30 pm

Ok, sorry, take your time.

While running ComboFix, I got an error. It said:
"C:\32788R22FWJFW\iexplore.exe
Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." Then it proceeded to show the error, and I got no log.

Lionspridde

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-03-06
Operating System : Windows Vista

View user profile

Back to top Go down

Re: worm?

Post by Lionspridde on Wed 19 Jan 2011, 2:31 pm

Oops, Sorry I think I didn't disable my AV right. Let me try again....

Lionspridde

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-03-06
Operating System : Windows Vista

View user profile

Back to top Go down

Re: worm?

Post by Lionspridde on Wed 19 Jan 2011, 2:36 pm

Alright, I disabled microsoft security essentials, but it gives me an error that says "You have a corrupt version of combofix. Please download a fresh copy. To close combofix, press the X at the right top corner." or something like that.

Lionspridde

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-03-06
Operating System : Windows Vista

View user profile

Back to top Go down

Re: worm?

Post by Belahzur on Thu 20 Jan 2011, 12:44 pm

Hello.

Download MBRCheck to your desktop.

  • Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
  • It will show a black screen with some data on it.
  • A report called MBRcheckxxxx.txt will be on your desktop
  • Open this report and post its content in your next reply.


Next,

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

Please post both logs.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: worm?

Post by Lionspridde on Fri 21 Jan 2011, 3:12 am

MBRCheck:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Business Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Hewlett-Packard
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Compaq dc5850 Small Form Factor
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 151):
0x81A4B000 \SystemRoot\system32\ntkrnlpa.exe
0x81A18000 \SystemRoot\system32\hal.dll
0x80406000 \SystemRoot\system32\kdcom.dll
0x8040E000 \SystemRoot\system32\PSHED.dll
0x8041F000 \SystemRoot\system32\BOOTVID.dll
0x80427000 \SystemRoot\system32\CLFS.SYS
0x80468000 \SystemRoot\system32\CI.dll
0x80548000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80603000 \SystemRoot\System32\Drivers\spjg.sys
0x806F6000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x806FF000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x80725000 \SystemRoot\system32\drivers\acpi.sys
0x8076B000 \SystemRoot\system32\drivers\msisadrv.sys
0x80773000 \SystemRoot\system32\drivers\pci.sys
0x8079A000 \SystemRoot\System32\drivers\partmgr.sys
0x807A9000 \SystemRoot\system32\drivers\volmgr.sys
0x82803000 \SystemRoot\System32\drivers\volmgrx.sys
0x8284D000 \SystemRoot\system32\drivers\pciide.sys
0x82854000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82862000 \SystemRoot\System32\drivers\mountmgr.sys
0x82872000 \SystemRoot\system32\drivers\atapi.sys
0x8287A000 \SystemRoot\system32\drivers\ataport.SYS
0x82898000 \SystemRoot\system32\drivers\fltmgr.sys
0x828CA000 \SystemRoot\system32\drivers\fileinfo.sys
0x828DA000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A01000 \SystemRoot\system32\drivers\ndis.sys
0x82B0C000 \SystemRoot\system32\drivers\msrpc.sys
0x82B37000 \SystemRoot\system32\drivers\NETIO.SYS
0x87008000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87117000 \SystemRoot\system32\drivers\volsnap.sys
0x87150000 \SystemRoot\System32\Drivers\spldr.sys
0x87158000 \SystemRoot\System32\Drivers\mup.sys
0x87167000 \SystemRoot\System32\drivers\ecache.sys
0x8718E000 \SystemRoot\system32\drivers\disk.sys
0x8719F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x871C0000 \SystemRoot\system32\drivers\atipcie.sys
0x871C8000 \SystemRoot\system32\drivers\crcdisk.sys
0x82B71000 \SystemRoot\system32\drivers\ahcix86s.sys
0x82BB1000 \SystemRoot\system32\drivers\storport.sys
0x871F1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82BF2000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8AC05000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8B087000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8B126000 \SystemRoot\System32\drivers\watchdog.sys
0x8B202000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8B328000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8B32A000 \SystemRoot\system32\drivers\modem.sys
0x8B337000 \SystemRoot\system32\DRIVERS\b57nd60x.sys
0x8B36F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B387000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B391000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B3CF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B3DE000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B133000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B3F0000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B146000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B151000 \SystemRoot\system32\DRIVERS\serial.sys
0x8B16B000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8B175000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8B180000 \SystemRoot\system32\drivers\tpm.sys
0x8B18E000 \SystemRoot\System32\Drivers\anyuxakj.SYS
0x8B1C7000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8B1D7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8294B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B1E0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x82979000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B1EB000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x82990000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x829B3000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x829C2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x829D6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B3FB000 \SystemRoot\system32\DRIVERS\hamachi.sys
0x8B602000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0x8B68B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B69B000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8B69D000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B6C7000 \SystemRoot\system32\DRIVERS\AmdLLD.sys
0x8B6D6000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8B6E0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8B6ED000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8B721000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8B732000 \SystemRoot\system32\drivers\ADIHdAud.sys
0x8B78C000 \SystemRoot\system32\drivers\portcls.sys
0x8B7B9000 \SystemRoot\system32\drivers\drmk.sys
0x8B80F000 \SystemRoot\system32\DRIVERS\netr73.sys
0x8B887000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x8B8AA000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8B8B3000 \SystemRoot\System32\Drivers\Null.SYS
0x8B8BA000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B8C1000 \SystemRoot\System32\drivers\vga.sys
0x8B8CD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8B8EE000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8B8F6000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8B8FE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8B909000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8B917000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D000000 \SystemRoot\System32\drivers\tcpip.sys
0x8D0E9000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D104000 \SystemRoot\System32\Drivers\Mpfp.sys
0x8D12A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D140000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0x8D152000 \SystemRoot\system32\drivers\mfetdik.sys
0x8D15E000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D172000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D1A4000 \SystemRoot\system32\drivers\afd.sys
0x8B920000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D1EC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B936000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8B949000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x8B957000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B993000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B99D000 \SystemRoot\system32\drivers\mfehidk.sys
0x8B9CE000 \??\C:\Windows\system32\drivers\fslx.sys
0x8BE04000 \SystemRoot\system32\drivers\csc.sys
0x8BE5E000 \SystemRoot\System32\Drivers\dfsc.sys
0x8BE75000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8BE82000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8BE8D000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x94860000 \SystemRoot\System32\win32k.sys
0x8BE95000 \SystemRoot\System32\drivers\Dxapi.sys
0x8BE9F000 \SystemRoot\system32\DRIVERS\monitor.sys
0x94A80000 \SystemRoot\System32\TSDDD.dll
0x94AA0000 \SystemRoot\System32\cdd.dll
0x8BEAE000 \SystemRoot\system32\drivers\luafv.sys
0x8BEC9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8BED9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8BF03000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8BF0D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8BF20000 \SystemRoot\system32\drivers\HTTP.sys
0x9920E000 \SystemRoot\system32\drivers\spsys.sys
0x992BD000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x992DA000 \SystemRoot\system32\DRIVERS\bowser.sys
0x992F3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x99308000 \SystemRoot\system32\drivers\mrxdav.sys
0x99328000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x99347000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x99380000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99398000 \SystemRoot\System32\DRIVERS\srv2.sys
0x993BF000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8BF8D000 \SystemRoot\System32\DRIVERS\srv.sys
0x993D5000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x993DE000 \??\C:\Program Files\Broadcom\MgmtAgent\BASFND.sys
0x9F203000 \SystemRoot\system32\drivers\peauth.sys
0x9F2E1000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F2EB000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F2F7000 \??\C:\Windows\system32\drivers\mbam.sys
0x9F2FB000 \SystemRoot\system32\drivers\MfeBOPK.sys
0x9F302000 \SystemRoot\system32\drivers\MfeAVFK.sys
0x773A0000 \Windows\System32\ntdll.dll
0x10000000 \Program Files\DAEMON Tools Lite\Engine.dll

Processes (total 59):
0 System Idle Process
4 System
548 C:\Windows\System32\smss.exe
616 csrss.exe
684 C:\Windows\System32\wininit.exe
692 csrss.exe
740 C:\Windows\System32\winlogon.exe
768 C:\Windows\System32\services.exe
788 C:\Windows\System32\lsass.exe
796 C:\Windows\System32\lsm.exe
948 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1044 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1196 C:\Windows\System32\Ati2evxx.exe
1228 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\svchost.exe
1320 C:\Windows\System32\svchost.exe
1388 C:\Windows\System32\audiodg.exe
1428 C:\Windows\System32\SLsvc.exe
1492 C:\Windows\System32\svchost.exe
1672 C:\Windows\System32\svchost.exe
1848 C:\Windows\System32\Ati2evxx.exe
1916 C:\Windows\System32\spoolsv.exe
1956 C:\Windows\System32\taskeng.exe
1980 C:\Windows\System32\dwm.exe
2020 C:\Windows\explorer.exe
560 C:\Program Files\Analog Devices\Core\smax4pnp.exe
596 C:\Program Files\Microsoft Security Essentials\msseces.exe
620 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
996 C:\Windows\System32\svchost.exe
1844 C:\Users\Layth\AppData\Roaming\cacaoweb\cacaoweb.exe
2124 C:\Windows\System32\taskeng.exe
2344 C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
2748 C:\Windows\System32\AEADISRV.EXE
2768 C:\Program Files\LSI SoftModem\agrsmsvc.exe
2792 C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
2904 C:\Program Files\Dyyno\Dyyno Broadcaster\launcherd.exe
2928 C:\PROGRA~1\McAfee\MANAGE~1\VScan\ENGINE~1.EXE
2952 C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
2972 C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
2996 C:\PROGRA~1\McAfee\SITEAD~1\McSACore.exe
3036 C:\Program Files\McAfee\MPF\MpfSrv.exe
3068 C:\Windows\System32\rundll32.exe
3080 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
3136 C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
3400 C:\Program Files\PDF Complete\pdfsvc.exe
3428 C:\Windows\System32\svchost.exe
3456 C:\Windows\System32\svchost.exe
3488 C:\Windows\System32\svchost.exe
3532 C:\Windows\System32\SearchIndexer.exe
2704 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2428 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
3736 C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe
2720 C:\Windows\System32\dllhost.exe
1064 C:\Program Files\Mozilla Firefox\firefox.exe
1152 C:\Users\Layth\AppData\Local\Roblox\Versions\version-88d6725196db4aa9\RobloxApp.exe
5916 C:\Windows\System32\SearchProtocolHost.exe
4468 C:\Windows\System32\SearchFilterHost.exe
1396 C:\Users\Layth\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000012`24e00000 (NTFS)

PhysicalDrive0 Model Number: ST380815AS, Rev: 3.CHH

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: C494D0E68EC43BD90D507D7433A09349C3E569C8


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Lionspridde

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-03-06
Operating System : Windows Vista

View user profile

Back to top Go down

Re: worm?

Post by Lionspridde on Fri 21 Jan 2011, 3:14 am

TDSSKiller:

2011/01/20 11:12:08.0818 TDSS rootkit removing tool 2.4.14.0 Jan 18 2011 09:33:51
2011/01/20 11:12:08.0818 ================================================================================
2011/01/20 11:12:08.0818 SystemInfo:
2011/01/20 11:12:08.0818
2011/01/20 11:12:08.0818 OS Version: 6.0.6001 ServicePack: 1.0
2011/01/20 11:12:08.0818 Product type: Workstation
2011/01/20 11:12:08.0818 ComputerName: LAYTH-PC
2011/01/20 11:12:08.0819 UserName: Layth
2011/01/20 11:12:08.0819 Windows directory: C:\Windows
2011/01/20 11:12:08.0819 System windows directory: C:\Windows
2011/01/20 11:12:08.0819 Processor architecture: Intel x86
2011/01/20 11:12:08.0819 Number of processors: 1
2011/01/20 11:12:08.0819 Page size: 0x1000
2011/01/20 11:12:08.0819 Boot type: Normal boot
2011/01/20 11:12:08.0820 ================================================================================
2011/01/20 11:12:17.0250 Initialize success
2011/01/20 11:12:23.0723 ================================================================================
2011/01/20 11:12:23.0723 Scan started
2011/01/20 11:12:23.0724 Mode: Manual;
2011/01/20 11:12:23.0725 ================================================================================
2011/01/20 11:12:24.0538 ACPI (0cee59e4613bf65e2fd37e544ad66bdb) C:\Windows\system32\drivers\acpi.sys
2011/01/20 11:12:25.0293 ADIHdAudAddService (b0269f270d29f0b0d602959271ab623b) C:\Windows\system32\drivers\ADIHdAud.sys
2011/01/20 11:12:25.0903 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/01/20 11:12:26.0204 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/01/20 11:12:26.0394 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/01/20 11:12:26.0484 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/01/20 11:12:26.0864 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
2011/01/20 11:12:27.0265 AgereSoftModem (35c391e40471a0b479328fc7b1b5f40f) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/01/20 11:12:27.0766 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/01/20 11:12:27.0947 ahcix86s (a484c7cd9702e5b938295e9356dd2847) C:\Windows\system32\drivers\ahcix86s.sys
2011/01/20 11:12:28.0322 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/01/20 11:12:28.0443 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/01/20 11:12:28.0539 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/01/20 11:12:28.0672 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/01/20 11:12:28.0747 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/01/20 11:12:28.0855 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/20 11:12:28.0959 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\Windows\system32\DRIVERS\AmdLLD.sys
2011/01/20 11:12:29.0609 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/01/20 11:12:29.0777 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/01/20 11:12:30.0002 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/20 11:12:30.0224 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/01/20 11:12:30.0501 atikmdag (7a46cf1f1075eb0340ea40f12d88a862) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/20 11:12:30.0974 AtiPcie (a356e45e8432432c06981ea63a1e0fe8) C:\Windows\system32\drivers\atipcie.sys
2011/01/20 11:12:31.0342 b57nd60x (6fb43f0dadb3fdc287d080c19666af8d) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/01/20 11:12:31.0419 BASFND (5c68ac6f3e5b3e6d6a78e97d05e42c3a) C:\Program Files\Broadcom\MgmtAgent\BASFND.sys
2011/01/20 11:12:31.0736 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/01/20 11:12:31.0890 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/01/20 11:12:32.0013 Blfp (560679df366bbbe8ba04649558406c8c) C:\Windows\system32\DRIVERS\basp.sys
2011/01/20 11:12:32.0384 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/20 11:12:32.0636 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/01/20 11:12:32.0795 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/01/20 11:12:33.0020 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/01/20 11:12:33.0123 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/01/20 11:12:33.0235 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/01/20 11:12:33.0307 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/01/20 11:12:33.0402 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/01/20 11:12:33.0544 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/20 11:12:33.0633 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/20 11:12:33.0759 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/01/20 11:12:33.0860 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
2011/01/20 11:12:34.0058 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/01/20 11:12:34.0153 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/01/20 11:12:34.0285 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/01/20 11:12:34.0364 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/01/20 11:12:34.0502 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
2011/01/20 11:12:34.0653 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
2011/01/20 11:12:34.0796 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
2011/01/20 11:12:35.0026 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/01/20 11:12:35.0175 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/20 11:12:36.0091 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/01/20 11:12:36.0566 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
2011/01/20 11:12:36.0704 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/01/20 11:12:36.0851 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/01/20 11:12:37.0112 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
2011/01/20 11:12:37.0264 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
2011/01/20 11:12:37.0397 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/20 11:12:37.0572 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/01/20 11:12:37.0675 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/01/20 11:12:37.0756 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/20 11:12:37.0883 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
2011/01/20 11:12:38.0087 FSLX (42c202b2f1641f009b40b90eee3830f3) C:\Windows\system32\drivers\fslx.sys
2011/01/20 11:12:38.0161 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/20 11:12:38.0221 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/01/20 11:12:38.0560 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/01/20 11:12:38.0943 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/01/20 11:12:39.0082 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/20 11:12:39.0202 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/01/20 11:12:39.0331 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/01/20 11:12:39.0467 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
2011/01/20 11:12:39.0630 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/01/20 11:12:39.0797 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
2011/01/20 11:12:39.0943 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/01/20 11:12:40.0024 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/20 11:12:40.0153 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/01/20 11:12:40.0286 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/01/20 11:12:40.0392 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/01/20 11:12:40.0448 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/20 11:12:40.0558 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/20 11:12:40.0682 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/01/20 11:12:40.0764 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/01/20 11:12:40.0855 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/01/20 11:12:40.0935 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/01/20 11:12:41.0009 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/20 11:12:41.0133 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/01/20 11:12:41.0270 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/01/20 11:12:41.0460 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/20 11:12:41.0567 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/01/20 11:12:41.0696 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/20 11:12:41.0835 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/20 11:12:41.0964 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/01/20 11:12:42.0082 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/01/20 11:12:42.0253 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/01/20 11:12:42.0318 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/01/20 11:12:42.0434 MBAMProtector (836e0e09ca9869be7eb39ef2cf3602c7) C:\Windows\system32\drivers\mbam.sys
2011/01/20 11:12:42.0826 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/01/20 11:12:42.0895 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/01/20 11:12:43.0056 MfeAVFK (4a802c0d6f1ae9a11cc778e7d3378fe0) C:\Windows\system32\drivers\MfeAVFK.sys
2011/01/20 11:12:43.0360 MfeBOPK (f8dedc7b973e7311458fa52774242d19) C:\Windows\system32\drivers\MfeBOPK.sys
2011/01/20 11:12:43.0541 mfehidk (04e66896ebb00e94f1a51358d32e24af) C:\Windows\system32\drivers\mfehidk.sys
2011/01/20 11:12:43.0781 MfeRKDK (459330ecf667872821fa1e56a2a37d24) C:\Windows\system32\drivers\MfeRKDK.sys
2011/01/20 11:12:44.0036 mfetdik (74a22591e2afe1091e949952bdbf7c20) C:\Windows\system32\drivers\mfetdik.sys
2011/01/20 11:12:44.0289 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/01/20 11:12:44.0346 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/20 11:12:44.0446 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/20 11:12:44.0539 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
2011/01/20 11:12:44.0601 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/01/20 11:12:44.0698 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/01/20 11:12:45.0005 MPFP (1f4fb891a4c67e12efad06e464df5dc5) C:\Windows\system32\Drivers\Mpfp.sys
2011/01/20 11:12:45.0343 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/01/20 11:12:45.0452 MpNWMon (aeb186afff5d9cfed823c15d846aac3b) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/01/20 11:12:45.0641 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/20 11:12:45.0759 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/01/20 11:12:45.0819 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
2011/01/20 11:12:45.0948 mrxsmb (7afc42e60432fd1014f5342f2b1b1f74) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/20 11:12:46.0019 mrxsmb10 (8a75752ae17924f65452746674b14b78) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/20 11:12:46.0074 mrxsmb20 (f4d0f3252e651f02be64984ffa738394) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/20 11:12:46.0170 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/01/20 11:12:46.0267 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/01/20 11:12:46.0485 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/01/20 11:12:46.0547 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/01/20 11:12:46.0704 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/20 11:12:46.0925 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/20 11:12:47.0022 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/01/20 11:12:47.0076 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
2011/01/20 11:12:47.0201 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/20 11:12:47.0316 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/01/20 11:12:47.0430 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
2011/01/20 11:12:47.0620 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/20 11:12:47.0931 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
2011/01/20 11:12:48.0076 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/20 11:12:48.0127 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/20 11:12:48.0203 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/20 11:12:48.0296 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/01/20 11:12:48.0407 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/20 11:12:48.0479 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/20 11:12:48.0705 netr73 (847b64e9069946556bcfcdce638566d8) C:\Windows\system32\DRIVERS\netr73.sys
2011/01/20 11:12:48.0824 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/01/20 11:12:48.0907 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
2011/01/20 11:12:48.0981 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/20 11:12:49.0086 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
2011/01/20 11:12:49.0392 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/01/20 11:12:49.0493 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/01/20 11:12:49.0598 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/01/20 11:12:49.0707 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/01/20 11:12:49.0790 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/01/20 11:12:50.0031 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/01/20 11:12:50.0189 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
2011/01/20 11:12:50.0272 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
2011/01/20 11:12:50.0364 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
2011/01/20 11:12:50.0431 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
2011/01/20 11:12:50.0557 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/01/20 11:12:50.0628 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/01/20 11:12:50.0771 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/01/20 11:12:51.0072 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/20 11:12:51.0189 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/01/20 11:12:51.0387 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/20 11:12:51.0531 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/01/20 11:12:51.0687 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/01/20 11:12:51.0782 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/20 11:12:51.0880 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/20 11:12:52.0011 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/20 11:12:52.0120 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/20 11:12:52.0203 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/20 11:12:52.0294 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/20 11:12:52.0394 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/20 11:12:52.0481 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/01/20 11:12:52.0544 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/20 11:12:52.0628 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
2011/01/20 11:12:52.0770 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\Windows\system32\DRIVERS\RsFx0102.sys
2011/01/20 11:12:53.0126 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/20 11:12:53.0205 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/01/20 11:12:53.0377 SCDEmu (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
2011/01/20 11:12:53.0839 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/01/20 11:12:53.0978 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/20 11:12:54.0036 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/01/20 11:12:54.0127 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/01/20 11:12:54.0246 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/01/20 11:12:54.0312 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/01/20 11:12:54.0369 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/01/20 11:12:54.0458 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/01/20 11:12:54.0563 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/01/20 11:12:54.0637 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/01/20 11:12:54.0708 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/01/20 11:12:54.0804 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
2011/01/20 11:12:55.0023 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/01/20 11:12:55.0205 sptd (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
2011/01/20 11:12:55.0206 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2011/01/20 11:12:55.0226 sptd - detected Locked file (1)
2011/01/20 11:12:55.0366 srv (8e5fc19b3b38364c5f44ccecec5248e9) C:\Windows\system32\DRIVERS\srv.sys
2011/01/20 11:12:55.0523 srv2 (4ceeb95e0b79e48b81f2da0a6c24c64b) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/20 11:12:55.0612 srvnet (f9c65e1e00a6bbf7c57d9b8ea068c525) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/20 11:12:55.0751 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/20 11:12:55.0906 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/01/20 11:12:55.0968 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/01/20 11:12:56.0032 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/01/20 11:12:56.0246 Tcpip (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\drivers\tcpip.sys
2011/01/20 11:12:56.0512 Tcpip6 (2eae4500984c2f8dacfb977060300a15) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/20 11:12:56.0593 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/20 11:12:56.0715 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/01/20 11:12:56.0851 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/01/20 11:12:57.0019 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/20 11:12:57.0126 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/20 11:12:57.0297 TPM (cb258c2f726f1be73c507022be33ebb3) C:\Windows\system32\drivers\tpm.sys
2011/01/20 11:12:57.0513 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/20 11:12:57.0616 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/01/20 11:12:57.0764 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/20 11:12:57.0861 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/01/20 11:12:57.0930 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/20 11:12:58.0054 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/01/20 11:12:58.0123 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/01/20 11:12:58.0220 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/01/20 11:12:58.0324 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/01/20 11:12:58.0419 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/20 11:12:58.0588 usbccgp (8bd3ae150d97ba4e633c6c5c51b41ae1) C:\Windows\system32\drivers\usbccgp.sys
2011/01/20 11:12:58.0673 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/01/20 11:12:58.0763 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/20 11:12:58.0816 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/20 11:12:58.0916 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/20 11:12:59.0026 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/01/20 11:12:59.0103 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/20 11:12:59.0183 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/20 11:12:59.0298 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/20 11:12:59.0349 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/01/20 11:12:59.0424 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/01/20 11:12:59.0535 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/01/20 11:12:59.0614 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/01/20 11:12:59.0733 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/01/20 11:12:59.0818 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
2011/01/20 11:12:59.0910 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
2011/01/20 11:13:00.0069 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/01/20 11:13:00.0257 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/01/20 11:13:00.0340 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/20 11:13:00.0390 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/20 11:13:00.0556 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/01/20 11:13:00.0638 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/20 11:13:01.0064 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/20 11:13:01.0283 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/20 11:13:01.0508 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/20 11:13:01.0926 ================================================================================
2011/01/20 11:13:01.0926 Scan finished
2011/01/20 11:13:01.0926 ================================================================================
2011/01/20 11:13:01.0948 Detected object count: 1
2011/01/20 11:13:10.0121 Locked file(sptd) - User select action: Skip

Lionspridde

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-03-06
Operating System : Windows Vista

View user profile

Back to top Go down

Re: worm?

Post by Belahzur on Fri 21 Jan 2011, 12:37 pm

Hello.

Re-Run MBRCheck.exe


  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Please push the 'Y' key and then press Enter
  • When program ask you Enter your choice: enter
    [1] Dump the MBR of a physical disk to file.
    and press the Enter key
  • Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes:, followed by a list of operating systems. Please enter
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    and then press Enter.
  • The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see Dumped successfully.
  • Next, type -1 and press Enter. Next press Enter again, and the program will exit.
  • Save it to your desktop then attach the resultant output in your next reply


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: worm?

Post by Lionspridde on Fri 21 Jan 2011, 10:42 pm

Messed up this post. Read the next one.


Last edited by Lionspridde on Fri 21 Jan 2011, 10:44 pm; edited 1 time in total

Lionspridde

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-03-06
Operating System : Windows Vista

View user profile

Back to top Go down

Re: worm?

Post by Lionspridde on Fri 21 Jan 2011, 10:44 pm

Belahzur wrote:Hello.

Re-Run MBRCheck.exe

[list]
[*]Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
[*]Please push the 'Y' key and then press Enter
[*]When program ask you Enter your choice: enter
[1] Dump the MBR of a physical disk to file.
and press the Enter key
[*]Now the program will ask you "Enter the physical disk number to fix (0-99, -1 to cancel):"
[*]Enter 0 and press the Enter key.
[*]The program will show Available MBR codes:, followed by a list of operating systems. Please enter
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
and then press Enter.
[*]The program will ask for the file name to dump to, type dump.dat and Press Enter. You should see Dumped successfully.



At the Enter 0 and press the Enter key. When you tell me what to enter It just appears as a very small letter/number that I cannot read. can you repost that?

Lionspridde

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-03-06
Operating System : Windows Vista

View user profile

Back to top Go down

Re: worm?

Post by Belahzur on Sat 22 Jan 2011, 11:46 am

How did it go? did you get the dump.dat file?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: worm?

Post by Lionspridde on Sat 22 Jan 2011, 11:10 pm

Ok, When I open MBRCheck It scans my mbr. after its done I press Y and hit enter. it gives me 3 options. I chose [1] Dump the MBR of a physical disk to file. when I do that, I enter 0 then press enter. It doesn't give me any options to select my operating system. it just tells me to enter the file name to dump it.

Lionspridde

Rookie Surfer
Rookie Surfer

Posts : 52
Joined : 2010-03-06
Operating System : Windows Vista

View user profile

Back to top Go down

Re: worm?

Post by Belahzur on Sun 23 Jan 2011, 1:26 pm

Okay, did you try entering a name?


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: worm?

Post by Sponsored content Today at 7:53 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum