Autorun worm

View previous topic View next topic Go down

Autorun worm

Post by Flamebo on 29th July 2012, 1:14 pm

Hi
Spent past 2 days trying to remove the root of this virus/worm.
I would not come ask if I did not extensively search for a solution.

Here I will give as much information about my situation as possible.

It is very similiar to this worm/virus:
[You must be registered and logged in to see this link.]
When I plug a USB Pendrive into my pc the virus creates two files:
1. Autorun.inf (ESET deletes this)
2. System.exe(a copy of itself, which the autorun would activate on another machine)

How do I find the cause of this?
1. What registry entry would activate this virus?
2. Where is the root file of this virus?
3. Where does it copy/install the system.exe and Autorun.inf files from?
I do not want to stop the autorun feature as a solution.

Please help.




Flamebo
Novice
Novice

Posts Posts : 24
Joined Joined : 2012-07-29
Gender Gender : Male
OS OS : WIN7 64bit
Protection Protection : ESET Smart Security
Points Points : 16271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Gabethebabe on 29th July 2012, 7:16 pm

Hi there Flamebo and welcome to GeekPolice!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I“m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I“m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesn“t mean it is clean yet!

====================

Please download OTL by OldTimer from [You must be registered and logged in to see this link.] and save it to your desktop.
  • Close all windows and double click OTL.exe.
  • The Extra Registry setting should be Use Safelist
  • Copy and paste the following text into the Custom Scans/Fixes box:

Code:
%APPDATA%\Microsoft\*.*
%systemroot%\system32\config\systemprofile\*.dat /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\winn32\*.*
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%PROGRAMFILES%\Mozilla Firefox\*.exe
%ProgramFiles%\TinyProxy.
%systemroot%\system32\*.* /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.* /lockedfiles
%PROGRAMFILES%\*.
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
/md5start
netlogon.dll
explorer.exe
userinit.exe
winlogon.exe
services.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
hkcu\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
hklm\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need multiple posts to get it all.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Flamebo on 29th July 2012, 10:57 pm

OTL logfile created on: 2012/07/30 12:40:03 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Adriaan\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001c09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

7.98 Gb Total Physical Memory | 5.59 Gb Available Physical Memory | 70.07% Memory free
15.96 Gb Paging File | 13.79 Gb Available in Paging File | 86.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 318.02 Gb Free Space | 70.10% Space Free | Partition Type: NTFS
Drive D: | 23.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 698.63 Gb Total Space | 152.43 Gb Free Space | 21.82% Space Free | Partition Type: NTFS

Computer Name: FLAMEBO | User Name: Adriaan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/30 00:08:49 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Adriaan\Desktop\OTL.exe
PRC - [2012/07/18 11:11:33 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/08 18:16:33 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/05/22 09:37:28 | 001,780,736 | ---- | M] (Corsair Components Inc) -- C:\Program Files (x86)\corsair\K90 Keyboard\K90Hid.exe
PRC - [2012/05/15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/04/16 19:32:26 | 000,251,392 | ---- | M] (Corsair Components Inc) -- C:\Program Files (x86)\corsair\K90 Keyboard\CorsTra.exe
PRC - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2012/02/09 15:52:38 | 000,979,360 | ---- | M] (Razer USA Ltd) -- C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe
PRC - [2011/06/24 19:42:10 | 001,699,016 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\msi\LockIndicator\LockIndicator.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/07/29 10:08:36 | 002,795,008 | ---- | M] (msi) -- C:\Program Files (x86)\msi\msi LED Manager\SLM.exe
PRC - [2010/07/15 12:22:36 | 001,367,816 | ---- | M] (Motorola, Inc.) -- C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
PRC - [2010/06/04 17:00:28 | 002,486,272 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe
PRC - [2010/04/09 13:56:36 | 000,082,432 | ---- | M] (MSI) -- C:\Program Files (x86)\msi\NVIDIA Overclock Tool\NVIDIAOCAP.exe
PRC - [2010/01/22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/07/09 15:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MSIService.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/18 11:11:33 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/07/13 02:43:07 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\f91c92735c4a913143a0914c8cb531f2\System.Xaml.ni.dll
MOD - [2012/07/13 00:46:48 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\063174e87d258ef1db040cbfbdd4cd31\PresentationFramework.ni.dll
MOD - [2012/07/13 00:46:32 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\984f8802a334d2ae862b66bf71332c10\PresentationCore.ni.dll
MOD - [2012/07/13 00:46:27 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d55bed00e3d36b0db5bd3994c77fe850\System.Windows.Forms.ni.dll
MOD - [2012/07/13 00:46:19 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b54a85f8f8f5ac297357c80b95834a90\System.Xml.ni.dll
MOD - [2012/07/13 00:46:18 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\697786bb51408d41d980263d90a56d03\WindowsBase.ni.dll
MOD - [2012/07/13 00:46:17 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\fd52e266873de847aea40b1d0715e0bb\PresentationFramework.Aero.ni.dll
MOD - [2012/07/13 00:46:15 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9abdaeea6a61127606bbc324d9177579\System.Drawing.ni.dll
MOD - [2012/07/13 00:46:15 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\d131eefaea0ca120aaf11568d8e44cad\System.Configuration.ni.dll
MOD - [2012/07/13 00:46:14 | 000,311,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d967cc1d136bda3aaa2ecd6699a6803a\PresentationFramework.Classic.ni.dll
MOD - [2012/07/13 00:46:13 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\360d70391adff56f1d029b1a538d2431\System.ni.dll
MOD - [2012/07/13 00:46:06 | 014,415,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\97d737762adec957a2d7c80fafb4703a\mscorlib.ni.dll
MOD - [2012/07/06 13:32:03 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012/07/06 13:32:02 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012/07/06 12:54:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/07/06 12:54:34 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/07/06 12:54:28 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/07/06 12:54:15 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/07/06 12:54:10 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/07/06 12:54:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/07/06 12:54:06 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/07/06 12:54:01 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/14 12:39:24 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\corsair\K90 Keyboard\hidGetKey.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/05 18:50:55 | 001,028,096 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/01/05 13:41:38 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/01/05 13:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/01/05 13:26:56 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/11/30 13:27:58 | 000,336,824 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV:64bit: - [2010/07/26 18:32:22 | 004,150,536 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe -- (Bluetooth Device Manager)
SRV:64bit: - [2010/07/16 14:08:06 | 000,679,176 | ---- | M] (Motorola, Inc.) [Auto | Running] -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV:64bit: - [2010/07/15 12:22:50 | 001,188,616 | ---- | M] (Motorola, Inc.) [On_Demand | Running] -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe -- (Bluetooth Media Service)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/27 14:06:26 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/18 11:11:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/08 18:16:33 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/05 18:50:54 | 000,647,680 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/05/15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/04/04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/09 15:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/29 23:49:15 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/05/11 07:34:14 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/05/11 07:34:12 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/03/27 10:58:36 | 000,025,600 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CORSGKB.sys -- (CORSGKB)
DRV:64bit: - [2012/03/14 08:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2012/03/14 08:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2012/03/14 08:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2012/03/14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/16 13:42:00 | 000,676,968 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2012/02/05 14:29:04 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/01/12 09:28:48 | 000,057,976 | R--- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2011/04/11 21:01:00 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011/04/11 21:00:18 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/04 11:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/11/21 05:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 05:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010/11/21 05:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 05:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010/11/21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/06/30 12:02:30 | 000,052,736 | ---- | M] (Motorola, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmcom.sys -- (BTMCOM)
DRV:64bit: - [2010/01/07 20:46:20 | 000,302,128 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/30 06:24:28 | 000,121,088 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DMBdtv.sys -- (DMBdtv)
DRV:64bit: - [2009/11/24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009/11/24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2012/07/28 17:10:39 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\bepxusli.sys -- (dqjnh)
DRV - [2012/07/28 15:22:10 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\jmvo.sys -- (apugyvt)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-za
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA 46 C0 28 F0 5A CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = [You must be registered and logged in to see this link.] 01:19:46&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.za/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/07/09 22:07:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 11:11:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/22 22:32:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/07/09 22:07:55 | 000,000,000 | ---D | M]

[2012/07/06 01:27:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adriaan\AppData\Roaming\Mozilla\Extensions
[2012/07/17 00:25:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adriaan\AppData\Roaming\Mozilla\Firefox\Profiles\txv1pf5w.default\extensions
[2012/03/30 18:17:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Adriaan\AppData\Roaming\Mozilla\Firefox\Profiles\txv1pf5w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/07/06 01:38:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/18 11:11:33 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/07/17 01:19:43 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/15 00:19:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/15 00:19:40 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

Flamebo
Novice
Novice

Posts Posts : 24
Joined Joined : 2012-07-29
Gender Gender : Male
OS OS : WIN7 64bit
Protection Protection : ESET Smart Security
Points Points : 16271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Flamebo on 29th July 2012, 10:58 pm



========== Chrome ==========

CHR - homepage: [You must be registered and logged in to see this link.]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: [You must be registered and logged in to see this link.]
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - Extension: YouTube = C:\Users\Adriaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Adriaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Adriaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: YouTube = C:\Users\Adriaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Adriaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Adriaan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AutorunRemover.exe] C:\Program Files (x86)\AutorunRemover\AutorunRemover.exe ()
O4 - HKLM..\Run: [Corsair laver] C:\Program Files (x86)\corsair\K90 Keyboard\K90Hid.exe (Corsair Components Inc)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LockIndicator] C:\Program Files (x86)\msi\LockIndicator\LockIndicator.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [msi LED Manager] C:\Program Files (x86)\msi\msi LED Manager\SLM.exe (msi)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [NVIDIAOCAP] C:\Program Files (x86)\msi\NVIDIA Overclock Tool\NVIDIAOCAP.exe (MSI)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorSysTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.] File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - [You must be registered and logged in to see this link.] File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.] File not found
O8 - Extra context menu item: Se&nd to OneNote - [You must be registered and logged in to see this link.] File not found
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-247 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: Silver Sands Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Silver Sands Poker\GameClient.exe ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6F4017FE-789F-4300-8CB2-AE0FE8413D64}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9E20FAF-27E4-4CDB-B51C-D2C60357283D}: NameServer = 192.168.0.1,192.168.0.8
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/30 00:08:16 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Adriaan\Desktop\OTL.exe
[2012/07/29 23:49:15 | 000,066,728 | ---- | C] (Eugene V. Muzychenko) -- C:\Windows\SysNative\drivers\vrtaucbl.sys
[2012/07/29 23:49:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
[2012/07/29 23:49:15 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Audio Cable
[2012/07/29 23:10:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/29 23:10:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/29 23:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/29 13:57:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutorunRemover
[2012/07/29 13:57:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutorunRemover
[2012/07/29 01:26:46 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Desktop\backup
[2012/07/29 01:21:55 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Malwarebytes
[2012/07/29 01:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/29 01:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/29 01:21:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/29 01:21:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/28 19:34:39 | 000,057,976 | R--- | C] (GFI Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2012/07/28 19:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/28 19:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/28 17:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Autorun Eater
[2012/07/28 17:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autorun Eater
[2012/07/28 17:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autorun Eater
[2012/07/28 16:52:03 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/07/28 13:40:12 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Desktop\USB
[2012/07/27 16:47:11 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Desktop\New folder (2)
[2012/07/26 17:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\PBDACN
[2012/07/26 14:50:54 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Documents\My Palettes
[2012/07/26 14:45:25 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Corel
[2012/07/26 14:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis64
[2012/07/26 14:43:02 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Documents\Corel
[2012/07/26 14:42:55 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Documents\Visual Studio 2008
[2012/07/26 14:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2012/07/26 14:41:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2012/07/26 14:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gs
[2012/07/26 14:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2012/07/26 14:40:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2012/07/26 14:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2012/07/26 14:39:51 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2012/07/26 14:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6 (64-Bit)
[2012/07/26 14:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2012/07/26 14:35:56 | 000,000,000 | ---D | C] -- C:\ProgramData\CorelDRAW Graphics Suite X6
[2012/07/24 23:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silver Sands Poker
[2012/07/24 23:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Silver Sands Poker
[2012/07/24 19:31:24 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Tactical Coders
[2012/07/24 19:31:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2012/07/24 19:31:20 | 000,000,000 | -HSD | C] -- C:\Users\Adriaan\AppData\Roaming\.#
[2012/07/24 18:27:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/07/24 18:23:19 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TacticalCoders
[2012/07/24 18:23:11 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Documents\XTAC Files
[2012/07/24 18:23:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tactical Coders
[2012/07/24 17:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/07/24 17:01:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/24 16:53:20 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\Adobe
[2012/07/22 22:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/07/22 22:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/07/22 22:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/07/22 21:27:18 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\ESN Sonar
[2012/07/21 14:53:22 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\ArmA 2 OA
[2012/07/21 14:48:13 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Documents\ArmA 2
[2012/07/21 14:48:13 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\ArmA 2
[2012/07/21 14:48:09 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012/07/21 14:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012/07/21 14:28:06 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Desktop\New folder
[2012/07/17 01:35:20 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\LibreOffice
[2012/07/17 01:30:39 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.5
[2012/07/17 01:29:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 3.5
[2012/07/17 01:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProcessText Group
[2012/07/17 01:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABC Amber vCard Converter
[2012/07/17 00:41:36 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Documents\vCards
[2012/07/17 00:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2012/07/17 00:24:10 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Isaac Software
[2012/07/17 00:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Isaac Software
[2012/07/17 00:24:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Isaac Software
[2012/07/16 23:35:22 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\Wondershare
[2012/07/16 23:35:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2012/07/16 23:35:19 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Wondershare
[2012/07/16 23:09:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion Limited
[2012/07/16 20:19:33 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Blackberry Desktop
[2012/07/14 17:29:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/07/14 17:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/07/14 17:29:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/07/13 15:42:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClockworkMod
[2012/07/13 02:15:24 | 000,000,000 | ---D | C] -- C:\Download
[2012/07/13 01:31:54 | 000,000,000 | ---D | C] -- C:\AllShare
[2012/07/13 00:56:42 | 000,000,000 | ---D | C] -- C:\Temp
[2012/07/13 00:53:49 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\Samsung
[2012/07/13 00:53:48 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Samsung
[2012/07/13 00:53:46 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Documents\samsung
[2012/07/13 00:52:00 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung
[2012/07/13 00:49:26 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2012/07/13 00:49:26 | 000,708,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinUSBCoInstaller.dll
[2012/07/13 00:47:44 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2012/07/13 00:47:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2012/07/13 00:47:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012/07/13 00:47:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2012/07/13 00:44:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/07/12 19:51:50 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Documents\BlackBerry
[2012/07/12 19:49:23 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\Research In Motion
[2012/07/12 19:49:22 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Research In Motion
[2012/07/12 19:48:56 | 000,031,744 | ---- | C] (Research in Motion Ltd) -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys
[2012/07/12 19:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2012/07/12 19:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2012/07/12 19:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion
[2012/07/12 19:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion
[2012/07/11 10:05:14 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/11 10:05:14 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/11 10:05:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/11 10:05:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/11 10:05:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/11 10:05:12 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/11 10:05:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/11 10:05:12 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/11 10:05:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/11 10:05:10 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/11 10:05:10 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/11 10:05:10 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/11 10:05:10 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 09:42:13 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/11 09:42:11 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 09:42:10 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 09:42:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 09:42:08 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 02:07:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2012/07/11 01:04:04 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Documents\Diablo III
[2012/07/10 01:30:45 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\OpenOffice.org
[2012/07/10 01:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/07/09 22:32:17 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\ESET
[2012/07/09 22:32:17 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\ESET
[2012/07/09 22:14:21 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\Microsoft Help
[2012/07/09 22:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2012/07/09 22:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/07/09 22:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/07/09 22:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/09 21:38:35 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Desktop\Software
[2012/07/09 21:38:25 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Desktop\Chat
[2012/07/09 21:38:19 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Desktop\Games
[2012/07/09 21:27:06 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
[2012/07/09 21:27:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2012/07/09 21:27:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2012/07/09 21:27:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012/07/09 21:26:59 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Winamp
[2012/07/09 21:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2012/07/09 21:11:18 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\BANDISOFT
[2012/07/09 21:11:06 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Documents\Bandicam
[2012/07/09 21:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bandicam
[2012/07/09 21:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BandiMPEG1
[2012/07/09 21:11:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bandicam
[2012/07/09 13:57:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/07/09 13:41:45 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Skype
[2012/07/09 13:41:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/07/09 13:41:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/07/09 13:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/07/09 03:18:30 | 000,635,392 | ---- | C] (Praying-Mantis Productions) -- C:\Users\Adriaan\Desktop\shutdown.exe
[2012/07/09 00:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\SoftwareForMe Inc
[2012/07/09 00:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012/07/09 00:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/07/08 23:57:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Battle.net
[2012/07/08 23:39:50 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\vlc
[2012/07/08 19:22:23 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/07/08 19:22:23 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/07/08 19:22:20 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/07/08 19:22:20 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/07/08 19:22:20 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/07/08 19:22:20 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/07/08 19:22:20 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/07/08 19:22:20 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/07/08 19:22:20 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/07/08 17:57:28 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\NVIDIA
[2012/07/08 17:40:44 | 025,743,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012/07/08 17:40:44 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012/07/08 17:40:44 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012/07/08 17:40:44 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012/07/08 17:40:44 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012/07/08 17:40:44 | 010,194,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012/07/08 17:40:44 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012/07/08 17:40:44 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012/07/08 17:40:44 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012/07/08 17:40:44 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012/07/08 17:40:44 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012/07/08 17:40:44 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012/07/08 17:40:44 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012/07/08 17:40:44 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012/07/08 17:23:59 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\PunkBuster
[2012/07/08 16:59:52 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Documents\Battlefield 3
[2012/07/08 16:59:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2012/07/08 16:31:13 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012/07/08 16:30:49 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012/07/08 15:47:22 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\TS3Client
[2012/07/08 15:41:48 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Corsair Vengeance
[2012/07/08 15:36:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corsair
[2012/07/08 15:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\corsair
[2012/07/08 15:34:17 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\Logitech
[2012/07/08 15:34:15 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Leadertech
[2012/07/08 15:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2012/07/08 15:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/07/08 15:33:53 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2012/07/08 15:33:29 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Logitech
[2012/07/08 15:33:29 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Logishrd
[2012/07/08 15:13:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/07/08 15:13:29 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/07/08 15:06:58 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/07/06 18:59:22 | 000,676,968 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012/07/06 18:59:22 | 000,074,344 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RtNicProp64.dll
[2012/07/06 16:52:06 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Desktop\The.Dictator.2012.TS.XviD-MYSTiC
[2012/07/06 16:30:03 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Desktop\Battleship 2012 TS XViD-sC0rp
[2012/07/06 16:27:13 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Desktop\American.Pie.Reunion.2012.New.Telesync.XviD.Feel-Free
[2012/07/06 12:39:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/07/06 12:39:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/07/06 04:19:46 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/07/06 04:19:46 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/07/06 04:19:46 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/07/06 04:19:46 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/07/06 04:19:46 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/07/06 04:19:46 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/07/06 04:19:46 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/07/06 04:19:46 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/07/06 04:19:46 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/07/06 04:19:46 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/07/06 04:19:46 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/07/06 04:19:46 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/07/06 04:19:46 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/07/06 04:19:46 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/07/06 04:19:46 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/07/06 04:19:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/07/06 04:19:46 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/07/06 04:19:46 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/07/06 04:19:46 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/07/06 04:19:46 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/07/06 04:19:46 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/07/06 04:19:46 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/07/06 04:19:46 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/07/06 04:19:46 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/07/06 04:19:46 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/07/06 04:19:46 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/07/06 04:19:46 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/07/06 04:19:46 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/07/06 04:19:46 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/07/06 04:19:46 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/07/06 04:19:46 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/07/06 04:19:46 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/07/06 04:19:46 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/07/06 04:19:46 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/07/06 04:19:46 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/07/06 04:19:46 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/07/06 04:19:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/07/06 04:19:46 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/07/06 04:19:46 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/07/06 04:19:46 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/07/06 04:19:46 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/07/06 04:19:46 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/07/06 04:19:46 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/07/06 04:19:46 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/07/06 04:19:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/07/06 04:19:46 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/07/06 04:19:46 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/07/06 04:19:46 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/07/06 04:19:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/07/06 04:19:46 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/07/06 04:19:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/07/06 04:19:46 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/07/06 04:19:46 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/07/06 04:19:46 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/07/06 04:19:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/07/06 04:19:46 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/07/06 04:19:46 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/07/06 04:09:29 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/07/06 04:09:29 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/07/06 04:09:28 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/07/06 03:41:07 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/07/06 03:41:04 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/07/06 03:41:04 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/07/06 03:41:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/07/06 03:41:04 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/07/06 03:41:04 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/07/06 03:41:04 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/07/06 03:41:04 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/07/06 03:41:04 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/07/06 03:41:04 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/07/06 03:41:01 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/07/06 03:40:50 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/07/06 03:40:50 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/07/06 03:40:38 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/07/06 03:40:38 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/07/06 03:40:36 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/07/06 03:40:36 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/07/06 03:40:36 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/07/06 03:40:36 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/07/06 03:40:36 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/07/06 03:40:36 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/07/06 03:40:16 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/07/06 03:40:16 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/07/06 03:40:14 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/07/06 03:40:00 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/07/06 03:40:00 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/07/06 03:40:00 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/07/06 03:40:00 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/07/06 03:40:00 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/07/06 03:39:59 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/07/06 03:39:59 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/07/06 03:39:59 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/07/06 03:39:59 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/07/06 03:39:59 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/07/06 03:39:59 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/07/06 03:39:59 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/07/06 03:39:59 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/07/06 03:39:42 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/07/06 03:39:41 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/07/06 03:39:41 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/07/06 03:39:41 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/07/06 03:39:41 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/07/06 03:39:41 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/07/06 03:39:35 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/07/06 03:39:34 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/07/06 03:39:34 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/07/06 03:39:34 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/07/06 03:39:34 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/07/06 03:39:01 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/07/06 03:39:01 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/07/06 03:38:55 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/07/06 03:38:55 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/07/06 03:38:55 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/07/06 03:38:55 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/07/06 03:36:54 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/07/06 03:36:54 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/07/06 03:36:54 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/07/06 03:35:26 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/07/06 03:35:26 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/07/06 03:35:26 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012/07/06 03:35:26 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012/07/06 03:35:26 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/07/06 03:35:26 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/07/06 03:35:14 | 000,027,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/07/06 03:35:12 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/07/06 03:35:12 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/07/06 03:35:12 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/07/06 03:35:12 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/07/06 03:35:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/07/06 03:35:11 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/07/06 03:29:54 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/07/06 03:29:44 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/07/06 03:29:44 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/07/06 03:29:44 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/07/06 03:29:44 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/07/06 03:29:41 | 001,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/07/06 03:29:38 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/07/06 03:29:35 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/07/06 03:29:35 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/07/06 03:29:35 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/07/06 03:29:35 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/07/06 03:29:35 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/07/06 03:29:35 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/07/06 03:29:35 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/07/06 03:29:31 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/07/06 03:29:31 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/07/06 03:29:20 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/07/06 03:29:20 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/07/06 03:29:20 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/07/06 03:29:20 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/07/06 03:29:20 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/07/06 03:29:20 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/07/06 03:29:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/07/06 03:29:20 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/07/06 03:29:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/07/06 03:29:20 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/07/06 03:29:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/07/06 03:29:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/07/06 03:29:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/07/06 03:29:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/07/06 03:29:20 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/07/06 03:29:20 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/07/06 03:29:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/07/06 03:29:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/07/06 03:29:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/07/06 03:29:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/07/06 03:29:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/07/06 03:29:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/07/06 03:29:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/07/06 03:29:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/07/06 03:29:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/07/06 03:29:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/07/06 03:29:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/07/06 03:29:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/07/06 03:29:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/07/06 03:29:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/07/06 03:29:20 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/07/06 03:29:08 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/07/06 03:29:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/07/06 03:29:07 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/07/06 03:29:07 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/07/06 03:26:45 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/07/06 03:26:39 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/07/06 03:26:32 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/07/06 03:26:32 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/07/06 03:26:30 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/07/06 03:26:30 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/07/06 03:25:57 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/07/06 03:25:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/07/06 03:25:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/07/06 03:11:43 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/07/06 03:11:43 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/07/06 03:08:44 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/07/06 03:08:44 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/07/06 03:08:39 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/07/06 03:08:39 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/07/06 03:08:39 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/07/06 03:08:33 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/07/06 03:08:33 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

Flamebo
Novice
Novice

Posts Posts : 24
Joined Joined : 2012-07-29
Gender Gender : Male
OS OS : WIN7 64bit
Protection Protection : ESET Smart Security
Points Points : 16271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Flamebo on 29th July 2012, 10:58 pm


[2012/07/06 02:09:12 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Macromedia
[2012/07/06 02:09:12 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\Macromedia
[2012/07/06 02:09:12 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Adobe
[2012/07/06 02:05:11 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/06 02:05:11 | 000,070,344 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/06 02:05:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/07/06 02:05:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/07/06 01:38:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/07/06 01:38:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/07/06 01:38:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/07/06 01:27:07 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Mozilla
[2012/07/06 01:27:07 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\Mozilla
[2012/07/06 01:24:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012/07/06 01:24:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012/07/06 01:23:59 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2012/07/06 01:23:59 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2012/07/06 01:23:59 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2012/07/06 01:23:59 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2012/07/06 01:23:58 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2012/07/06 01:23:58 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2012/07/06 01:23:58 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2012/07/06 01:23:58 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2012/07/06 01:23:57 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2012/07/06 01:23:57 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2012/07/06 01:23:57 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2012/07/06 01:23:57 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2012/07/06 01:23:57 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2012/07/06 01:23:57 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012/07/06 01:23:57 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2012/07/06 01:23:57 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012/07/06 01:23:57 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2012/07/06 01:23:57 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2012/07/06 01:23:57 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2012/07/06 01:23:57 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2012/07/06 01:23:57 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012/07/06 01:23:57 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2012/07/06 01:23:57 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012/07/06 01:23:57 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012/07/06 01:23:57 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012/07/06 01:23:57 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012/07/06 01:23:56 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2012/07/06 01:23:56 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012/07/06 01:23:56 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012/07/06 01:23:56 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012/07/06 01:23:56 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012/07/06 01:23:56 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2012/07/06 01:23:55 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2012/07/06 01:23:55 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2012/07/06 01:23:55 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2012/07/06 01:23:55 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2012/07/06 01:23:55 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012/07/06 01:23:55 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2012/07/06 01:23:55 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012/07/06 01:23:55 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2012/07/06 01:23:55 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012/07/06 01:23:55 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2012/07/06 01:23:55 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2012/07/06 01:23:55 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012/07/06 01:23:54 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2012/07/06 01:23:54 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012/07/06 01:23:54 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012/07/06 01:23:54 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012/07/06 01:23:54 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2012/07/06 01:23:54 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2012/07/06 01:23:54 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012/07/06 01:23:54 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012/07/06 01:23:54 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2012/07/06 01:23:54 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2012/07/06 01:23:54 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012/07/06 01:23:54 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012/07/06 01:23:54 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2012/07/06 01:23:54 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012/07/06 01:23:53 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012/07/06 01:23:53 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012/07/06 01:23:53 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2012/07/06 01:23:53 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2012/07/06 01:23:53 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012/07/06 01:23:53 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2012/07/06 01:23:53 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012/07/06 01:23:53 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012/07/06 01:23:53 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012/07/06 01:23:53 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012/07/06 01:23:53 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2012/07/06 01:23:53 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2012/07/06 01:23:53 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012/07/06 01:23:53 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012/07/06 01:23:53 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012/07/06 01:23:53 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012/07/06 01:23:53 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012/07/06 01:23:53 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012/07/06 01:23:52 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2012/07/06 01:23:52 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012/07/06 01:23:52 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2012/07/06 01:23:52 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012/07/06 01:23:52 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2012/07/06 01:23:52 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2012/07/06 01:23:52 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012/07/06 01:23:52 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012/07/06 01:23:52 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012/07/06 01:23:52 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2012/07/06 01:23:52 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2012/07/06 01:23:52 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012/07/06 01:23:52 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2012/07/06 01:23:52 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012/07/06 01:23:51 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2012/07/06 01:23:51 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2012/07/06 01:23:51 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2012/07/06 01:23:51 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012/07/06 01:23:51 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2012/07/06 01:23:51 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2012/07/06 01:23:51 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012/07/06 01:23:51 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012/07/06 01:23:51 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012/07/06 01:23:51 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2012/07/06 01:23:51 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2012/07/06 01:23:51 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012/07/06 01:23:50 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2012/07/06 01:23:50 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2012/07/06 01:23:50 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2012/07/06 01:23:50 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012/07/06 01:23:49 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2012/07/06 01:23:49 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012/07/06 01:23:49 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2012/07/06 01:23:49 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012/07/06 01:23:49 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2012/07/06 01:23:49 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012/07/06 01:23:49 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2012/07/06 01:23:49 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2012/07/06 01:23:49 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012/07/06 01:23:49 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012/07/06 01:23:49 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2012/07/06 01:23:49 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012/07/06 01:23:48 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2012/07/06 01:23:48 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2012/07/06 01:23:48 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012/07/06 01:23:48 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012/07/06 01:23:48 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012/07/06 01:23:48 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012/07/06 01:23:48 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2012/07/06 01:23:48 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012/07/06 01:23:48 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2012/07/06 01:23:48 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012/07/06 01:23:48 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2012/07/06 01:23:48 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2012/07/06 01:23:47 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2012/07/06 01:23:47 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012/07/06 01:23:47 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012/07/06 01:23:47 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012/07/06 01:23:47 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2012/07/06 01:23:47 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012/07/06 01:23:47 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2012/07/06 01:23:47 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012/07/06 01:23:47 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2012/07/06 01:23:47 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012/07/06 01:23:46 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012/07/06 01:23:46 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2012/07/06 01:23:46 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012/07/06 01:23:46 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012/07/06 01:23:46 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2012/07/06 01:23:46 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012/07/06 01:23:46 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2012/07/06 01:23:46 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2012/07/06 01:23:46 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2012/07/06 01:23:46 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012/07/06 01:23:46 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012/07/06 01:23:46 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012/07/06 01:23:46 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2012/07/06 01:23:46 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012/07/06 01:23:45 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2012/07/06 01:23:45 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2012/07/06 01:23:45 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2012/07/06 01:23:45 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012/07/06 01:23:45 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012/07/06 01:23:45 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012/07/06 01:23:45 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2012/07/06 01:23:45 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2012/07/06 01:23:45 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012/07/06 01:23:45 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012/07/06 01:23:43 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2012/07/06 01:23:43 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2012/07/06 01:23:43 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2012/07/06 01:23:43 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012/07/06 01:23:43 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2012/07/06 01:23:43 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012/07/06 01:23:43 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2012/07/06 01:23:43 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012/07/06 01:23:42 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2012/07/06 01:23:42 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012/07/06 01:23:41 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2012/07/06 01:23:41 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2012/07/06 01:23:41 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2012/07/06 01:23:41 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2012/07/06 01:23:41 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012/07/06 01:23:41 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012/07/06 01:23:41 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012/07/06 01:23:41 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012/07/06 00:54:15 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Origin
[2012/07/06 00:54:14 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\Origin
[2012/07/06 00:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/07/06 00:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012/07/06 00:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012/07/06 00:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/07/06 00:53:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012/07/05 23:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Roland DG Corporation
[2012/07/05 23:43:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roland CutStudio
[2012/07/05 23:43:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CutStudio
[2012/07/05 23:04:25 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/07/05 22:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Setup Files
[2012/07/05 21:50:30 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Intel Corporation
[2012/07/05 21:44:32 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\WinRAR
[2012/07/05 21:44:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/07/05 21:44:31 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/07/05 21:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2012/07/05 21:43:59 | 000,347,904 | ---- | C] (Compro Technology, Inc.) -- C:\Windows\SysWow64\drivers\U2800vid.sys
[2012/07/05 21:43:59 | 000,015,104 | ---- | C] (Compro Tech.) -- C:\Windows\SysWow64\drivers\VMIR20.sys
[2012/07/05 21:43:58 | 000,409,088 | ---- | C] (Compro Technology, Inc.) -- C:\Windows\SysWow64\drivers\U2800vid64.sys
[2012/07/05 21:43:58 | 000,055,168 | ---- | C] (Compro Tech.) -- C:\Windows\SysWow64\drivers\VMIR64.sys
[2012/07/05 21:43:58 | 000,042,624 | ---- | C] (Compro Tech.) -- C:\Windows\SysWow64\drivers\VMIRXP.sys
[2012/07/05 21:42:30 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\Google
[2012/07/05 21:41:36 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Intel
[2012/07/05 21:41:28 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Roaming
[2012/07/05 21:41:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Roaming
[2012/07/05 21:40:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2012/07/05 21:40:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012/07/05 21:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/07/05 21:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/07/05 21:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2012/07/05 21:40:13 | 001,579,520 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2012/07/05 21:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2012/07/05 21:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012/07/05 21:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NEC Electronics
[2012/07/05 21:36:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NEC Electronics
[2012/07/05 21:35:57 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\Downloaded Installations
[2012/07/05 21:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/07/05 21:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera Recorder
[2012/07/05 21:35:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Camera Recorder
[2012/07/05 21:34:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
[2012/07/05 21:34:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2012/07/05 21:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2012/07/05 21:33:04 | 000,107,624 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2012/07/05 21:32:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012/07/05 21:31:54 | 000,438,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2012/07/05 21:16:27 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\msi
[2012/07/05 21:13:46 | 000,003,584 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysWow64\msiapcfg.dll
[2012/07/05 21:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Control Manager
[2012/07/05 21:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System Control Manager
[2012/07/05 21:13:32 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\InstallShield
[2012/07/05 21:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\msi
[2012/07/05 21:08:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\msi
[2012/07/05 21:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/07/05 21:01:52 | 000,658,536 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe
[2012/07/05 21:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/07/05 20:59:50 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\uTorrent
[2012/07/05 20:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Anticheat 3
[2012/07/05 20:59:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DExUS
[2012/07/05 20:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/07/05 20:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012/07/05 20:58:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012/07/05 20:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012/07/05 20:50:54 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\TeraCopy
[2012/07/05 20:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
[2012/07/05 20:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\TeraCopy
[2012/07/05 20:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[2012/07/05 20:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2012/07/05 18:57:27 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012/07/05 18:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/07/05 18:54:05 | 000,000,000 | ---D | C] -- C:\Intel
[2012/07/05 18:53:48 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012/07/05 18:51:28 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\Documents\My Received Files
[2012/07/05 18:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2012/07/05 18:51:24 | 000,052,736 | ---- | C] (Motorola, Inc.) -- C:\Windows\SysNative\drivers\btmcom.sys
[2012/07/05 18:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth
[2012/07/05 18:51:12 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2012/07/05 18:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/07/05 18:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2012/07/05 18:48:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/07/05 18:48:22 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/07/05 18:48:11 | 002,601,816 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2012/07/05 18:48:11 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/07/05 18:48:11 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012/07/05 18:48:11 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012/07/05 18:48:11 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/07/05 18:48:10 | 002,602,016 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2012/07/05 18:48:10 | 001,959,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2012/07/05 18:48:10 | 001,146,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2012/07/05 18:48:10 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2012/07/05 18:48:10 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2012/07/05 18:48:09 | 001,210,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2012/07/05 18:48:09 | 000,476,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2012/07/05 18:48:09 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/07/05 18:48:09 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/07/05 18:48:09 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/07/05 18:48:09 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/07/05 18:48:09 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/07/05 18:48:09 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/07/05 18:48:09 | 000,070,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2012/07/05 18:48:08 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2012/07/05 18:48:08 | 001,735,000 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2012/07/05 18:48:08 | 000,335,192 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012/07/05 18:48:08 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012/07/05 18:48:08 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012/07/05 18:48:07 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012/07/05 18:48:07 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012/07/05 18:48:07 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012/07/05 18:48:07 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012/07/05 18:48:07 | 000,330,656 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012/07/05 18:48:06 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012/07/05 18:48:06 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012/07/05 18:48:06 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012/07/05 18:48:06 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012/07/05 18:48:06 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012/07/05 18:48:06 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012/07/05 18:48:06 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012/07/05 18:48:06 | 000,122,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012/07/05 18:48:05 | 000,168,288 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2012/07/05 18:48:05 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2012/07/05 18:48:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/07/05 18:48:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012/07/05 18:48:03 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/07/05 18:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/07/05 18:47:56 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012/07/05 18:47:55 | 001,251,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012/07/05 18:47:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/07/05 18:47:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012/07/05 18:47:40 | 000,063,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2012/07/05 18:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012/07/05 18:47:02 | 002,741,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012/07/05 18:47:02 | 001,738,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012/07/05 18:47:02 | 001,468,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco64.dll
[2012/07/05 18:47:02 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012/07/05 18:47:02 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012/07/05 18:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/07/05 18:45:06 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/07/05 13:20:27 | 000,000,000 | R--D | C] -- C:\Users\Adriaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/07/05 13:20:27 | 000,000,000 | R--D | C] -- C:\Users\Adriaan\Searches
[2012/07/05 13:20:27 | 000,000,000 | R--D | C] -- C:\Users\Adriaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/07/05 13:20:27 | 000,000,000 | -H-D | C] -- C:\Users\Adriaan\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/07/05 13:20:19 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Identities
[2012/07/05 13:20:16 | 000,000,000 | R--D | C] -- C:\Users\Adriaan\Contacts
[2012/07/05 13:20:15 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\VirtualStore
[2012/07/05 13:20:10 | 000,000,000 | -HSD | C] -- C:\Users\Adriaan\AppData\Local\Temporary Internet Files
[2012/07/05 13:20:10 | 000,000,000 | -HSD | C] -- C:\Users\Adriaan\Templates
[2012/07/05 13:20:10 | 000,000,000 | -HSD | C] -- C:\Users\Adriaan\Start Menu
[2012/07/05 13:20:10 | 000,000,000 | -HSD | C] -- C:\Users\Adriaan\SendTo
[2012/07/05 13:20:10 | 000,000,000 | -HSD | C] -- C:\Users\Adriaan\Recent
[2012/07/05 13:20:10 | 000,000,000 | -HSD | C] -- C:\Users\Adriaan\PrintHood
[2012/07/05 13:20:10 | 000,000,000 | -HSD | C] -- C:\Users\Adriaan\NetHood
[2012/07/05 13:20:10 | 000,000,000 | -HSD | C] -- C:\Users\Adriaan\Documents\My Videos
[2012/07/05 13:20:10 | 000,000,000 | -HSD | C] -- C:\Users\Adriaan\Documents\My Pictures
[2012/07/05 13:20:10 | 000,000,000 | -HSD | C] -- C:\Users\Adriaan\Documents\My Music
[2012/07/05 13:20:10 | 000,000,000 | -HSD | C] -- C:\Users\Adriaan\My Documents
[2012/07/05 13:20:10 | 000,000,000 | -HSD | C] -- C:\Users\Adriaan\Local Settings
[2012/07/05 13:20:10 | 000,000,000 | -HSD | C] -- C:\Users\Adriaan\AppData\Local\History
[2012/07/05 13:20:10 | 000,000,000 | -HSD | C] -- C:\Users\Adriaan\Cookies
[2012/07/05 13:20:10 | 000,000,000 | -HSD | C] -- C:\Users\Adriaan\Application Data
[2012/07/05 13:20:10 | 000,000,000 | -HSD | C] -- C:\Users\Adriaan\AppData\Local\Application Data
[2012/07/05 13:20:08 | 000,000,000 | --SD | C] -- C:\Users\Adriaan\AppData\Roaming\Microsoft
[2012/07/05 13:20:08 | 000,000,000 | R--D | C] -- C:\Users\Adriaan\Videos
[2012/07/05 13:20:08 | 000,000,000 | R--D | C] -- C:\Users\Adriaan\Saved Games
[2012/07/05 13:20:08 | 000,000,000 | R--D | C] -- C:\Users\Adriaan\Pictures
[2012/07/05 13:20:08 | 000,000,000 | R--D | C] -- C:\Users\Adriaan\Music
[2012/07/05 13:20:08 | 000,000,000 | R--D | C] -- C:\Users\Adriaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/07/05 13:20:08 | 000,000,000 | R--D | C] -- C:\Users\Adriaan\Links
[2012/07/05 13:20:08 | 000,000,000 | R--D | C] -- C:\Users\Adriaan\Favorites
[2012/07/05 13:20:08 | 000,000,000 | R--D | C] -- C:\Users\Adriaan\Downloads
[2012/07/05 13:20:08 | 000,000,000 | R--D | C] -- C:\Users\Adriaan\Documents
[2012/07/05 13:20:08 | 000,000,000 | R--D | C] -- C:\Users\Adriaan\Desktop
[2012/07/05 13:20:08 | 000,000,000 | R--D | C] -- C:\Users\Adriaan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/07/05 13:20:08 | 000,000,000 | -H-D | C] -- C:\Users\Adriaan\AppData
[2012/07/05 13:20:08 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\Temp
[2012/07/05 13:20:08 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Local\Microsoft
[2012/07/05 13:20:08 | 000,000,000 | ---D | C] -- C:\Users\Adriaan\AppData\Roaming\Media Center Programs
[2012/07/05 13:20:04 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/07/05 13:07:54 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/07/05 13:05:38 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/07/05 13:04:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information

Flamebo
Novice
Novice

Posts Posts : 24
Joined Joined : 2012-07-29
Gender Gender : Male
OS OS : WIN7 64bit
Protection Protection : ESET Smart Security
Points Points : 16271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Flamebo on 29th July 2012, 10:59 pm


========== Files - Modified Within 30 Days ==========

[2012/07/30 00:08:49 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Adriaan\Desktop\OTL.exe
[2012/07/30 00:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/29 23:49:15 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) -- C:\Windows\SysNative\drivers\vrtaucbl.sys
[2012/07/29 23:48:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/29 23:23:34 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/07/29 23:23:34 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/29 23:10:48 | 000,001,286 | ---- | M] () -- C:\Users\Adriaan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/29 23:10:48 | 000,001,262 | ---- | M] () -- C:\Users\Adriaan\Desktop\Spybot - Search & Destroy.lnk
[2012/07/29 21:55:34 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/07/29 17:48:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/29 13:57:07 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\AutorunRemover.lnk
[2012/07/29 13:30:48 | 000,022,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 13:30:48 | 000,022,544 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/29 13:08:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/29 13:08:03 | 2132,979,711 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/29 01:21:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/28 19:13:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/28 19:06:47 | 000,002,384 | ---- | M] () -- C:\Users\Adriaan\Desktop\backup reg.reg
[2012/07/28 17:10:39 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\bepxusli.sys
[2012/07/28 17:01:26 | 000,000,987 | ---- | M] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2012/07/28 15:22:10 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\jmvo.sys
[2012/07/27 20:15:31 | 000,662,269 | ---- | M] () -- C:\Users\Adriaan\Desktop\Mugetsu1.jpg
[2012/07/27 17:44:33 | 002,140,196 | ---- | M] () -- C:\Users\Adriaan\Desktop\11269192_xxl.eps.part
[2012/07/27 16:38:14 | 006,533,028 | ---- | M] () -- C:\Users\Adriaan\Desktop\11269198_xxl.eps
[2012/07/27 16:34:27 | 001,545,761 | ---- | M] () -- C:\Users\Adriaan\Desktop\12931219_xxl.eps
[2012/07/27 15:31:58 | 001,364,647 | ---- | M] () -- C:\Users\Adriaan\Desktop\Mugetsu.cdr
[2012/07/27 15:24:55 | 001,382,235 | ---- | M] () -- C:\Users\Adriaan\Desktop\Backup_of_Mugetsu.cdr
[2012/07/27 15:20:14 | 007,035,252 | ---- | M] () -- C:\Users\Adriaan\Desktop\MEME_FiB Saga.jpg
[2012/07/27 14:06:25 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 14:06:25 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/26 19:29:21 | 000,530,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/26 18:49:41 | 006,925,535 | ---- | M] () -- C:\Users\Adriaan\Desktop\MEME_FiB Saga.cdr
[2012/07/26 16:51:51 | 000,077,858 | ---- | M] () -- C:\Users\Adriaan\Desktop\Mugetsu.ai
[2012/07/26 14:41:04 | 000,002,361 | ---- | M] () -- C:\Users\Public\Desktop\Bitstream Font Navigator (64-Bit).lnk
[2012/07/26 14:40:11 | 000,002,343 | ---- | M] () -- C:\Users\Public\Desktop\Corel CONNECT X6 (64-Bit).lnk
[2012/07/26 14:40:08 | 000,002,841 | ---- | M] () -- C:\Users\Public\Desktop\Corel CAPTURE X6 (64-Bit).lnk
[2012/07/26 14:40:03 | 000,002,849 | ---- | M] () -- C:\Users\Public\Desktop\Corel PHOTO-PAINT X6 (64-Bit).lnk
[2012/07/26 14:39:53 | 000,002,833 | ---- | M] () -- C:\Users\Public\Desktop\CorelDRAW X6 (64-Bit).lnk
[2012/07/25 13:24:15 | 012,386,304 | ---- | M] () -- C:\Users\Adriaan\Desktop\01 Peligrosa.mp3
[2012/07/24 23:04:00 | 000,001,993 | ---- | M] () -- C:\Users\Adriaan\Desktop\Silver Sands Poker.lnk
[2012/07/24 18:27:22 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/24 18:05:16 | 033,554,915 | ---- | M] () -- C:\Users\Adriaan\Desktop\soundcloud_feedme_mix.mp3
[2012/07/24 17:59:37 | 000,013,824 | ---- | M] () -- C:\Users\Adriaan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/22 22:32:37 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/17 01:30:39 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk
[2012/07/17 00:41:36 | 000,000,060 | ---- | M] () -- C:\Users\Adriaan\Documents\new.vcf
[2012/07/14 17:29:33 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/07/14 17:25:41 | 001,606,656 | ---- | M] () -- C:\Users\Adriaan\Desktop\SteamInstall.msi
[2012/07/13 15:47:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/07/12 19:51:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01009.Wdf
[2012/07/12 19:48:50 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/07/11 02:07:22 | 000,001,193 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/07/10 21:18:58 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\Universal Anticheat 3.lnk
[2012/07/09 21:27:06 | 000,001,007 | ---- | M] () -- C:\Users\Adriaan\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/07/09 21:27:06 | 000,001,001 | ---- | M] () -- C:\Users\Adriaan\Desktop\Winamp.lnk
[2012/07/09 21:11:02 | 000,001,016 | ---- | M] () -- C:\Users\Adriaan\Application Data\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk
[2012/07/09 15:55:33 | 000,000,971 | ---- | M] () -- C:\Users\Adriaan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/07/09 13:26:28 | 000,000,098 | ---- | M] () -- C:\ProgramData\CameraRecorder.ini
[2012/07/08 18:16:33 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/08 15:41:54 | 000,037,255 | ---- | M] () -- C:\Windows\unins001.dat
[2012/07/08 15:41:40 | 001,174,993 | ---- | M] () -- C:\Windows\unins001.exe
[2012/07/08 15:36:50 | 000,008,141 | ---- | M] () -- C:\Windows\unins000.dat
[2012/07/08 15:36:26 | 001,181,649 | ---- | M] () -- C:\Windows\unins000.exe
[2012/07/06 18:01:58 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/07/06 12:48:45 | 000,005,606 | ---- | M] () -- C:\Windows\SysWow64\Utility.xml
[2012/07/06 12:46:16 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/06 12:46:16 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/06 12:46:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/06 04:19:46 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/07/06 04:19:46 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/07/06 04:19:46 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/07/06 04:19:46 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/07/06 04:19:46 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/07/06 04:19:46 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/07/06 04:19:46 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/07/06 04:19:46 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/07/06 04:19:46 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/07/06 04:19:46 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/07/06 04:19:46 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/07/06 04:19:46 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/07/06 04:19:46 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/07/06 04:19:46 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/07/06 04:19:46 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/07/06 04:19:46 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/07/06 04:19:46 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/07/06 04:19:46 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/07/06 04:19:46 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/07/06 04:19:46 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/07/06 04:19:46 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/07/06 04:19:46 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/07/06 04:19:46 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/07/06 04:19:46 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/07/06 04:19:46 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/07/06 04:19:46 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/07/06 04:19:46 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/07/06 04:19:46 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/07/06 04:19:46 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/07/06 04:19:46 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/07/06 04:19:46 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/07/06 04:19:46 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/07/06 04:19:46 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/07/06 04:19:46 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/07/06 04:19:46 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/07/06 04:19:46 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/07/06 04:19:46 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/07/06 04:19:46 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/07/06 04:19:46 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/07/06 04:19:46 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/07/06 04:19:46 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/07/06 04:19:46 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/07/06 04:19:46 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/07/06 04:19:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/06 04:19:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/07/06 04:19:46 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/07/06 04:19:46 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/07/06 04:19:46 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/07/06 04:19:46 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/07/06 04:19:46 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/07/06 04:19:46 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/07/06 04:19:46 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/07/06 04:19:46 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/07/06 04:19:46 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/07/06 04:19:46 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/07/06 04:19:46 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/07/06 04:19:46 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/07/06 04:19:46 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/07/06 04:19:46 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/07/05 21:35:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/07/05 20:40:19 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/07/05 13:07:58 | 000,116,385 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/07/05 13:07:58 | 000,116,385 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/29 23:10:48 | 000,001,286 | ---- | C] () -- C:\Users\Adriaan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/07/29 23:10:48 | 000,001,262 | ---- | C] () -- C:\Users\Adriaan\Desktop\Spybot - Search & Destroy.lnk
[2012/07/29 13:57:07 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\AutorunRemover.lnk
[2012/07/29 01:21:45 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/28 19:13:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/07/28 19:06:47 | 000,002,384 | ---- | C] () -- C:\Users\Adriaan\Desktop\backup reg.reg
[2012/07/28 17:10:39 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\bepxusli.sys
[2012/07/28 17:01:26 | 000,000,987 | ---- | C] () -- C:\Users\Public\Desktop\Autorun Eater.lnk
[2012/07/28 15:22:10 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\jmvo.sys
[2012/07/27 20:15:31 | 000,662,269 | ---- | C] () -- C:\Users\Adriaan\Desktop\Mugetsu1.jpg
[2012/07/27 16:34:27 | 001,545,761 | ---- | C] () -- C:\Users\Adriaan\Desktop\12931219_xxl.eps
[2012/07/27 16:33:57 | 006,533,028 | ---- | C] () -- C:\Users\Adriaan\Desktop\11269198_xxl.eps
[2012/07/27 16:33:50 | 002,140,196 | ---- | C] () -- C:\Users\Adriaan\Desktop\11269192_xxl.eps.part
[2012/07/27 15:20:10 | 007,035,252 | ---- | C] () -- C:\Users\Adriaan\Desktop\MEME_FiB Saga.jpg
[2012/07/26 18:49:37 | 006,925,535 | ---- | C] () -- C:\Users\Adriaan\Desktop\MEME_FiB Saga.cdr
[2012/07/26 16:51:51 | 000,077,858 | ---- | C] () -- C:\Users\Adriaan\Desktop\Mugetsu.ai
[2012/07/26 16:12:31 | 001,382,235 | ---- | C] () -- C:\Users\Adriaan\Desktop\Backup_of_Mugetsu.cdr
[2012/07/26 16:12:31 | 001,364,647 | ---- | C] () -- C:\Users\Adriaan\Desktop\Mugetsu.cdr
[2012/07/26 14:43:40 | 000,002,849 | ---- | C] () -- C:\Users\Public\Desktop\Corel PHOTO-PAINT X6 (64-Bit).lnk
[2012/07/26 14:43:40 | 000,002,841 | ---- | C] () -- C:\Users\Public\Desktop\Corel CAPTURE X6 (64-Bit).lnk
[2012/07/26 14:43:40 | 000,002,833 | ---- | C] () -- C:\Users\Public\Desktop\CorelDRAW X6 (64-Bit).lnk
[2012/07/26 14:43:40 | 000,002,361 | ---- | C] () -- C:\Users\Public\Desktop\Bitstream Font Navigator (64-Bit).lnk
[2012/07/26 14:43:40 | 000,002,343 | ---- | C] () -- C:\Users\Public\Desktop\Corel CONNECT X6 (64-Bit).lnk
[2012/07/25 12:48:24 | 012,386,304 | ---- | C] () -- C:\Users\Adriaan\Desktop\01 Peligrosa.mp3
[2012/07/24 23:06:52 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/24 23:04:00 | 000,001,993 | ---- | C] () -- C:\Users\Adriaan\Desktop\Silver Sands Poker.lnk
[2012/07/24 18:27:22 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2012/07/24 18:00:28 | 033,554,915 | ---- | C] () -- C:\Users\Adriaan\Desktop\soundcloud_feedme_mix.mp3
[2012/07/24 17:01:45 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/24 17:01:45 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/22 22:32:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/22 22:32:37 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/17 01:30:39 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\LibreOffice 3.5.lnk
[2012/07/17 00:41:36 | 000,000,060 | ---- | C] () -- C:\Users\Adriaan\Documents\new.vcf
[2012/07/14 17:29:33 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/07/14 17:25:10 | 001,606,656 | ---- | C] () -- C:\Users\Adriaan\Desktop\SteamInstall.msi
[2012/07/13 15:47:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2012/07/12 19:52:21 | 000,013,824 | ---- | C] () -- C:\Users\Adriaan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/12 19:51:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_RimUsb_AMD64_01009.Wdf
[2012/07/12 19:48:50 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
[2012/07/11 01:00:17 | 000,001,193 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012/07/10 21:18:58 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\Universal Anticheat 3.lnk
[2012/07/10 18:04:04 | 1482,525,610 | ---- | C] () -- C:\Users\Adriaan\Desktop\21 Jump Street 2012 R5 NEW LiNE XViD - INSPiRAL.avi
[2012/07/09 21:27:06 | 000,001,007 | ---- | C] () -- C:\Users\Adriaan\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2012/07/09 21:27:06 | 000,001,001 | ---- | C] () -- C:\Users\Adriaan\Desktop\Winamp.lnk
[2012/07/09 21:11:02 | 000,001,016 | ---- | C] () -- C:\Users\Adriaan\Application Data\Microsoft\Internet Explorer\Quick Launch\Bandicam.lnk
[2012/07/09 12:53:48 | 000,000,098 | ---- | C] () -- C:\ProgramData\CameraRecorder.ini
[2012/07/08 17:24:03 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012/07/08 15:41:48 | 001,174,993 | ---- | C] () -- C:\Windows\unins001.exe
[2012/07/08 15:41:48 | 000,037,255 | ---- | C] () -- C:\Windows\unins001.dat
[2012/07/08 15:36:31 | 001,181,649 | ---- | C] () -- C:\Windows\unins000.exe
[2012/07/08 15:36:31 | 000,025,600 | ---- | C] ( ) -- C:\Windows\SysNative\drivers\CORSGKB.sys
[2012/07/08 15:36:31 | 000,008,141 | ---- | C] () -- C:\Windows\unins000.dat
[2012/07/06 18:01:58 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/07/06 04:19:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/07/06 04:19:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/07/06 01:38:52 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/07/06 01:24:15 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/06 01:24:15 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012/07/06 01:24:14 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/06 00:16:41 | 000,005,606 | ---- | C] () -- C:\Windows\SysWow64\Utility.xml
[2012/07/05 21:43:58 | 000,118,784 | ---- | C] () -- C:\Windows\SysWow64\VendorCmdRW.dll
[2012/07/05 21:43:58 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\remove.dll
[2012/07/05 21:40:13 | 000,356,795 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2012/07/05 21:40:13 | 000,058,488 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2012/07/05 21:35:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/07/05 21:31:25 | 000,002,625 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI NVIDIA Overclock.lnk
[2012/07/05 21:13:46 | 000,012,288 | ---- | C] () -- C:\Windows\MSIECO
[2012/07/05 21:00:29 | 000,000,971 | ---- | C] () -- C:\Users\Adriaan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/07/05 20:40:19 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/07/05 18:48:13 | 000,000,176 | ---- | C] () -- C:\Windows\SysNative\drivers\RTHDAEQ0.dat
[2012/07/05 18:47:02 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012/07/05 13:20:08 | 000,000,290 | ---- | C] () -- C:\Users\Adriaan\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/07/05 13:20:08 | 000,000,272 | ---- | C] () -- C:\Users\Adriaan\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/07/05 13:07:46 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/07/05 13:07:36 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/07/05 13:04:58 | 2132,979,711 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/09/19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

========== Custom Scans ==========

< %APPDATA%\Microsoft\*.* >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/07/30 00:08:49 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Adriaan\Desktop\OTL.exe
[2006/02/12 17:09:50 | 000,635,392 | ---- | M] (Praying-Mantis Productions) -- C:\Users\Adriaan\Desktop\shutdown.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2012/07/18 11:11:33 | 000,117,728 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
[2012/07/18 11:11:33 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2012/07/18 11:11:33 | 000,113,120 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
[2012/07/18 11:11:33 | 000,157,608 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
[2012/07/18 11:11:33 | 000,016,864 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
[2012/07/18 11:11:32 | 000,265,184 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2012/07/17 01:21:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ABC Amber vCard Converter
[2012/07/22 22:32:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2012/07/05 21:40:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Atheros
[2012/07/28 17:01:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Autorun Eater
[2012/07/29 13:57:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AutorunRemover
[2012/07/09 21:11:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bandicam
[2012/07/09 21:11:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BandiMPEG1
[2012/07/08 16:59:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Battlelog Web Plugins
[2012/07/05 21:35:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Camera Recorder
[2012/07/05 21:40:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2012/07/13 15:42:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ClockworkMod
[2012/07/29 00:53:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2012/07/08 15:41:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\corsair
[2012/07/05 23:43:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CutStudio
[2012/07/05 20:59:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DExUS
[2012/07/11 02:08:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Diablo III
[2012/07/24 18:27:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2012/07/26 14:41:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\gs
[2012/07/28 16:04:24 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/07/05 21:32:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2012/07/28 20:16:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/07/17 00:24:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Isaac Software
[2012/07/17 01:30:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LibreOffice 3.5
[2012/07/29 01:21:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/13 00:47:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MarkAny
[2012/07/26 14:41:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SDKs
[2012/07/26 14:42:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2012/07/26 14:41:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2012/07/18 11:11:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2012/07/19 12:14:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2009/07/14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2012/07/05 22:16:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\msi
[2012/07/05 21:36:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NEC Electronics
[2012/07/08 17:41:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/07/10 01:40:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/07/06 01:07:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Origin
[2012/07/06 01:12:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Origin Games
[2012/07/05 20:42:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Razer
[2012/07/06 18:59:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2012/07/05 21:34:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Renesas Electronics
[2012/07/12 19:48:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Research In Motion
[2012/07/16 23:09:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Research In Motion Limited
[2012/07/28 16:04:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
[2012/07/06 18:20:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Setup Files
[2012/07/24 23:04:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Silver Sands Poker
[2012/07/09 13:41:42 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2012/07/29 23:20:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/29 23:33:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2012/07/17 00:30:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SweetIM
[2012/07/05 21:13:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\System Control Manager
[2012/07/26 12:57:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tactical Coders
[2012/07/05 18:49:11 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2009/07/14 06:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2012/07/09 15:55:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2012/07/05 20:59:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2012/07/09 21:27:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Winamp
[2012/07/09 21:27:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Winamp Detect
[2010/11/21 09:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010/11/21 09:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2010/11/21 09:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2010/11/21 09:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2010/11/21 05:31:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2010/11/21 09:06:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar

< MD5 for: EXPLORER.EXE >
[2011/02/26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: NETLOGON.DLL >
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: SERVICES.EXE >
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< hklm\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/07/18 11:11:32 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/07/18 11:11:32 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/07/18 11:11:32 | 000,865,776 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/07/18 11:11:33 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/07/18 11:11:33 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/07/18 11:11:33 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/07/10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/07/18 11:11:32 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/07/18 11:11:32 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/07/18 11:11:32 | 000,865,776 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/07/18 11:11:33 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/07/18 11:11:33 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/07/18 11:11:33 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/07/10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/07/10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/07/10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/07/10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.)

< hkcu\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >

< hklm\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >

< End of report >

Flamebo
Novice
Novice

Posts Posts : 24
Joined Joined : 2012-07-29
Gender Gender : Male
OS OS : WIN7 64bit
Protection Protection : ESET Smart Security
Points Points : 16271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Flamebo on 29th July 2012, 11:00 pm

OTL Extras logfile created on: 2012/07/30 12:40:03 AM - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Adriaan\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001c09 | Country: South Africa | Language: ENS | Date Format: yyyy/MM/dd

7.98 Gb Total Physical Memory | 5.59 Gb Available Physical Memory | 70.07% Memory free
15.96 Gb Paging File | 13.79 Gb Available in Paging File | 86.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 318.02 Gb Free Space | 70.10% Space Free | Partition Type: NTFS
Drive D: | 23.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 698.63 Gb Total Space | 152.43 Gb Free Space | 21.82% Space Free | Partition Type: NTFS

Computer Name: FLAMEBO | User Name: Adriaan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06D0BF8C-70A3-43F3-984E-A6AD0967D28B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0930A7E5-43BB-4AEA-9954-9A1F83642C20}" = rport=139 | protocol=6 | dir=out | app=system |
"{17999576-7166-428D-A5E9-DB53B959868F}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{1B4DF7D1-9A41-4A43-9594-F92DA9C60B6C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1B4F81C9-FD84-4721-B168-41D29125186A}" = lport=445 | protocol=6 | dir=in | app=system |
"{2D232D6D-24A4-4094-9FAF-AD0E5AB484F0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{49356483-9C88-4491-8117-A4E920D364FA}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A9880D1-F690-463E-A6C8-5A1FCE1A356F}" = lport=139 | protocol=6 | dir=in | app=system |
"{4C399F15-0ED9-4CFC-BB8A-F36C684CA0A3}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{51DC8FA1-BA7F-499D-B2BB-B2D2D908475F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{609EC661-1DB1-4915-BA9A-BA7A16F135F1}" = lport=137 | protocol=17 | dir=in | app=system |
"{6281DC9E-9929-4D40-A9AC-D24B8AA08B9D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{640324F5-EB98-45CB-8F2C-2FEC8578BAF2}" = lport=138 | protocol=17 | dir=in | app=system |
"{6D4BF6BF-050B-450A-A63B-E52852581858}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6E881896-41AA-4A2E-A7B4-8DDEF85C60E8}" = lport=20102 | protocol=6 | dir=in | name=allshare udp port |
"{86834795-6464-46A1-922E-523E0F260BDE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{871D7C86-0EA6-4619-8636-DD18EEA73BA0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{95C51008-5514-4E46-969E-403D4CA242E1}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{99E949B8-8A7D-4682-BD35-46DA5B8216F7}" = lport=7878 | protocol=6 | dir=in | name=allshare tcp port |
"{9B18509B-EDAA-4A8A-B2C4-530669EA06EF}" = rport=445 | protocol=6 | dir=out | app=system |
"{9D7AC4D7-6F17-41BB-BD1B-CD301BA244DB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A13C25A3-FB27-4A08-9086-E04946B33A0E}" = rport=138 | protocol=17 | dir=out | app=system |
"{C00BA74F-C397-4D00-9121-2E49C939DACC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6B2727D-C37C-41D6-95DB-3C2F7A6E5554}" = lport=1900 | protocol=6 | dir=in | name=allshare multicast port |
"{C928497D-6FD9-4168-B6BA-583E55ED99AB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D583A942-76FA-4CEB-97C8-B3AA360FA9D4}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F3E2639F-4E9A-4CBE-929D-F00DD1D2B00F}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{FC8D1F34-32E3-4D83-8318-7355624DCF9F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023D968F-3AB9-4B1F-A912-8E8D6B6F5E2A}" = protocol=17 | dir=in | app=c:\program files\samsung\allshare control\allshare control pc.exe |
"{02533220-1FF5-4154-8E7A-A582740AB92D}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{055ED4D0-EE0A-40D2-B0DB-DF4A55DD9411}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{0710BE0B-B6C3-48FE-9150-95995FAF60D8}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{076C126C-F4D5-439F-8A95-FC8A985A0784}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{0B6DB1EE-EB71-47A4-BC1E-70FACB53A4F7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0BC2AA7D-6F1B-48BC-9B42-D11C79EFE05C}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe |
"{124F67FF-6161-4140-A023-C34436132105}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{13FC3A27-C47C-407C-83D2-0B4153F39D23}" = protocol=6 | dir=in | app=c:\program files (x86)\clockworkmod\tether\win32\node.exe |
"{1A4BEDD4-50DE-4990-A080-F23CD4B9033A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1B1CCD68-2C7B-4D64-B5EC-F8187D901393}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2C9D1D1F-9496-446D-BF52-5AAEE85D73BB}" = protocol=6 | dir=in | app=c:\program files (x86)\clockworkmod\tether\win32\node.exe |
"{2E2EFDC3-B88C-41CD-8AD6-0E83C4827FD8}" = protocol=17 | dir=in | app=c:\program files (x86)\clockworkmod\tether\win32\node.exe |
"{302492BF-3370-41F3-A8DC-8DE39CB0633A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{30B93B70-6CB9-411C-859E-711A716059CD}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{3375120E-35D8-4E46-A98C-60DDA80CE523}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3EA41F58-7E42-4FAC-95A4-1AE279FC27D0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{429302AE-F680-462F-9B60-33D189C57CEF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{43388F77-2450-41E1-A013-7152D644DE4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{45ADB505-085B-4EF6-A46D-3F22A30440C8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{4C72DD8C-114A-4CC8-9582-0CE12F30F479}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4DE9DFA2-97C4-468D-B36A-FB3EF271CCC3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{4F984446-3369-4DEA-B77D-95EE5DDDF9AD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4FE4F332-97DE-49B2-A11C-378BDF14FFAB}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{50946248-91B1-4F86-A2D2-E32D00450841}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5259BFFC-D06A-4CE8-BD70-A73C0FEFEC6B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{53E4526D-2D23-488F-A694-1B5671D24D1A}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{5B8D1EE6-FA68-4BD1-AABE-780B23039F85}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{5BCDEADE-13AE-41AF-9298-8717BBA91D09}" = protocol=17 | dir=in | app=c:\program files (x86)\clockworkmod\tether\win32\node.exe |
"{5D9BAE5E-6B66-4F96-B0A1-0E21BE99F2A1}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe |
"{6045CF06-887E-4A37-880A-25F2A43542AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{677AA08A-6EFB-4CE1-B55D-FF0CDC5A133B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68003F5B-8200-4EC0-AA84-AEC76706CADE}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{686E4AA7-DA5A-4E74-ABB6-BE75337F7A38}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6D2C9184-1037-487A-88D6-5D8DF19438E5}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{77DD0A19-02A9-4EC8-83A7-6E8543CE6FFA}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{7F025D96-A127-4487-B23C-743270E4A24D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{7FA414E4-6E1C-47E7-91B3-9A00F3F6817D}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe |
"{85DE2578-E8A8-4971-A2C7-41C4F6909351}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{86291CBD-578E-4BE8-87CC-738BAC843105}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{8833DBC0-036E-4D6E-B9E6-D3663CCBFBFE}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{89FA6718-E5C4-4B0C-9EBF-23C2161FBDA0}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{8E625008-8FB5-431E-9250-18297C6C2C52}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{8EB5667B-795D-432C-8D4F-8ADFCA255E04}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{90542B72-F65A-4A2A-9850-9AB94EC88538}" = protocol=6 | dir=in | app=c:\program files\samsung\allshare control\allshare control pc.exe |
"{90A7DE39-49BF-41D7-ABE9-92FCCDA6211C}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe |
"{93845D65-5F3A-43F8-A2E9-51BCCB70F2C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9634EC81-4A85-47B9-81DA-A17E8430B298}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{97AF9255-48C0-4F6A-96D3-98EAEBA526F0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{9AC90526-0F78-45BA-89FE-0B50A62FFBED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A4D1DE4E-655F-46EA-9163-493E8EEC5885}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{A999061F-D87E-44A9-AE52-62705DAE77EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AAECC765-7AD0-40F8-A965-878CB289E52A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B26DB7A9-60A8-435F-9F6E-2AC4B1A9ED6E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{B5FE997B-EED9-4347-9EA8-E83947563836}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BD690E23-604B-47A7-82FD-08A789CAA9E5}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe |
"{C09FEF02-B6EA-4350-AA68-0B782D8611D8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C1ED5286-9505-4CE9-8CED-4C0973B41E06}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C3CB1DF9-D0E2-4619-B0D6-BBE40F4EDFFF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{CE90D181-4423-4BB7-87C3-5DE7BF9FCE52}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{D290B686-C859-41B8-B765-C7EE134A93B6}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{D4380DFE-D5BC-449B-BFF4-970F8ABCFA8D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8A72411-F41D-4879-BD6D-2237F94FB72E}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{DBCB160B-19D5-4654-A9BA-1D684CDA4F19}" = protocol=6 | dir=out | app=system |
"{DC09BA5B-76E7-44CC-894B-D521E39B1076}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{DCD4755A-63E3-405E-8380-919A5066F274}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{E5734866-E343-4DB8-A452-8BD6777F8A68}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{ED290092-BF5A-49EA-B389-982F9158BE59}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"TCP Query User{B3A9F7B7-F30E-4E63-BD77-FA5B1188E800}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{5A6551FF-5DF5-4D76-9CD2-42E7DD5A165B}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |

Flamebo
Novice
Novice

Posts Posts : 24
Joined Joined : 2012-07-29
Gender Gender : Male
OS OS : WIN7 64bit
Protection Protection : ESET Smart Security
Points Points : 16271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Flamebo on 29th July 2012, 11:02 pm



========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 (64-Bit)
"_{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}" = Corel Graphics - Windows Shell Extension
"{10762393-1B90-4AC2-AF1A-4C0C04AE303F}" = CorelDRAW Graphics Suite X6 - VBA (x64)
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel(R) PROSet/Wireless WiFi Software
"{1967EF95-E00B-4669-8B1C-A589BE8BF24F}" = CorelDRAW Graphics Suite X6 - Capture (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E3A578C-0A7D-4820-990F-B7545C0B2303}" = CorelDRAW Graphics Suite X6 - VSTA (x64)
"{27AE72A4-B217-4CDC-B82B-3311E9D7460E}" = CorelDRAW Graphics Suite X6 - Draw (x64)
"{2C72B5E4-AA34-4F1A-8C7E-468530F9F6A3}" = CorelDRAW Graphics Suite X6 - Photozoom Plugin (x64)
"{35869A6C-BA31-4F23-B52D-BC1B1E41EC1B}" = CorelDRAW Graphics Suite X6 - Common (x64)
"{3933C06C-8239-432B-87FC-F2BDC5B49A10}" = CorelDRAW Graphics Suite X6 - FontNav (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6099F026-0A98-4D40-9B3D-ED2123A8CBD0}" = CorelDRAW Graphics Suite X6 - Redist (x64)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{7386B5FA-8715-481D-821F-7785110506DF}" = CorelDRAW Graphics Suite X6 - Custom Data (x64)
"{79899C6B-E315-4A3F-8904-02DEAB8D660D}" = Corel Graphics - Windows Shell Extension 32 Bit
"{7B79AE44-9B76-4815-84E5-ACAC3F0F0278}" = CorelDRAW Graphics Suite X6 - VideoBrowser (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120064-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x64)
"{90F60409-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) English
"{96AAAB95-AEBE-437A-B7CA-37C7BE13FFE9}" = CorelDRAW Graphics Suite X6 - Connect (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6DF7031-2843-44FD-9CAB-DECAB4257456}" = CorelDRAW Graphics Suite X6 - IPM
"{BB65D262-3EBC-4F10-89D9-67A320E94EAA}" = CorelDRAW Graphics Suite X6 - EN (x64)
"{BDBFAC49-8877-472F-876B-75ADB7DBC955}" = CorelDRAW Graphics Suite X6 - Setup Files (x64)
"{CCE7423E-1D84-4CD3-9E32-220EC9358D97}" = CorelDRAW Graphics Suite X6 (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D7C2687D-924E-4485-B367-C7D95CBF8DDD}" = CorelDRAW Graphics Suite X6 - PHOTO-PAINT (x64)
"{DDE82E3D-20C4-48E1-AE1D-B1F10E42CA44}" = CorelDRAW Graphics Suite X6 - Writing Tools (x64)
"{E699230D-4B5E-411E-9F45-FF50789B18DD}" = CorelDRAW Graphics Suite X6 - Filters (x64)
"{EBDC2D0D-1E26-4EF2-BB48-C7E18F7800C6}" = Corel Graphics - Windows Shell Extension
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7274D82-C857-4C20-AB1A-D701D64BFD90}" = ESET Smart Security
"7F973C87231D745EBF31E772CC38BB9B185D3819" = Windows Driver Package - ENE (EUCR) USB (12/04/2009 5.89.0.64)
"8426FCB8FBFE7DD936977F568A58E018229E5BC1" = ENE USB Card Reader Driver
"Logitech Gaming Software" = Logitech Gaming Software 8.30
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Motorola Bluetooth_is1" = Motorola Bluetooth
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeraCopy_is1" = TeraCopy 2.27
"Virtual Audio Cable 4.10" = Virtual Audio Cable 4.10
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}" = Ghostscript GPL 8.64 (Msi Setup)
"{07309579-6D30-4769-A5D2-A8B0DCBDD59A}_is1" = Corsair K90 Firmware Update Application
"{1DDCBC8D-62FD-484E-9CAC-F05D7D51D93B}" = Roland CAMM-1 DRIVER [GX-24]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2185FA57-3EF4-434A-8D59-7063B11FA3C7}" = BlackBerry App World Browser Plugin
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{34B61214-F4D3-4449-A918-F52A36FB2F71}" = msi LED Manager
"{3BDDA587-7CDE-430C-90A4-E2C4E48D3AE9}" = Camera Recorder
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{70EEDC1E-B99B-45ED-AC56-3E8F5CA09462}" = NVIDIA Overclock Tool
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{774C0434-9948-4DEE-A14E-69CDD316E36C}" = Internet Explorer Toolbar 4.6 by SweetPacks
"{87DF5956-A327-4304-8338-8E2B0AAB843E}" = BlackBerry Desktop Software 6.0.2
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{99BEB67F-B288-44F5-8B2A-23F5A52FA1AE}_is1" = Universal AntiCheat 3 v1.067 R2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EBCE8AD-F2BA-41C3-8685-C5D8D4ADEF3F}" = U2800/U895/IR20/IR25 Driver
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB84E88F-89CA-4002-A6F4-422C2C8CB1F8}" = CutStudio
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B0EA703B-4F38-4C44-AAAA-424DFCD776E5}" = Roland CAMM-1 DRIVER [GX-640]
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C05905B9-775A-4894-A4DF-B57C15250958}" = Razer Imperator
"{CBDF64A5-44E0-4ECF-B5B3-FE8EF961CF13}" = LockIndicator
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E87D1F6D-954D-4BB4-B49D-D394EB460A09}_is1" = Corsair K90 Gaming Keyboard Driver V1.0
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EF790F1C-CB0C-4B95-8C54-60783F3B6661}" = LibreOffice 3.5
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Autorun Eater_is1" = Autorun Eater v2.6
"Autorun Virus Remover_is1" = Autorun Virus Remover 3.1
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for A2" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.2
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA.Updatus" = NVIDIA Updatus
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Silver Sands Poker_is1" = Silver Sands Poker Version 2.1.0.13
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 570" = Dota 2
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"Winamp" = Winamp

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2012/07/28 02:15:21 PM | Computer Name = FLAMEBO | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files (x86)\STOPzilla!\STOPzilla.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 2012/07/28 02:17:10 PM | Computer Name = FLAMEBO | Source = WinMgmt | ID = 10
Description =

Error - 2012/07/28 02:21:21 PM | Computer Name = FLAMEBO | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

Error - 2012/07/28 06:52:32 PM | Computer Name = FLAMEBO | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

Error - 2012/07/28 07:20:52 PM | Computer Name = FLAMEBO | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 2012/07/29 07:08:18 AM | Computer Name = FLAMEBO | Source = WinMgmt | ID = 10
Description =

Error - 2012/07/29 07:12:30 AM | Computer Name = FLAMEBO | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

Error - 2012/07/29 07:28:13 AM | Computer Name = FLAMEBO | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

Error - 2012/07/29 08:59:00 AM | Computer Name = FLAMEBO | Source = Application Hang | ID = 1002
Description = The program winamp.exe version 5.6.3.3235 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 3b8 Start
Time: 01cd6d89df1558b0 Termination Time: 10 Application Path: C:\Program Files (x86)\Winamp\winamp.exe

Report
Id: 279a235c-d97d-11e1-983c-d6ef0c90e28b

Error - 2012/07/29 02:50:25 PM | Computer Name = FLAMEBO | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 2012/07/28 09:42:44 AM | Computer Name = FLAMEBO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
apugyvt

Error - 2012/07/28 09:44:47 AM | Computer Name = FLAMEBO | Source = bowser | ID = 8003
Description =

Error - 2012/07/28 01:27:24 PM | Computer Name = FLAMEBO | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1
time(s).

Error - 2012/07/28 01:59:29 PM | Computer Name = FLAMEBO | Source = bowser | ID = 8003
Description =

Error - 2012/07/28 02:15:58 PM | Computer Name = FLAMEBO | Source = DCOM | ID = 10010
Description =

Error - 2012/07/28 02:17:13 PM | Computer Name = FLAMEBO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
apugyvt dqjnh

Error - 2012/07/28 04:36:36 PM | Computer Name = FLAMEBO | Source = bowser | ID = 8003
Description =

Error - 2012/07/29 05:04:31 AM | Computer Name = FLAMEBO | Source = bowser | ID = 8003
Description =

Error - 2012/07/29 07:08:23 AM | Computer Name = FLAMEBO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
apugyvt dqjnh

Error - 2012/07/29 11:35:24 AM | Computer Name = FLAMEBO | Source = bowser | ID = 8003
Description =


< End of report >

Flamebo
Novice
Novice

Posts Posts : 24
Joined Joined : 2012-07-29
Gender Gender : Male
OS OS : WIN7 64bit
Protection Protection : ESET Smart Security
Points Points : 16271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Flamebo on 29th July 2012, 11:05 pm

2012/07/10 01:42:04 AM Real-time file system protection file F:\Autorun.inf INF/Autorun worm cleaned by deleting - quarantined FLAMEBO\Adriaan Event occurred on a new file created by the application: C:\Users\Adriaan\AppData\Roaming\lsass.exe.

That is the first record in ESET of this virus.

Flamebo
Novice
Novice

Posts Posts : 24
Joined Joined : 2012-07-29
Gender Gender : Male
OS OS : WIN7 64bit
Protection Protection : ESET Smart Security
Points Points : 16271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Gabethebabe on 30th July 2012, 7:39 am

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:
:files

:otl
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={FA7F4A78-33A6-420B-B14E-8D7413D9BEDB}&mid=aa784d0e728a4a1094bc2a4eb3989040-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=pl011&pr=sa&d=2012-07-17 01:19:46&v=11.1.0.12&sap=dsp&q={searchTerms}
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

:commands
[reboot]
  • CAREFUL NOW! You must click the Run Fix button, NOT the Run Scan!
  • If it asks to reboot the computer, please allow that.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

Analysis of a suspicious file.
  • Please go to the Virustotal website by clicking [You must be registered and logged in to see this link.]
  • Click the Choose File button and in the Name field paste:
    C:\Windows\SysWOW64\drivers\bepxusli.sys
  • Click Open and click Scan It!
  • If Virustotal informs you that "File already analysed", click Reanalyse
  • An analysis report will appear. Copy and paste the url (something like [You must be registered and logged in to see this link.] into your next reply.


Repeat the above procedure for this file:
C:\Windows\SysWOW64\drivers\jmvo.sys
====================

  • Download TDSSKiller by Kaspersky from [You must be registered and logged in to see this link.] and save it to your desktop
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
  • The report can also be found in the root of your Windows drive (most likely C:\).


Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Flamebo on 30th July 2012, 2:26 pm

[You must be registered and logged in to see this link.]


[You must be registered and logged in to see this link.]

Flamebo
Novice
Novice

Posts Posts : 24
Joined Joined : 2012-07-29
Gender Gender : Male
OS OS : WIN7 64bit
Protection Protection : ESET Smart Security
Points Points : 16271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Flamebo on 30th July 2012, 2:27 pm

16:25:05.0218 0444 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
16:25:06.0288 0444 ============================================================
16:25:06.0288 0444 Current date / time: 2012/07/30 16:25:06.0288
16:25:06.0288 0444 SystemInfo:
16:25:06.0288 0444
16:25:06.0288 0444 OS Version: 6.1.7601 ServicePack: 1.0
16:25:06.0288 0444 Product type: Workstation
16:25:06.0288 0444 ComputerName: FLAMEBO
16:25:06.0288 0444 UserName: Adriaan
16:25:06.0288 0444 Windows directory: C:\Windows
16:25:06.0288 0444 System windows directory: C:\Windows
16:25:06.0288 0444 Running under WOW64
16:25:06.0288 0444 Processor architecture: Intel x64
16:25:06.0288 0444 Number of processors: 8
16:25:06.0288 0444 Page size: 0x1000
16:25:06.0288 0444 Boot type: Normal boot
16:25:06.0288 0444 ============================================================
16:25:06.0804 0444 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:25:07.0132 0444 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:25:07.0210 0444 ============================================================
16:25:07.0210 0444 \Device\Harddisk0\DR0:
16:25:07.0210 0444 MBR partitions:
16:25:07.0210 0444 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x38B53000
16:25:07.0210 0444 \Device\Harddisk1\DR1:
16:25:07.0210 0444 MBR partitions:
16:25:07.0210 0444 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x57545000
16:25:07.0210 0444 ============================================================
16:25:07.0225 0444 C: <-> \Device\Harddisk0\DR0\Partition0
16:25:07.0241 0444 E: <-> \Device\Harddisk1\DR1\Partition0
16:25:07.0241 0444 ============================================================
16:25:07.0241 0444 Initialize success
16:25:07.0241 0444 ============================================================
16:25:10.0096 0824 ============================================================
16:25:10.0096 0824 Scan started
16:25:10.0096 0824 Mode: Manual;
16:25:10.0096 0824 ============================================================
16:25:10.0501 0824 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:25:10.0564 0824 1394ohci - ok
16:25:10.0595 0824 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:25:10.0611 0824 ACPI - ok
16:25:10.0611 0824 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:25:10.0642 0824 AcpiPmi - ok
16:25:10.0720 0824 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:25:10.0720 0824 AdobeARMservice - ok
16:25:10.0829 0824 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:25:10.0829 0824 AdobeFlashPlayerUpdateSvc - ok
16:25:10.0891 0824 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:25:10.0985 0824 adp94xx - ok
16:25:11.0047 0824 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:25:11.0110 0824 adpahci - ok
16:25:11.0125 0824 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:25:11.0141 0824 adpu320 - ok
16:25:11.0157 0824 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:25:11.0157 0824 AeLookupSvc - ok
16:25:11.0219 0824 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:25:11.0235 0824 AFD - ok
16:25:11.0250 0824 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:25:11.0297 0824 agp440 - ok
16:25:11.0313 0824 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:25:11.0313 0824 ALG - ok
16:25:11.0328 0824 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:25:11.0344 0824 aliide - ok
16:25:11.0359 0824 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:25:11.0375 0824 amdide - ok
16:25:11.0406 0824 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:25:11.0406 0824 AmdK8 - ok
16:25:11.0422 0824 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
16:25:11.0437 0824 AmdPPM - ok
16:25:11.0500 0824 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:25:11.0562 0824 amdsata - ok
16:25:11.0593 0824 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:25:11.0625 0824 amdsbs - ok
16:25:11.0625 0824 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:25:11.0656 0824 amdxata - ok
16:25:11.0671 0824 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:25:11.0687 0824 AppID - ok
16:25:11.0703 0824 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:25:11.0703 0824 AppIDSvc - ok
16:25:11.0718 0824 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:25:11.0718 0824 Appinfo - ok
16:25:11.0765 0824 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:25:11.0781 0824 AppMgmt - ok
16:25:11.0812 0824 apugyvt - ok
16:25:11.0827 0824 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:25:11.0859 0824 arc - ok
16:25:11.0874 0824 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:25:11.0874 0824 arcsas - ok
16:25:11.0890 0824 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:25:11.0905 0824 AsyncMac - ok
16:25:11.0921 0824 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:25:11.0937 0824 atapi - ok
16:25:11.0999 0824 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:25:12.0030 0824 AudioEndpointBuilder - ok
16:25:12.0030 0824 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:25:12.0046 0824 AudioSrv - ok
16:25:12.0061 0824 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:25:12.0077 0824 AxInstSV - ok
16:25:12.0124 0824 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:25:12.0155 0824 b06bdrv - ok
16:25:12.0186 0824 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:25:12.0249 0824 b57nd60a - ok
16:25:12.0264 0824 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:25:12.0264 0824 BDESVC - ok
16:25:12.0280 0824 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:25:12.0280 0824 Beep - ok
16:25:12.0342 0824 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:25:12.0373 0824 BFE - ok
16:25:12.0451 0824 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:25:12.0467 0824 BITS - ok
16:25:12.0514 0824 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:25:12.0545 0824 blbdrive - ok
16:25:12.0826 0824 Bluetooth Device Manager (f1c544114ecb62a5eeda8d9d3249574d) C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
16:25:12.0935 0824 Bluetooth Device Manager - ok
16:25:13.0013 0824 Bluetooth Media Service (21b1cb06c0254bbc08b8c30d8f282e69) C:\Program Files\Motorola\Bluetooth\audiosrv.exe
16:25:13.0044 0824 Bluetooth Media Service - ok
16:25:13.0091 0824 Bluetooth OBEX Service (0bc0dc720f22a9d6d721fd5b7d15e84f) C:\Program Files\Motorola\Bluetooth\obexsrv.exe
16:25:13.0107 0824 Bluetooth OBEX Service - ok
16:25:13.0216 0824 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:25:13.0263 0824 bowser - ok
16:25:13.0294 0824 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:25:13.0294 0824 BrFiltLo - ok
16:25:13.0294 0824 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:25:13.0294 0824 BrFiltUp - ok
16:25:13.0325 0824 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:25:13.0341 0824 Browser - ok
16:25:13.0372 0824 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:25:13.0403 0824 Brserid - ok
16:25:13.0403 0824 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:25:13.0419 0824 BrSerWdm - ok
16:25:13.0419 0824 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:25:13.0434 0824 BrUsbMdm - ok
16:25:13.0434 0824 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:25:13.0434 0824 BrUsbSer - ok
16:25:13.0450 0824 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:25:13.0465 0824 BTHMODEM - ok
16:25:13.0512 0824 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:25:13.0512 0824 bthserv - ok
16:25:13.0543 0824 BTMCOM (6d3ff2b480f7ab8da103cbc7fbeacd48) C:\Windows\system32\Drivers\btmcom.sys
16:25:13.0543 0824 BTMCOM - ok
16:25:13.0575 0824 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:25:13.0575 0824 cdfs - ok
16:25:13.0606 0824 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:25:13.0653 0824 cdrom - ok
16:25:13.0684 0824 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:25:13.0699 0824 CertPropSvc - ok
16:25:13.0699 0824 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
16:25:13.0699 0824 circlass - ok
16:25:13.0746 0824 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:25:13.0762 0824 CLFS - ok
16:25:13.0840 0824 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:25:13.0840 0824 clr_optimization_v2.0.50727_32 - ok
16:25:13.0887 0824 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:25:13.0887 0824 clr_optimization_v2.0.50727_64 - ok
16:25:13.0965 0824 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:25:13.0965 0824 clr_optimization_v4.0.30319_32 - ok
16:25:13.0996 0824 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:25:14.0011 0824 clr_optimization_v4.0.30319_64 - ok
16:25:14.0027 0824 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:25:14.0058 0824 CmBatt - ok
16:25:14.0074 0824 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:25:14.0089 0824 cmdide - ok
16:25:14.0167 0824 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
16:25:14.0230 0824 CNG - ok
16:25:14.0245 0824 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:25:14.0261 0824 Compbatt - ok
16:25:14.0292 0824 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
16:25:14.0292 0824 CompositeBus - ok
16:25:14.0292 0824 COMSysApp - ok
16:25:14.0339 0824 CORSGKB (51e7182652a7a5af46afcde6afddcdf5) C:\Windows\system32\drivers\CORSGKB.sys
16:25:14.0339 0824 CORSGKB - ok
16:25:14.0339 0824 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:25:14.0355 0824 crcdisk - ok
16:25:14.0386 0824 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
16:25:14.0401 0824 CryptSvc - ok
16:25:14.0464 0824 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:25:14.0495 0824 CSC - ok
16:25:14.0557 0824 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:25:14.0589 0824 CscService - ok
16:25:14.0651 0824 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:25:14.0667 0824 DcomLaunch - ok
16:25:14.0729 0824 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:25:14.0760 0824 defragsvc - ok
16:25:14.0807 0824 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:25:14.0823 0824 DfsC - ok
16:25:14.0869 0824 dg_ssudbus (6060106ce00f32f63f1a73160e46e9d2) C:\Windows\system32\DRIVERS\ssudbus.sys
16:25:14.0916 0824 dg_ssudbus - ok
16:25:14.0947 0824 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:25:14.0963 0824 Dhcp - ok
16:25:14.0963 0824 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:25:14.0979 0824 discache - ok
16:25:14.0994 0824 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:25:15.0025 0824 Disk - ok
16:25:15.0072 0824 DMBdtv (cb3b9b788be428fc67829d9d14f532e0) C:\Windows\system32\Drivers\DMBdtv.sys
16:25:15.0072 0824 DMBdtv - ok
16:25:15.0103 0824 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
16:25:15.0119 0824 dmvsc - ok
16:25:15.0150 0824 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:25:15.0166 0824 Dnscache - ok
16:25:15.0213 0824 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:25:15.0228 0824 dot3svc - ok
16:25:15.0259 0824 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:25:15.0275 0824 DPS - ok
16:25:15.0291 0824 dqjnh - ok
16:25:15.0322 0824 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:25:15.0353 0824 drmkaud - ok
16:25:15.0431 0824 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:25:15.0447 0824 DXGKrnl - ok
16:25:15.0525 0824 eamonm (d00eae9c735a7dee8049e50d73d25434) C:\Windows\system32\DRIVERS\eamonm.sys
16:25:15.0540 0824 eamonm - ok
16:25:15.0556 0824 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:25:15.0556 0824 EapHost - ok
16:25:15.0759 0824 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:25:15.0852 0824 ebdrv - ok
16:25:15.0946 0824 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:25:15.0946 0824 EFS - ok
16:25:16.0008 0824 ehdrv (e5edde3c8158dd0cbc5812f201dcded0) C:\Windows\system32\DRIVERS\ehdrv.sys
16:25:16.0039 0824 ehdrv - ok
16:25:16.0117 0824 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:25:16.0149 0824 ehRecvr - ok
16:25:16.0164 0824 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:25:16.0180 0824 ehSched - ok
16:25:16.0305 0824 ekrn (ad4faade819e0da9933bea7c01d2c763) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
16:25:16.0320 0824 ekrn - ok
16:25:16.0445 0824 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:25:16.0492 0824 elxstor - ok
16:25:16.0523 0824 epfw (587f0f4145a1536a6e37efd769b7665f) C:\Windows\system32\DRIVERS\epfw.sys
16:25:16.0523 0824 epfw - ok
16:25:16.0554 0824 EpfwLWF (d2f812358ee8ee23cbb5c4daffb5b819) C:\Windows\system32\DRIVERS\EpfwLWF.sys
16:25:16.0632 0824 EpfwLWF - ok
16:25:16.0648 0824 epfwwfp (34bf55d69ab74d14c7e7a17259cb7df8) C:\Windows\system32\DRIVERS\epfwwfp.sys
16:25:16.0663 0824 epfwwfp - ok
16:25:16.0679 0824 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:25:16.0695 0824 ErrDev - ok
16:25:16.0757 0824 EuMusDesignVirtualAudioCableWdm (932c05033053ada2404fd836c9ab2c70) C:\Windows\system32\DRIVERS\vrtaucbl.sys
16:25:16.0773 0824 EuMusDesignVirtualAudioCableWdm - ok
16:25:16.0819 0824 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:25:16.0835 0824 EventSystem - ok
16:25:16.0991 0824 EvtEng (7ee9f35bc1dd0ce1a4976032f9ac5162) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
16:25:17.0022 0824 EvtEng - ok
16:25:17.0131 0824 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:25:17.0194 0824 exfat - ok
16:25:17.0225 0824 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:25:17.0287 0824 fastfat - ok
16:25:17.0365 0824 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:25:17.0381 0824 Fax - ok
16:25:17.0397 0824 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:25:17.0428 0824 fdc - ok
16:25:17.0443 0824 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:25:17.0459 0824 fdPHost - ok
16:25:17.0459 0824 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:25:17.0459 0824 FDResPub - ok
16:25:17.0490 0824 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:25:17.0506 0824 FileInfo - ok
16:25:17.0521 0824 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:25:17.0537 0824 Filetrace - ok
16:25:17.0646 0824 FLEXnet Licensing Service (3d9b36631032fde0ffea0dc0260e4e35) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:25:17.0677 0824 FLEXnet Licensing Service - ok
16:25:17.0755 0824 FLEXnet Licensing Service 64 (52c0312ab35eb7187015fb6a99136bb5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
16:25:17.0787 0824 FLEXnet Licensing Service 64 - ok
16:25:17.0865 0824 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:25:17.0880 0824 flpydisk - ok
16:25:17.0911 0824 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:25:17.0958 0824 FltMgr - ok
16:25:18.0058 0824 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:25:18.0088 0824 FontCache - ok
16:25:18.0158 0824 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:25:18.0158 0824 FontCache3.0.0.0 - ok
16:25:18.0178 0824 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:25:18.0218 0824 FsDepends - ok
16:25:18.0238 0824 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:25:18.0248 0824 Fs_Rec - ok
16:25:18.0298 0824 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:25:18.0318 0824 fvevol - ok
16:25:18.0348 0824 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:25:18.0408 0824 gagp30kx - ok
16:25:18.0488 0824 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:25:18.0508 0824 gpsvc - ok
16:25:18.0608 0824 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:25:18.0608 0824 gupdate - ok
16:25:18.0618 0824 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:25:18.0618 0824 gupdatem - ok
16:25:18.0638 0824 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:25:18.0648 0824 hcw85cir - ok
16:25:18.0698 0824 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:25:18.0718 0824 HdAudAddService - ok
16:25:18.0738 0824 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:25:18.0738 0824 HDAudBus - ok
16:25:18.0748 0824 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:25:18.0798 0824 HidBatt - ok
16:25:18.0808 0824 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:25:18.0818 0824 HidBth - ok
16:25:18.0838 0824 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:25:18.0868 0824 HidIr - ok
16:25:18.0888 0824 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:25:18.0888 0824 hidserv - ok
16:25:18.0898 0824 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:25:18.0918 0824 HidUsb - ok
16:25:18.0938 0824 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:25:18.0938 0824 hkmsvc - ok
16:25:18.0988 0824 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:25:18.0998 0824 HomeGroupListener - ok
16:25:19.0028 0824 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:25:19.0038 0824 HomeGroupProvider - ok
16:25:19.0068 0824 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:25:19.0068 0824 HpSAMD - ok
16:25:19.0148 0824 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:25:19.0178 0824 HTTP - ok
16:25:19.0188 0824 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:25:19.0188 0824 hwpolicy - ok
16:25:19.0208 0824 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
16:25:19.0238 0824 i8042prt - ok
16:25:19.0288 0824 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
16:25:19.0288 0824 iaStor - ok
16:25:19.0388 0824 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:25:19.0398 0824 IAStorDataMgrSvc - ok
16:25:19.0448 0824 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:25:19.0508 0824 iaStorV - ok
16:25:19.0618 0824 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:25:19.0648 0824 idsvc - ok
16:25:19.0678 0824 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:25:19.0688 0824 iirsp - ok
16:25:19.0758 0824 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:25:19.0788 0824 IKEEXT - ok
16:25:19.0958 0824 IntcAzAudAddService (7f59c9ac306b2044c1f36933f57b88de) C:\Windows\system32\drivers\RTKVHD64.sys
16:25:19.0998 0824 IntcAzAudAddService - ok
16:25:20.0076 0824 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:25:20.0076 0824 intelide - ok
16:25:20.0092 0824 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:25:20.0107 0824 intelppm - ok
16:25:20.0123 0824 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:25:20.0139 0824 IPBusEnum - ok
16:25:20.0170 0824 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:25:20.0170 0824 IpFilterDriver - ok
16:25:20.0217 0824 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:25:20.0248 0824 iphlpsvc - ok
16:25:20.0263 0824 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:25:20.0263 0824 IPMIDRV - ok
16:25:20.0279 0824 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:25:20.0326 0824 IPNAT - ok
16:25:20.0341 0824 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:25:20.0341 0824 IRENUM - ok
16:25:20.0357 0824 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:25:20.0373 0824 isapnp - ok
16:25:20.0404 0824 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:25:20.0435 0824 iScsiPrt - ok
16:25:20.0435 0824 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:25:20.0435 0824 kbdclass - ok
16:25:20.0451 0824 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:25:20.0731 0824 kbdhid - ok
16:25:20.0809 0824 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:25:20.0809 0824 KeyIso - ok
16:25:20.0856 0824 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
16:25:20.0872 0824 KSecDD - ok
16:25:20.0887 0824 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
16:25:20.0919 0824 KSecPkg - ok
16:25:20.0934 0824 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:25:20.0981 0824 ksthunk - ok
16:25:21.0028 0824 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:25:21.0043 0824 KtmRm - ok
16:25:21.0106 0824 LADF_CaptureOnly (ce4347e2d90db2e5517b6f2bc720a862) C:\Windows\system32\DRIVERS\ladfGSCamd64.sys
16:25:21.0106 0824 LADF_CaptureOnly - ok
16:25:21.0168 0824 LADF_RenderOnly (85a9d21d3ae2ea963e111cb150895877) C:\Windows\system32\DRIVERS\ladfGSRamd64.sys
16:25:21.0199 0824 LADF_RenderOnly - ok
16:25:21.0246 0824 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:25:21.0262 0824 LanmanServer - ok
16:25:21.0293 0824 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:25:21.0309 0824 LanmanWorkstation - ok
16:25:21.0355 0824 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
16:25:21.0371 0824 LGBusEnum - ok
16:25:21.0387 0824 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
16:25:21.0387 0824 LGVirHid - ok
16:25:21.0433 0824 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:25:21.0465 0824 lltdio - ok
16:25:21.0527 0824 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:25:21.0543 0824 lltdsvc - ok
16:25:21.0558 0824 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:25:21.0574 0824 lmhosts - ok
16:25:21.0589 0824 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:25:21.0605 0824 LSI_FC - ok
16:25:21.0636 0824 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:25:21.0652 0824 LSI_SAS - ok
16:25:21.0667 0824 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:25:21.0683 0824 LSI_SAS2 - ok
16:25:21.0683 0824 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:25:21.0699 0824 LSI_SCSI - ok
16:25:21.0714 0824 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:25:21.0714 0824 luafv - ok
16:25:21.0745 0824 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:25:21.0745 0824 Mcx2Svc - ok
16:25:21.0761 0824 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:25:21.0792 0824 megasas - ok
16:25:21.0823 0824 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:25:21.0855 0824 MegaSR - ok
16:25:21.0948 0824 Micro Star SCM (71c6748ee8de938532057ef10b4b7e44) C:\Program Files (x86)\System Control Manager\MSIService.exe
16:25:21.0948 0824 Micro Star SCM - ok
16:25:21.0964 0824 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:25:21.0964 0824 MMCSS - ok
16:25:21.0979 0824 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:25:21.0995 0824 Modem - ok
16:25:22.0026 0824 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:25:22.0026 0824 monitor - ok
16:25:22.0042 0824 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:25:22.0042 0824 mouclass - ok
16:25:22.0073 0824 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:25:22.0073 0824 mouhid - ok
16:25:22.0104 0824 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:25:22.0104 0824 mountmgr - ok
16:25:22.0151 0824 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:25:22.0167 0824 MozillaMaintenance - ok
16:25:22.0198 0824 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:25:22.0213 0824 mpio - ok
16:25:22.0229 0824 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:25:22.0245 0824 mpsdrv - ok
16:25:22.0323 0824 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:25:22.0354 0824 MpsSvc - ok
16:25:22.0385 0824 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:25:22.0385 0824 MRxDAV - ok
16:25:22.0432 0824 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:25:22.0447 0824 mrxsmb - ok
16:25:22.0479 0824 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:25:22.0572 0824 mrxsmb10 - ok
16:25:22.0588 0824 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:25:22.0603 0824 mrxsmb20 - ok
16:25:22.0619 0824 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:25:22.0635 0824 msahci - ok
16:25:22.0650 0824 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:25:22.0666 0824 msdsm - ok
16:25:22.0697 0824 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:25:22.0697 0824 MSDTC - ok
16:25:22.0713 0824 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:25:22.0713 0824 Msfs - ok
16:25:22.0728 0824 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:25:22.0728 0824 mshidkmdf - ok
16:25:22.0744 0824 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:25:22.0759 0824 msisadrv - ok
16:25:22.0791 0824 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:25:22.0806 0824 MSiSCSI - ok
16:25:22.0822 0824 msiserver - ok
16:25:22.0884 0824 MSI_MSIBIOS_010507 - ok
16:25:22.0900 0824 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:25:22.0915 0824 MSKSSRV - ok
16:25:22.0915 0824 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:25:22.0915 0824 MSPCLOCK - ok
16:25:22.0931 0824 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:25:22.0962 0824 MSPQM - ok
16:25:22.0993 0824 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:25:23.0009 0824 MsRPC - ok
16:25:23.0025 0824 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
16:25:23.0025 0824 mssmbios - ok
16:25:23.0040 0824 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:25:23.0056 0824 MSTEE - ok
16:25:23.0056 0824 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:25:23.0056 0824 MTConfig - ok
16:25:23.0071 0824 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:25:23.0087 0824 Mup - ok
16:25:23.0181 0824 MyWiFiDHCPDNS (0cf5580f27918ffd2e165ecafa734103) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
16:25:23.0196 0824 MyWiFiDHCPDNS - ok
16:25:23.0259 0824 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:25:23.0274 0824 napagent - ok
16:25:23.0321 0824 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:25:23.0337 0824 NativeWifiP - ok
16:25:23.0446 0824 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:25:23.0477 0824 NDIS - ok
16:25:23.0493 0824 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:25:23.0508 0824 NdisCap - ok
16:25:23.0539 0824 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:25:23.0539 0824 NdisTapi - ok
16:25:23.0555 0824 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:25:23.0555 0824 Ndisuio - ok
16:25:23.0586 0824 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:25:23.0602 0824 NdisWan - ok
16:25:23.0602 0824 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:25:23.0633 0824 NDProxy - ok
16:25:23.0633 0824 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:25:23.0649 0824 NetBIOS - ok
16:25:23.0680 0824 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:25:23.0680 0824 NetBT - ok
16:25:23.0711 0824 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:25:23.0711 0824 Netlogon - ok
16:25:23.0758 0824 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:25:23.0773 0824 Netman - ok
16:25:23.0805 0824 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:25:23.0836 0824 netprofm - ok
16:25:23.0914 0824 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:25:23.0914 0824 NetTcpPortSharing - ok
16:25:24.0413 0824 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
16:25:24.0600 0824 NETwNs64 - ok
16:25:24.0694 0824 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:25:24.0772 0824 nfrd960 - ok
16:25:24.0803 0824 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:25:24.0819 0824 NlaSvc - ok
16:25:24.0819 0824 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:25:24.0850 0824 Npfs - ok
16:25:24.0850 0824 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:25:24.0865 0824 nsi - ok
16:25:24.0865 0824 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:25:24.0881 0824 nsiproxy - ok
16:25:25.0006 0824 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:25:25.0037 0824 Ntfs - ok
16:25:25.0115 0824 NTIOLib_1_0_4 - ok
16:25:25.0209 0824 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:25:25.0240 0824 Null - ok
16:25:25.0255 0824 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys
16:25:25.0271 0824 nusb3hub - ok
16:25:25.0302 0824 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:25:25.0302 0824 nusb3xhc - ok
16:25:26.0113 0824 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:25:26.0176 0824 nvlddmkm - ok
16:25:26.0269 0824 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:25:26.0316 0824 nvraid - ok
16:25:26.0332 0824 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:25:26.0394 0824 nvstor - ok
16:25:26.0472 0824 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
16:25:26.0488 0824 nvsvc - ok
16:25:26.0644 0824 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
16:25:26.0659 0824 nvUpdatusService - ok
16:25:26.0753 0824 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:25:26.0800 0824 nv_agp - ok
16:25:26.0815 0824 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:25:26.0831 0824 ohci1394 - ok
16:25:26.0862 0824 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:25:26.0862 0824 p2pimsvc - ok
16:25:26.0909 0824 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:25:26.0925 0824 p2psvc - ok
16:25:26.0940 0824 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:25:26.0956 0824 Parport - ok
16:25:26.0987 0824 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:25:27.0018 0824 partmgr - ok
16:25:27.0049 0824 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:25:27.0065 0824 PcaSvc - ok
16:25:27.0096 0824 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:25:27.0174 0824 pci - ok

Flamebo
Novice
Novice

Posts Posts : 24
Joined Joined : 2012-07-29
Gender Gender : Male
OS OS : WIN7 64bit
Protection Protection : ESET Smart Security
Points Points : 16271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Flamebo on 30th July 2012, 2:29 pm

16:25:27.0174 0824 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:25:27.0190 0824 pciide - ok
16:25:27.0221 0824 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:25:27.0252 0824 pcmcia - ok
16:25:27.0252 0824 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:25:27.0268 0824 pcw - ok
16:25:27.0330 0824 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:25:27.0393 0824 PEAUTH - ok
16:25:27.0502 0824 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:25:27.0533 0824 PeerDistSvc - ok
16:25:27.0611 0824 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:25:27.0611 0824 PerfHost - ok
16:25:27.0767 0824 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:25:27.0814 0824 pla - ok
16:25:27.0876 0824 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:25:27.0892 0824 PlugPlay - ok
16:25:27.0907 0824 PnkBstrA - ok
16:25:27.0923 0824 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:25:27.0923 0824 PNRPAutoReg - ok
16:25:27.0954 0824 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:25:27.0954 0824 PNRPsvc - ok
16:25:28.0001 0824 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:25:28.0032 0824 PolicyAgent - ok
16:25:28.0063 0824 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:25:28.0063 0824 Power - ok
16:25:28.0126 0824 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:25:28.0188 0824 PptpMiniport - ok
16:25:28.0219 0824 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:25:28.0251 0824 Processor - ok
16:25:28.0297 0824 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
16:25:28.0313 0824 ProfSvc - ok
16:25:28.0329 0824 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:25:28.0329 0824 ProtectedStorage - ok
16:25:28.0375 0824 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:25:28.0375 0824 Psched - ok
16:25:28.0469 0824 PSI_SVC_2_x64 (788cb65d49d1162c5ee6814afe5b0a70) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
16:25:28.0485 0824 PSI_SVC_2_x64 - ok
16:25:28.0594 0824 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:25:28.0656 0824 ql2300 - ok
16:25:28.0734 0824 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:25:28.0750 0824 ql40xx - ok
16:25:28.0781 0824 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:25:28.0812 0824 QWAVE - ok
16:25:28.0843 0824 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:25:28.0875 0824 QWAVEdrv - ok
16:25:28.0890 0824 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:25:28.0890 0824 RasAcd - ok
16:25:28.0921 0824 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:25:28.0921 0824 RasAgileVpn - ok
16:25:28.0937 0824 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:25:28.0953 0824 RasAuto - ok
16:25:28.0968 0824 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:25:29.0015 0824 Rasl2tp - ok
16:25:29.0077 0824 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:25:29.0093 0824 RasMan - ok
16:25:29.0124 0824 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:25:29.0124 0824 RasPppoe - ok
16:25:29.0140 0824 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:25:29.0155 0824 RasSstp - ok
16:25:29.0202 0824 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:25:29.0202 0824 rdbss - ok
16:25:29.0218 0824 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:25:29.0265 0824 rdpbus - ok
16:25:29.0296 0824 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:25:29.0296 0824 RDPCDD - ok
16:25:29.0327 0824 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:25:29.0405 0824 RDPDR - ok
16:25:29.0405 0824 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:25:29.0421 0824 RDPENCDD - ok
16:25:29.0421 0824 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:25:29.0421 0824 RDPREFMP - ok
16:25:29.0452 0824 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:25:29.0467 0824 RdpVideoMiniport - ok
16:25:29.0499 0824 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
16:25:29.0530 0824 RDPWD - ok
16:25:29.0577 0824 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:25:29.0592 0824 rdyboost - ok
16:25:29.0701 0824 RegSrvc (aa9fd849c028ccb441a78061b57db734) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
16:25:29.0717 0824 RegSrvc - ok
16:25:29.0748 0824 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:25:29.0748 0824 RemoteAccess - ok
16:25:29.0779 0824 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:25:29.0795 0824 RemoteRegistry - ok
16:25:29.0857 0824 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
16:25:29.0873 0824 RimUsb - ok
16:25:29.0920 0824 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
16:25:29.0920 0824 RimVSerPort - ok
16:25:29.0951 0824 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
16:25:29.0951 0824 ROOTMODEM - ok
16:25:29.0967 0824 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:25:29.0967 0824 RpcEptMapper - ok
16:25:29.0982 0824 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:25:29.0982 0824 RpcLocator - ok
16:25:30.0029 0824 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:25:30.0045 0824 RpcSs - ok
16:25:30.0060 0824 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:25:30.0076 0824 rspndr - ok
16:25:30.0154 0824 RTL8167 (39a719875f572241c585a629ee62eb14) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:25:30.0201 0824 RTL8167 - ok
16:25:30.0216 0824 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:25:30.0232 0824 s3cap - ok
16:25:30.0263 0824 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:25:30.0263 0824 SamSs - ok
16:25:30.0279 0824 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:25:30.0310 0824 sbp2port - ok
16:25:30.0372 0824 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
16:25:30.0403 0824 SBRE - ok
16:25:30.0575 0824 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:25:30.0591 0824 SBSDWSCService - ok
16:25:30.0637 0824 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:25:30.0669 0824 SCardSvr - ok
16:25:30.0700 0824 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:25:30.0731 0824 scfilter - ok
16:25:30.0809 0824 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:25:30.0856 0824 Schedule - ok
16:25:30.0887 0824 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:25:30.0887 0824 SCPolicySvc - ok
16:25:30.0918 0824 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:25:30.0934 0824 SDRSVC - ok
16:25:30.0965 0824 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:25:31.0012 0824 secdrv - ok
16:25:31.0027 0824 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:25:31.0027 0824 seclogon - ok
16:25:31.0043 0824 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:25:31.0043 0824 SENS - ok
16:25:31.0059 0824 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:25:31.0059 0824 SensrSvc - ok
16:25:31.0074 0824 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
16:25:31.0090 0824 Serenum - ok
16:25:31.0121 0824 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
16:25:31.0168 0824 Serial - ok
16:25:31.0168 0824 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:25:31.0183 0824 sermouse - ok
16:25:31.0215 0824 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:25:31.0230 0824 SessionEnv - ok
16:25:31.0246 0824 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:25:31.0246 0824 sffdisk - ok
16:25:31.0261 0824 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:25:31.0277 0824 sffp_mmc - ok
16:25:31.0293 0824 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:25:31.0293 0824 sffp_sd - ok
16:25:31.0293 0824 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:25:31.0308 0824 sfloppy - ok
16:25:31.0355 0824 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:25:31.0371 0824 SharedAccess - ok
16:25:31.0417 0824 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:25:31.0433 0824 ShellHWDetection - ok
16:25:31.0449 0824 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:25:31.0511 0824 SiSRaid2 - ok
16:25:31.0527 0824 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:25:31.0542 0824 SiSRaid4 - ok
16:25:31.0573 0824 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:25:31.0573 0824 Smb - ok
16:25:31.0605 0824 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:25:31.0620 0824 SNMPTRAP - ok
16:25:31.0636 0824 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:25:31.0636 0824 spldr - ok
16:25:31.0698 0824 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:25:31.0714 0824 Spooler - ok
16:25:31.0952 0824 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:25:32.0002 0824 sppsvc - ok
16:25:32.0082 0824 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:25:32.0092 0824 sppuinotify - ok
16:25:32.0152 0824 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:25:32.0242 0824 srv - ok
16:25:32.0282 0824 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:25:32.0312 0824 srv2 - ok
16:25:32.0332 0824 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:25:32.0362 0824 srvnet - ok
16:25:32.0402 0824 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:25:32.0412 0824 SSDPSRV - ok
16:25:32.0432 0824 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:25:32.0432 0824 SstpSvc - ok
16:25:32.0482 0824 ssudmdm (855335bf5792e56164f98c012e3d92dd) C:\Windows\system32\DRIVERS\ssudmdm.sys
16:25:32.0522 0824 ssudmdm - ok
16:25:32.0592 0824 Steam Client Service - ok
16:25:32.0622 0824 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:25:32.0622 0824 stexstor - ok
16:25:32.0682 0824 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:25:32.0732 0824 stisvc - ok
16:25:32.0752 0824 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:25:32.0762 0824 storflt - ok
16:25:32.0782 0824 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:25:32.0822 0824 storvsc - ok
16:25:32.0842 0824 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
16:25:32.0862 0824 swenum - ok
16:25:32.0922 0824 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:25:32.0942 0824 swprv - ok
16:25:32.0972 0824 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
16:25:33.0002 0824 Synth3dVsc - ok
16:25:33.0042 0824 SynTP (e5d73228176c9f69072d1f91ced83484) C:\Windows\system32\DRIVERS\SynTP.sys
16:25:33.0062 0824 SynTP - ok
16:25:33.0172 0824 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:25:33.0212 0824 SysMain - ok
16:25:33.0292 0824 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:25:33.0302 0824 TabletInputService - ok
16:25:33.0352 0824 tap0901 (f9be29d5e097f03f81d3cd12b794cb66) C:\Windows\system32\DRIVERS\tap0901.sys
16:25:33.0402 0824 tap0901 - ok
16:25:33.0432 0824 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:25:33.0442 0824 TapiSrv - ok
16:25:33.0452 0824 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:25:33.0452 0824 TBS - ok
16:25:33.0592 0824 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:25:33.0622 0824 Tcpip - ok
16:25:33.0802 0824 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:25:33.0812 0824 TCPIP6 - ok
16:25:33.0904 0824 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:25:33.0904 0824 tcpipreg - ok
16:25:33.0920 0824 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:25:33.0967 0824 TDPIPE - ok
16:25:33.0982 0824 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:25:33.0998 0824 TDTCP - ok
16:25:34.0029 0824 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:25:34.0045 0824 tdx - ok
16:25:34.0076 0824 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
16:25:34.0091 0824 TermDD - ok
16:25:34.0107 0824 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
16:25:34.0154 0824 terminpt - ok
16:25:34.0216 0824 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:25:34.0247 0824 TermService - ok
16:25:34.0263 0824 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:25:34.0263 0824 Themes - ok
16:25:34.0294 0824 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:25:34.0294 0824 THREADORDER - ok
16:25:34.0325 0824 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:25:34.0388 0824 TrkWks - ok
16:25:34.0419 0824 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:25:34.0435 0824 TrustedInstaller - ok
16:25:34.0450 0824 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:25:34.0450 0824 tssecsrv - ok
16:25:34.0497 0824 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:25:34.0544 0824 TsUsbFlt - ok
16:25:34.0559 0824 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
16:25:34.0559 0824 TsUsbGD - ok
16:25:34.0591 0824 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
16:25:34.0622 0824 tsusbhub - ok
16:25:34.0669 0824 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:25:34.0684 0824 tunnel - ok
16:25:34.0684 0824 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:25:34.0715 0824 uagp35 - ok
16:25:34.0747 0824 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:25:34.0762 0824 udfs - ok
16:25:34.0778 0824 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:25:34.0793 0824 UI0Detect - ok
16:25:34.0809 0824 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:25:34.0825 0824 uliagpkx - ok
16:25:34.0840 0824 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:25:34.0856 0824 umbus - ok
16:25:34.0887 0824 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:25:34.0887 0824 UmPass - ok
16:25:34.0918 0824 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:25:34.0934 0824 UmRdpService - ok
16:25:34.0981 0824 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:25:34.0996 0824 upnphost - ok
16:25:35.0012 0824 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:25:35.0043 0824 usbaudio - ok
16:25:35.0090 0824 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:25:35.0121 0824 usbccgp - ok
16:25:35.0152 0824 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:25:35.0152 0824 usbcir - ok
16:25:35.0168 0824 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:25:35.0183 0824 usbehci - ok
16:25:35.0215 0824 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:25:35.0261 0824 usbhub - ok
16:25:35.0277 0824 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:25:35.0324 0824 usbohci - ok
16:25:35.0339 0824 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:25:35.0339 0824 usbprint - ok
16:25:35.0355 0824 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:25:35.0386 0824 USBSTOR - ok
16:25:35.0402 0824 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:25:35.0402 0824 usbuhci - ok
16:25:35.0464 0824 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
16:25:35.0511 0824 usbvideo - ok
16:25:35.0542 0824 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
16:25:35.0558 0824 usb_rndisx - ok
16:25:35.0605 0824 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:25:35.0605 0824 UxSms - ok
16:25:35.0620 0824 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:25:35.0620 0824 VaultSvc - ok
16:25:35.0651 0824 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:25:35.0667 0824 vdrvroot - ok
16:25:35.0714 0824 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:25:35.0729 0824 vds - ok
16:25:35.0761 0824 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:25:35.0761 0824 vga - ok
16:25:35.0776 0824 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:25:35.0807 0824 VgaSave - ok
16:25:35.0823 0824 VGPU - ok
16:25:35.0854 0824 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:25:35.0870 0824 vhdmp - ok
16:25:35.0885 0824 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:25:35.0901 0824 viaide - ok
16:25:35.0932 0824 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:25:36.0010 0824 vmbus - ok
16:25:36.0026 0824 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:25:36.0041 0824 VMBusHID - ok
16:25:36.0057 0824 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:25:36.0088 0824 volmgr - ok
16:25:36.0104 0824 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:25:36.0119 0824 volmgrx - ok
16:25:36.0151 0824 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:25:36.0166 0824 volsnap - ok
16:25:36.0197 0824 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:25:36.0244 0824 vsmraid - ok
16:25:36.0369 0824 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:25:36.0416 0824 VSS - ok
16:25:36.0494 0824 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:25:36.0541 0824 vwifibus - ok
16:25:36.0556 0824 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:25:36.0572 0824 vwififlt - ok
16:25:36.0572 0824 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:25:36.0619 0824 vwifimp - ok
16:25:36.0665 0824 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:25:36.0681 0824 W32Time - ok
16:25:36.0712 0824 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:25:36.0712 0824 WacomPen - ok
16:25:36.0743 0824 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:25:36.0790 0824 WANARP - ok
16:25:36.0790 0824 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:25:36.0790 0824 Wanarpv6 - ok
16:25:36.0899 0824 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
16:25:36.0946 0824 WatAdminSvc - ok
16:25:37.0055 0824 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:25:37.0102 0824 wbengine - ok
16:25:37.0180 0824 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:25:37.0211 0824 WbioSrvc - ok
16:25:37.0243 0824 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:25:37.0258 0824 wcncsvc - ok
16:25:37.0274 0824 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:25:37.0289 0824 WcsPlugInService - ok
16:25:37.0321 0824 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:25:37.0321 0824 Wd - ok
16:25:37.0367 0824 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:25:37.0399 0824 Wdf01000 - ok
16:25:37.0430 0824 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:25:37.0430 0824 WdiServiceHost - ok
16:25:37.0430 0824 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:25:37.0445 0824 WdiSystemHost - ok
16:25:37.0461 0824 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:25:37.0492 0824 WebClient - ok
16:25:37.0523 0824 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:25:37.0555 0824 Wecsvc - ok
16:25:37.0570 0824 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:25:37.0570 0824 wercplsupport - ok
16:25:37.0586 0824 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:25:37.0601 0824 WerSvc - ok
16:25:37.0617 0824 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:25:37.0664 0824 WfpLwf - ok
16:25:37.0679 0824 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:25:37.0695 0824 WIMMount - ok
16:25:37.0711 0824 WinDefend - ok
16:25:37.0726 0824 WinHttpAutoProxySvc - ok
16:25:37.0773 0824 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:25:37.0789 0824 Winmgmt - ok
16:25:37.0945 0824 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:25:37.0991 0824 WinRM - ok
16:25:38.0101 0824 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:25:38.0132 0824 WinUsb - ok
16:25:38.0210 0824 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:25:38.0225 0824 Wlansvc - ok
16:25:38.0257 0824 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:25:38.0288 0824 WmiAcpi - ok
16:25:38.0319 0824 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:25:38.0350 0824 wmiApSrv - ok
16:25:38.0381 0824 WMPNetworkSvc - ok
16:25:38.0413 0824 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:25:38.0413 0824 WPCSvc - ok
16:25:38.0444 0824 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:25:38.0444 0824 WPDBusEnum - ok
16:25:38.0459 0824 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:25:38.0491 0824 ws2ifsl - ok
16:25:38.0522 0824 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:25:38.0522 0824 wscsvc - ok
16:25:38.0522 0824 WSearch - ok
16:25:38.0693 0824 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
16:25:38.0740 0824 wuauserv - ok
16:25:38.0818 0824 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:25:38.0849 0824 WudfPf - ok
16:25:38.0865 0824 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:25:38.0896 0824 WUDFRd - ok
16:25:38.0927 0824 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:25:38.0927 0824 wudfsvc - ok
16:25:38.0959 0824 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:25:38.0974 0824 WwanSvc - ok
16:25:39.0021 0824 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:25:39.0286 0824 \Device\Harddisk0\DR0 - ok
16:25:39.0614 0824 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
16:25:39.0910 0824 \Device\Harddisk1\DR1 - ok
16:25:39.0941 0824 Boot (0x1200) (add705edfc6e93c4eebe1f6a3031d7e8) \Device\Harddisk0\DR0\Partition0
16:25:39.0941 0824 \Device\Harddisk0\DR0\Partition0 - ok
16:25:39.0957 0824 Boot (0x1200) (1fcca16e567372824b4a6fe5d626f8fd) \Device\Harddisk1\DR1\Partition0
16:25:39.0957 0824 \Device\Harddisk1\DR1\Partition0 - ok
16:25:39.0957 0824 ============================================================
16:25:39.0957 0824 Scan finished
16:25:39.0957 0824 ============================================================
16:25:39.0973 5412 Detected object count: 0
16:25:39.0973 5412 Actual detected object count: 0

Flamebo
Novice
Novice

Posts Posts : 24
Joined Joined : 2012-07-29
Gender Gender : Male
OS OS : WIN7 64bit
Protection Protection : ESET Smart Security
Points Points : 16271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Flamebo on 30th July 2012, 2:30 pm

========== FILES ==========
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.55.0 log created on 07302012_144550

Flamebo
Novice
Novice

Posts Posts : 24
Joined Joined : 2012-07-29
Gender Gender : Male
OS OS : WIN7 64bit
Protection Protection : ESET Smart Security
Points Points : 16271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Gabethebabe on 30th July 2012, 3:39 pm

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:
:files
C:\Windows\SysWOW64\drivers\bepxusli.sys
C:\Windows\SysWOW64\drivers\jmvo.sys

:services
dqjnh
apugyvt

:commands
[reboot]
  • CAREFUL NOW! You must click the Run Fix button, NOT the Run Scan!
  • If it asks to reboot the computer, please allow that.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

Please download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
  • Click OK to either and let MBAM proceed with the disinfection process.
  • If asked to restart the computer, please do so immediately.

Post the contents of the MBAM log in your next reply, please.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Flamebo on 30th July 2012, 10:45 pm

========== FILES ==========
C:\Windows\SysWOW64\drivers\bepxusli.sys moved successfully.
C:\Windows\SysWOW64\drivers\jmvo.sys moved successfully.
========== SERVICES/DRIVERS ==========
Service dqjnh stopped successfully!
Service dqjnh deleted successfully!
Service apugyvt stopped successfully!
Service apugyvt deleted successfully!
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.55.0 log created on 07312012_002030

Flamebo
Novice
Novice

Posts Posts : 24
Joined Joined : 2012-07-29
Gender Gender : Male
OS OS : WIN7 64bit
Protection Protection : ESET Smart Security
Points Points : 16271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Flamebo on 30th July 2012, 10:52 pm

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
[You must be registered and logged in to see this link.]

Database version: v2012.07.30.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Adriaan :: FLAMEBO [administrator]

Protection: Enabled

2012/07/31 12:51:06 AM
mbam-log-2012-07-31 (00-51-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207263
Time elapsed: 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Flamebo
Novice
Novice

Posts Posts : 24
Joined Joined : 2012-07-29
Gender Gender : Male
OS OS : WIN7 64bit
Protection Protection : ESET Smart Security
Points Points : 16271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Flamebo on 30th July 2012, 10:56 pm

Please advise the best anti-virus, firewall, malware, etc software?
I bought ESET not so much for the features and ability to protect the PC, rather for its performance and tiny footprint with gaming in mind.

Flamebo
Novice
Novice

Posts Posts : 24
Joined Joined : 2012-07-29
Gender Gender : Male
OS OS : WIN7 64bit
Protection Protection : ESET Smart Security
Points Points : 16271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Gabethebabe on 31st July 2012, 9:24 am

How is your computer running now?

It is noted that if you do not disable the autorun function - you might be reinfected if you insert an infected removable drive.

you can immunize removable drives manually, by creating a folder named autorun.inf and make it readonly and hidden. Most malware will not be able to replace that folder with an infected autorun.inf file

When we close this case, I will provide you with my list of recommendations, but ESET is fine software.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Flamebo on 31st July 2012, 11:49 am

My computer is running like a dream. I would send you a kinky toy if I knew what you were into Goofy.


My main issue is resolved. There is no autoun.inf files being created, nor the system.exe on the removable drive.

Thank you so much for the help!!

Flamebo
Novice
Novice

Posts Posts : 24
Joined Joined : 2012-07-29
Gender Gender : Male
OS OS : WIN7 64bit
Protection Protection : ESET Smart Security
Points Points : 16271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Gabethebabe on 1st August 2012, 5:10 pm

Time to uninstall used tools.

  • Double click OTL.exe to run it again and click the CleanUp button.
  • If we used any other tools and they still remain on your desktop, please delete them manually.

====================

Allright! Here follows my ALORTKYCC (Awesome List Of Recommendations To Keep Your Computer Clean):

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit [You must be registered and logged in to see this link.]. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account, not an administrator account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware can“t touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:
  • [You must be registered and logged in to see this link.]. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  • [You must be registered and logged in to see this link.] has received great reviews from leading security analysts.
  • [You must be registered and logged in to see this link.] is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:
  • [You must be registered and logged in to see this link.]. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  • [You must be registered and logged in to see this link.]. A very smart and user friendly firewall.
  • [You must be registered and logged in to see this link.] is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:
  • Stay away from cracks and keygens (look [You must be registered and logged in to see this link.] for the why). Get free software instead. [You must be registered and logged in to see this link.] is an excellent source of freeware reviews.
  • Navigate safely. [You must be registered and logged in to see this link.] is the safest browser available. However, Mozilla Firefox can be made extremely safe with the [You must be registered and logged in to see this link.] addon. Internet Explorer (always use [You must be registered and logged in to see this link.]) can be made a lot safer with [You must be registered and logged in to see this link.] (manual [You must be registered and logged in to see this link.]).
  • The [You must be registered and logged in to see this link.] addon will help you to stay on reliable webpages.
  • [You must be registered and logged in to see this link.] alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  • Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? [You must be registered and logged in to see this link.]!

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Flamebo on 2nd August 2012, 12:41 pm

Hi
Great list and advice. Thanks.
For system backup and drivers, which is the best route or software?

Flamebo
Novice
Novice

Posts Posts : 24
Joined Joined : 2012-07-29
Gender Gender : Male
OS OS : WIN7 64bit
Protection Protection : ESET Smart Security
Points Points : 16271
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Gabethebabe on 3rd August 2012, 7:00 am

I use clonezilla for making backups/images.

But I also have my Operating System and software separated from my data (pictures, documents, music, videos, etc), so that making a clone of my system disk is manageable.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Autorun worm

Post by Flamebo on 3rd August 2012, 12:05 pm

Ok, that is all, we can close this thread. I hope in future when I have a problem I can contact you for help. Thanks again!

Flamebo
Novice
Novice

Posts Posts : 24
Joined Joined : 2012-07-29
Gender Gender : Male
OS OS : WIN7 64bit
Protection Protection : ESET Smart Security
Points Points : 16271
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum