Unsure if infected

View previous topic View next topic Go down

Unsure if infected

Post by shockz13 on Wed 21 Nov 2012, 12:32 pm

My PC has recently started running slow despite very recent hardware upgrades. My ram was running at 100% even though there were no processes using that much. There is also a new windows user "Adm1n" that I did not create.

OTL logfile created on: 11/20/2012 7:05:51 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Taylor\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 63.86% Memory free
8.00 Gb Paging File | 6.50 Gb Available in Paging File | 81.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.76 Gb Total Space | 66.83 Gb Free Space | 14.35% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 368.89 Gb Free Space | 39.60% Space Free | Partition Type: NTFS

Computer Name: TAYLOR-PC | User Name: Taylor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/20 19:04:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Taylor\Downloads\OTL.com
PRC - [2012/10/26 17:17:09 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Taylor\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/10/02 16:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/08/26 22:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Taylor\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/08/03 23:41:52 | 001,022,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/10/02 23:21:44 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/03/22 12:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010/06/28 01:20:30 | 000,173,352 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010/04/14 16:03:46 | 000,275,832 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe
PRC - [2010/04/14 16:03:46 | 000,140,160 | ---- | M] (Advanced Micro Devices) -- C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe
PRC - [2009/12/20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) -- C:\xampp\mysql\bin\mysqld.exe
PRC - [2009/12/20 00:00:00 | 001,029,776 | ---- | M] (FileZilla Project) -- C:\xampp\FileZillaFTP\FileZilla Server.exe
PRC - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) -- C:\xampp\apache\bin\httpd.exe
PRC - [2009/08/29 00:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Taylor\Local Settings\Apps\F.lux\flux.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/08/29 00:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Taylor\Local Settings\Apps\F.lux\flux.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/14 12:04:34 | 000,420,936 | ---- | M] () [Auto | Running] -- C:\Program Files\Synergy\synergyd.exe -- (Synergy)
SRV:64bit: - [2012/07/04 00:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/05/31 23:36:12 | 000,350,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV:64bit: - [2011/09/27 13:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012/11/17 20:36:51 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 16:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/28 15:20:35 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/15 17:02:18 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/10/02 23:21:44 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010/11/20 06:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 06:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 06:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/06/28 01:20:30 | 000,173,352 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010/04/14 16:03:46 | 000,275,832 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe -- (AMD FusionUtility Service)
SRV - [2010/04/14 16:03:46 | 000,140,160 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/20 00:00:00 | 006,095,504 | ---- | M] (MySQL AB) [Auto | Running] -- C:\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009/12/20 00:00:00 | 001,029,776 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\xampp\FileZillaFTP\FileZilla Server.exe -- (FileZilla Server)
SRV - [2009/12/20 00:00:00 | 000,029,416 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2003/04/04 14:54:50 | 000,077,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/06 21:47:47 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/04 00:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/07/04 00:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/03 23:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/07/03 09:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/06/04 01:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/06/04 01:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.([You must be registered and logged in to see this link.] [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 06:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/09/02 00:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 00:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/09/22 13:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/09/02 22:22:52 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/08/13 18:02:15 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/07/01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/10 08:54:08 | 001,286,656 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cm11264.sys -- (USBADVAU)
DRV:64bit: - [2008/09/10 08:54:08 | 001,286,656 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cm11264.sys -- (cm1123264)
DRV:64bit: - [2005/03/29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/04/04 15:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B 21 64 AF BD 14 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{0CCF0D1F-0DD1-49FE-BA69-5A9530D7A7FC}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: [You must be registered and logged in to see this link.]:1.0.0.932
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 3200
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Taylor\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Taylor\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Taylor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/02/14 18:55:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/02/14 18:55:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/15 17:02:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/14 23:35:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/15 17:02:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/14 23:35:45 | 000,000,000 | ---D | M]

[2011/12/11 17:25:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Extensions
[2010/09/12 17:38:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/11/20 14:41:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\iy3jgbm5.default\extensions
[2012/05/22 16:03:20 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\iy3jgbm5.default\extensions\LogMeInClient@logmein.com
[2012/11/20 14:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\iy3jgbm5.default\extensions\staged
[2011/12/11 17:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\w15kfajg.default\extensions
[2012/05/03 15:29:08 | 000,363,268 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\iy3jgbm5.default\extensions\client@anonymox.net.xpi
[2012/05/08 21:58:04 | 000,401,328 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\iy3jgbm5.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi
[2012/01/21 14:15:38 | 000,003,084 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\iy3jgbm5.default\extensions\{1fc895a6-2042-46ec-a61b-233165b4c218}.xpi
[2012/08/11 14:51:02 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\iy3jgbm5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/09/28 19:25:34 | 000,627,675 | ---- | M] () (No name found) -- C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\w15kfajg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/07/14 23:35:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/14 23:35:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/06/15 17:02:20 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/22 12:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/03/18 21:55:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/03/20 20:10:43 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2012/03/18 21:55:21 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Taylor\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Taylor\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Taylor\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin8.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U33 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Taylor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 6.0.330.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - Extension: Google Drive = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: DivX HiQ = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Gmail = C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2011/09/06 20:56:24 | 000,001,809 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.] wwis-dubc1-vip60.adobe.com [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5

shockz13

Rookie Surfer
Rookie Surfer

Posts : 57
Joined : 2009-01-19
Operating System : Windows 7 Ultimate SP1

View user profile

Back to top Go down

Re: Unsure if infected

Post by shockz13 on Wed 21 Nov 2012, 12:32 pm

========== Files - Modified Within 30 Days ==========

[2012/11/20 19:05:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/20 18:57:35 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/20 18:55:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/20 18:55:16 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/20 18:54:15 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/20 18:54:13 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/20 18:36:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/20 18:27:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2209329743-2471226501-2642877297-1001UA.job
[2012/11/20 18:18:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/20 01:27:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2209329743-2471226501-2642877297-1001Core.job
[2012/11/19 22:20:28 | 000,000,641 | ---- | M] () -- C:\Users\Taylor\AppData\Roaming\pacemaker.ini
[2012/11/17 20:36:51 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/11/17 20:36:51 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/11/17 20:25:40 | 000,001,287 | ---- | M] () -- C:\Users\Public\Desktop\Smartlaunch Administrator 4.7.lnk
[2012/11/17 20:25:38 | 000,001,243 | ---- | M] () -- C:\Users\Public\Desktop\Smartlaunch Server 4.7.lnk
[2012/11/14 03:29:49 | 004,861,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/14 03:09:37 | 000,834,348 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/14 03:09:37 | 000,688,978 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/14 03:09:37 | 000,132,472 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/08 22:33:47 | 000,407,378 | ---- | M] () -- C:\Users\Taylor\Documents\Mumble-2012-11-08-22-33-44-mc.scootaloo.com-Mixdown.wav
[2012/11/08 22:30:33 | 000,275,228 | ---- | M] () -- C:\Users\Taylor\Documents\Mumble-2012-11-08-22-30-31-mc.scootaloo.com-Mixdown.wav
[2012/11/07 20:37:37 | 000,000,032 | ---- | M] () -- C:\Users\Taylor\jagex_cl_runescape_LIVE.dat
[2012/11/07 19:15:36 | 000,000,024 | ---- | M] () -- C:\Users\Taylor\random.dat
[2012/11/07 15:52:39 | 000,000,839 | ---- | M] () -- C:\Users\Taylor\Desktop\Diablo III.lnk
[2012/11/06 21:47:47 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) -- C:\Windows\SysNative\drivers\vrtaucbl.sys
[2012/11/06 21:17:20 | 000,000,949 | ---- | M] () -- C:\Users\Taylor\Desktop\Evaer.lnk
[2012/11/06 17:34:17 | 000,000,869 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012/11/03 17:48:57 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012/11/03 02:04:11 | 000,007,604 | ---- | M] () -- C:\Users\Taylor\AppData\Local\resmon.resmoncfg
[2012/11/02 18:55:52 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\AMD Fusion.lnk
[2012/10/30 22:36:55 | 000,001,190 | ---- | M] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2012/10/27 02:43:53 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\Torchlight II.lnk
[2012/10/27 02:20:27 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2012/10/27 02:07:31 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/10/27 01:55:51 | 000,000,412 | ---- | M] () -- C:\Windows\Cm112.ini.cfl
[2012/10/27 01:55:51 | 000,000,154 | ---- | M] () -- C:\Windows\Cm112.ini.imi
[2012/10/27 01:55:51 | 000,000,133 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2012/10/27 01:54:26 | 000,000,144 | ---- | M] () -- C:\Windows\System\Cm112.ini
[2012/10/27 01:43:24 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2012/10/27 01:43:24 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2012/10/27 01:43:23 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2012/10/27 01:43:21 | 001,008,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\user32.dll
[2012/10/26 21:36:36 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini

========== Files Created - No Company Name ==========

[2012/11/20 19:05:11 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/17 22:31:08 | 000,000,641 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\pacemaker.ini
[2012/11/17 20:25:40 | 000,001,287 | ---- | C] () -- C:\Users\Public\Desktop\Smartlaunch Administrator 4.7.lnk
[2012/11/17 20:25:38 | 000,001,243 | ---- | C] () -- C:\Users\Public\Desktop\Smartlaunch Server 4.7.lnk
[2012/11/14 03:07:08 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/14 03:00:56 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/08 22:33:44 | 000,407,378 | ---- | C] () -- C:\Users\Taylor\Documents\Mumble-2012-11-08-22-33-44-mc.scootaloo.com-Mixdown.wav
[2012/11/08 22:30:31 | 000,275,228 | ---- | C] () -- C:\Users\Taylor\Documents\Mumble-2012-11-08-22-30-31-mc.scootaloo.com-Mixdown.wav
[2012/11/07 15:52:39 | 000,000,839 | ---- | C] () -- C:\Users\Taylor\Desktop\Diablo III.lnk
[2012/11/06 21:17:20 | 000,000,949 | ---- | C] () -- C:\Users\Taylor\Desktop\Evaer.lnk
[2012/11/06 17:34:17 | 000,000,869 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2012/11/03 18:14:40 | 003,536,817 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012/11/02 18:55:52 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\AMD Fusion.lnk
[2012/10/30 22:36:55 | 000,001,190 | ---- | C] () -- C:\Users\Public\Desktop\aTube Catcher.lnk
[2012/10/27 02:43:53 | 000,000,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight II.lnk
[2012/10/27 02:43:53 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\Torchlight II.lnk
[2012/10/27 02:20:27 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[2012/10/27 02:20:27 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2012/10/27 01:55:51 | 000,389,120 | ---- | C] () -- C:\Windows\SysNative\CM112.cpl
[2012/10/27 01:55:51 | 000,139,264 | ---- | C] () -- C:\Windows\Vmix112.dll
[2012/10/27 01:54:08 | 000,313,344 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2012/10/26 21:24:51 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2012/07/03 23:34:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/03 23:34:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/06/26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/06/26 13:04:12 | 000,000,050 | ---- | C] () -- C:\Users\Taylor\jagex_cl_runescape_LIVE_BETA.dat
[2012/06/26 13:04:12 | 000,000,024 | ---- | C] () -- C:\Users\Taylor\random.dat
[2012/06/25 22:57:11 | 000,000,046 | ---- | C] () -- C:\Users\Taylor\jagex_cl_runescape_LIVE1.dat
[2012/06/18 21:49:03 | 000,001,456 | ---- | C] () -- C:\Users\Taylor\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/01/07 08:22:00 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012/01/07 08:21:50 | 006,366,094 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-53.dll
[2012/01/07 08:21:50 | 001,007,151 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-53.dll
[2012/01/07 08:21:50 | 000,354,979 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012/01/07 08:21:50 | 000,203,306 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012/01/07 08:21:50 | 000,138,727 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-2.dll
[2011/12/19 00:29:40 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/12/19 00:27:16 | 000,236,544 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/12/14 22:39:42 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/11/16 21:22:52 | 000,000,032 | ---- | C] () -- C:\Users\Taylor\jagex_cl_runescape_LIVE.dat
[2011/10/20 16:37:05 | 2323,295,386 | ---- | C] () -- C:\Users\Taylor\GCTOSJ.7z
[2011/10/10 01:48:28 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\CM112rm.dll
[2011/10/10 01:48:28 | 000,000,412 | ---- | C] () -- C:\Windows\Cm112.ini.cfl
[2011/10/10 01:47:41 | 000,065,536 | ---- | C] () -- C:\Windows\VMix.dll
[2011/10/10 01:47:41 | 000,002,049 | ---- | C] () -- C:\Windows\Cm112.ini.cfg
[2011/10/10 01:47:41 | 000,000,544 | ---- | C] () -- C:\Windows\cm112.ini
[2011/10/10 01:47:41 | 000,000,154 | ---- | C] () -- C:\Windows\Cm112.ini.imi
[2011/09/19 16:13:14 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011/09/13 21:22:54 | 000,000,132 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/09/12 23:08:13 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/22 09:02:16 | 000,004,187 | ---- | C] () -- C:\Users\Taylor\Adele_-_Rumour__(Twitch_Predictor_Remix).mp3.6540373.TPB.torrent
[2011/07/22 09:02:00 | 000,016,467 | ---- | C] () -- C:\Users\Taylor\Adele_Complete_Discography_[theLEAK].6413526.TPB.torrent
[2011/07/22 09:01:04 | 000,002,571 | ---- | C] () -- C:\Users\Taylor\Adele_-_Set_Fire_To_The_Rain_[2011Single]_320_kbps.6394702.TPB.torrent
[2011/07/22 09:00:43 | 000,016,403 | ---- | C] () -- C:\Users\Taylor\Foster_The_People_-_Pumped_Up_Kicks.6556043.TPB.torrent
[2011/07/02 21:17:23 | 000,055,999 | ---- | C] () -- C:\Users\Taylor\BA7354CC4C0C963FEDD32F58755AE5CC6A3AAC5E.torrent
[2011/05/24 17:49:17 | 000,000,307 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\RSBuddy_shockz14.ini
[2011/05/24 17:48:56 | 000,000,008 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\RSBuddy Login.ini
[2011/05/22 01:00:42 | 000,000,510 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/21 23:23:00 | 000,004,608 | ---- | C] () -- C:\Users\Taylor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/08 22:12:28 | 003,389,035 | ---- | C] () -- C:\Users\Taylor\eMule0.50a-Installer.exe
[2011/04/10 19:57:44 | 024,749,085 | ---- | C] () -- C:\Users\Taylor\Bonesaws MoneyTrainPkGuide 1.24.pdf
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/03/31 19:58:56 | 000,429,733 | ---- | C] () -- C:\Users\Taylor\1301623038783.jpg
[2011/03/26 21:06:20 | 011,547,648 | ---- | C] () -- C:\Users\Taylor\Eclipse Library Installer x86.exe
[2011/03/26 21:06:06 | 011,548,672 | ---- | C] () -- C:\Users\Taylor\Eclipse Library Installer x86-64(1).exe
[2011/03/26 21:05:28 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2011/03/26 21:04:18 | 011,548,672 | ---- | C] () -- C:\Users\Taylor\Eclipse Library Installer x86-64.exe
[2011/03/26 20:55:27 | 000,000,000 | ---- | C] () -- C:\Users\Taylor\FIFE-0.3.2r2_installer_win32.exe
[2011/03/26 20:37:29 | 000,001,682 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/03/26 20:37:29 | 000,000,088 | RHS- | C] () -- C:\ProgramData\41D5E19E8F.sys
[2011/03/02 21:54:40 | 000,045,832 | ---- | C] () -- C:\Users\Taylor\1299123650984.gif
[2011/03/02 17:43:14 | 000,087,995 | ---- | C] () -- C:\Users\Taylor\1299108029654.jpg
[2011/03/02 17:43:12 | 000,036,209 | ---- | C] () -- C:\Users\Taylor\1299107974624.jpg
[2011/03/02 17:43:07 | 000,100,699 | ---- | C] () -- C:\Users\Taylor\1299107892980.jpg
[2011/03/02 17:43:00 | 000,092,561 | ---- | C] () -- C:\Users\Taylor\1299107840581.jpg
[2011/03/02 17:42:57 | 000,105,309 | ---- | C] () -- C:\Users\Taylor\1299107792234.jpg
[2011/03/02 17:42:47 | 000,056,053 | ---- | C] () -- C:\Users\Taylor\1299107721735.jpg
[2011/03/02 17:42:39 | 000,033,726 | ---- | C] () -- C:\Users\Taylor\1299107648152.jpg
[2011/03/02 17:42:30 | 000,098,094 | ---- | C] () -- C:\Users\Taylor\1299107614751.jpg
[2011/03/02 17:42:10 | 000,116,459 | ---- | C] () -- C:\Users\Taylor\1299107541758.jpg
[2011/02/24 20:51:45 | 000,091,280 | ---- | C] () -- C:\Users\Taylor\56464646.jpg
[2011/02/22 22:36:43 | 002,283,674 | ---- | C] () -- C:\Users\Taylor\flashplayer-win.xpi
[2011/02/18 23:43:09 | 000,041,636 | ---- | C] () -- C:\Users\Taylor\1298080293058.jpg
[2011/02/10 13:56:16 | 000,033,808 | ---- | C] () -- C:\Users\Taylor\1297366519364.jpg
[2011/02/03 13:17:57 | 000,045,650 | ---- | C] () -- C:\Users\Taylor\class_outline-201110.pdf
[2011/02/01 00:48:18 | 003,723,033 | ---- | C] () -- C:\Users\Taylor\eac-1.0beta1.exe
[2011/02/01 00:46:16 | 002,744,087 | ---- | C] () -- C:\Users\Taylor\flac-1.2.1b.exe
[2011/01/23 23:34:50 | 000,113,355 | ---- | C] () -- C:\Users\Taylor\1295847132146.jpg
[2010/12/25 01:21:08 | 000,062,539 | ---- | C] () -- C:\Users\Taylor\1293261632537.jpg
[2010/12/24 23:30:31 | 000,076,362 | ---- | C] () -- C:\Users\Taylor\1293253551024.jpg
[2010/12/16 20:35:23 | 000,000,600 | ---- | C] () -- C:\Users\Taylor\AppData\Local\PUTTY.RND
[2010/12/11 00:40:30 | 000,266,696 | ---- | C] () -- C:\Users\Taylor\DM-238.exe
[2010/12/02 17:51:40 | 000,007,604 | ---- | C] () -- C:\Users\Taylor\AppData\Local\resmon.resmoncfg
[2010/11/27 15:33:33 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010/11/27 15:33:33 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010/11/27 15:33:33 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010/11/27 15:29:59 | 000,040,424 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2010/11/17 17:38:07 | 003,158,471 | ---- | C] () -- C:\Users\Taylor\Avisynth_256.exe
[2010/11/17 16:59:32 | 013,525,424 | ---- | C] () -- C:\Users\Taylor\Dropbox 0.7.110.exe
[2010/11/04 23:17:49 | 000,090,408 | ---- | C] () -- C:\Users\Taylor\1288934011194.jpg
[2010/11/04 23:09:12 | 000,024,893 | ---- | C] () -- C:\Users\Taylor\1288933403296.jpg
[2010/10/25 15:29:57 | 000,000,292 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\RSBot_Accounts.ini
[2010/10/02 01:49:12 | 000,000,094 | ---- | C] () -- C:\Users\Taylor\AppData\Local\fusioncache.dat
[2010/09/02 22:23:43 | 000,001,057 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\vso_ts_preview.xml
[2010/09/02 22:22:52 | 000,099,384 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\inst.exe
[2010/09/02 22:22:52 | 000,007,859 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\pcouffin.cat
[2010/09/02 22:22:52 | 000,001,167 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\pcouffin.inf
[2010/08/15 20:43:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/08/13 18:56:22 | 000,000,565 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\myMPQ.ini
[2010/08/10 01:22:19 | 000,000,600 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\winscp.rnd
[2010/08/10 01:18:27 | 000,002,307 | ---- | C] () -- C:\Users\Taylor\projects.html
[2010/07/27 02:34:29 | 000,000,000 | ---- | C] () -- C:\Users\Taylor\cacheVersion3.dat
[2010/07/27 02:33:27 | 034,470,910 | ---- | C] () -- C:\Users\Taylor\cache.zip
[2010/06/27 17:35:00 | 000,000,764 | ---- | C] () -- C:\Users\Taylor\AppData\Roaming\RSBot Accounts.ini
[2010/06/27 17:34:18 | 000,000,000 | ---- | C] () -- C:\Users\Taylor\jagex__preferences3.dat
[2010/06/27 17:34:17 | 000,000,129 | ---- | C] () -- C:\Users\Taylor\jagex_runescape_preferences2.dat
[2010/06/27 17:32:48 | 000,000,046 | ---- | C] () -- C:\Users\Taylor\jagex_runescape_preferences.dat

========== ZeroAccess Check ==========

[2010/12/29 01:47:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l
[2010/12/29 01:47:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n
[2010/12/29 01:48:35 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u
[2010/12/29 01:43:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\17\l
[2010/12/29 01:43:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\17\n
[2010/12/29 01:43:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\17\u
[2010/12/29 01:43:51 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\18\l
[2010/12/29 01:43:51 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\18\n
[2010/12/29 01:43:52 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\18\u
[2010/12/29 01:43:57 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\19\l
[2010/12/29 01:43:57 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\19\n
[2010/12/29 01:43:57 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\19\u
[2010/12/29 01:44:01 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1a\l
[2010/12/29 01:44:01 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1a\n
[2010/12/29 01:44:01 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1a\u
[2010/12/29 01:44:05 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1b\l
[2010/12/29 01:44:05 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1b\n
[2010/12/29 01:44:05 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1b\u
[2010/12/29 01:44:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1c\l
[2010/12/29 01:44:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1c\n
[2010/12/29 01:44:12 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1c\u
[2010/12/29 01:44:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1d\l
[2010/12/29 01:44:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1d\n
[2010/12/29 01:44:20 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1d\u
[2010/12/29 01:44:23 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1e\l
[2010/12/29 01:44:23 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1e\n
[2010/12/29 01:44:24 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1e\u
[2010/12/29 01:44:28 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1f\l
[2010/12/29 01:44:28 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1f\n
[2010/12/29 01:44:29 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1f\u
[2010/12/29 01:44:35 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1g\l
[2010/12/29 01:44:35 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1g\n
[2010/12/29 01:44:36 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1g\u
[2010/12/29 01:44:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1h\l
[2010/12/29 01:44:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1h\n
[2010/12/29 01:44:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1h\u
[2010/12/29 01:44:49 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1i\l
[2010/12/29 01:44:49 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1i\n
[2010/12/29 01:44:50 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1i\u
[2010/12/29 01:44:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1j\l
[2010/12/29 01:44:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1j\n
[2010/12/29 01:44:57 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1j\u
[2010/12/29 01:45:01 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1k\l
[2010/12/29 01:45:02 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1k\n
[2010/12/29 01:45:02 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1k\u
[2010/12/29 01:45:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1l\l
[2010/12/29 01:45:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1l\n
[2010/12/29 01:45:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1l\u
[2010/12/29 01:45:15 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1m\l
[2010/12/29 01:45:15 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1m\n
[2010/12/29 01:45:16 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1m\u
[2010/12/29 01:45:22 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1n\l
[2010/12/29 01:45:22 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1n\n
[2010/12/29 01:45:23 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1n\u
[2010/12/29 01:45:35 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1o\l
[2010/12/29 01:45:35 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1o\n
[2010/12/29 01:45:35 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1o\u
[2010/12/29 01:45:37 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1p\l
[2010/12/29 01:45:37 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1p\n
[2010/12/29 01:45:38 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1p\u
[2010/12/29 01:45:41 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1q\l
[2010/12/29 01:45:41 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1q\n
[2010/12/29 01:45:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1q\u
[2010/12/29 01:45:45 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1r\l
[2010/12/29 01:45:45 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1r\n
[2010/12/29 01:45:45 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1r\u
[2010/12/29 01:45:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\2\l
[2010/12/29 01:45:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\2\n
[2010/12/29 01:45:49 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\2\u
[2010/12/29 01:45:51 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\3\l
[2010/12/29 01:45:51 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\3\n
[2010/12/29 01:45:52 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\3\u
[2010/12/29 01:45:55 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\4\l
[2010/12/29 01:45:55 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\4\n
[2010/12/29 01:45:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\4\u
[2010/12/29 01:46:02 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\5\l
[2010/12/29 01:46:02 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\5\n
[2010/12/29 01:46:02 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\5\u
[2010/12/29 01:46:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\6\l
[2010/12/29 01:46:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\6\n
[2010/12/29 01:46:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\6\u
[2010/12/29 01:46:15 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\7\l
[2010/12/29 01:46:15 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\7\n
[2010/12/29 01:46:15 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\7\u
[2010/12/29 01:46:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\8\l
[2010/12/29 01:46:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\8\n
[2010/12/29 01:46:20 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\8\u
[2010/12/29 01:46:24 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\9\l
[2010/12/29 01:46:24 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\9\n
[2010/12/29 01:46:24 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\9\u
[2010/12/29 01:46:29 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\a\l
[2010/12/29 01:46:29 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\a\n
[2010/12/29 01:46:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\a\u
[2010/12/29 01:46:36 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\b\l
[2010/12/29 01:46:36 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\b\n
[2010/12/29 01:46:37 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\b\u
[2010/12/29 01:46:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\c\l
[2010/12/29 01:46:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\c\n
[2010/12/29 01:46:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\c\u
[2010/12/29 01:46:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\d\l
[2010/12/29 01:46:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\d\n
[2010/12/29 01:46:49 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\d\u
[2010/12/29 01:46:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\e\l
[2010/12/29 01:46:57 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\e\n
[2010/12/29 01:46:58 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\e\u
[2010/12/29 01:47:07 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\f\l
[2010/12/29 01:47:08 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\f\n
[2010/12/29 01:47:08 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\f\u
[2010/12/29 01:47:12 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\g\l
[2010/12/29 01:47:12 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\g\n
[2010/12/29 01:47:12 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\g\u
[2010/12/29 01:47:15 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\h\l
[2010/12/29 01:47:16 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\h\n
[2010/12/29 01:47:16 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\h\u
[2010/12/29 01:47:24 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\i\l
[2010/12/29 01:47:25 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\i\n
[2010/12/29 01:47:26 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\i\u
[2010/12/29 01:47:32 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\j\l
[2010/12/29 01:47:32 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\j\n
[2010/12/29 01:47:33 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\j\u
[2010/12/29 01:47:38 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\k\l
[2010/12/29 01:47:38 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\k\n
[2010/12/29 01:47:39 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\k\u
[2010/12/29 01:47:45 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\l
[2010/12/29 01:47:45 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\n
[2010/12/29 01:47:45 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\u
[2010/12/29 01:47:50 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\m\l
[2010/12/29 01:47:50 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\m\n
[2010/12/29 01:47:50 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\m\u
[2010/12/29 01:47:54 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\l
[2010/12/29 01:47:55 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\n
[2010/12/29 01:47:55 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\u
[2010/12/29 01:47:59 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\o\l
[2010/12/29 01:47:59 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\o\n
[2010/12/29 01:48:01 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\o\u
[2010/12/29 01:48:05 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\p\l
[2010/12/29 01:48:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\p\n
[2010/12/29 01:48:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\p\u
[2010/12/29 01:48:13 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\q\l
[2010/12/29 01:48:13 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\q\n
[2010/12/29 01:48:13 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\q\u
[2010/12/29 01:48:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\r\l
[2010/12/29 01:48:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\r\n
[2010/12/29 01:48:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\r\u
[2010/12/29 01:48:25 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\s\l
[2010/12/29 01:48:25 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\s\n
[2010/12/29 01:48:26 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\s\u
[2010/12/29 01:48:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\t\l
[2010/12/29 01:48:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\t\n
[2010/12/29 01:48:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\t\u
[2010/12/29 01:48:34 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\l
[2010/12/29 01:48:35 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\n
[2010/12/29 01:48:35 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\u
[2010/12/29 01:48:39 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\v\l
[2010/12/29 01:48:39 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\v\n
[2010/12/29 01:48:39 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\v\u
[2010/12/29 01:48:44 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\w\l
[2010/12/29 01:48:44 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\w\n
[2010/12/29 01:48:45 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\w\u
[2010/12/29 01:48:50 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\x\l
[2010/12/29 01:48:50 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\x\n
[2010/12/29 01:48:51 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\x\u
[2010/12/29 01:48:54 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\y\l
[2010/12/29 01:48:54 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\y\n
[2010/12/29 01:48:55 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\y\u
[2010/12/29 01:48:58 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\z\l
[2010/12/29 01:48:58 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\z\n
[2010/12/29 01:48:59 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\z\u
[2010/10/25 23:53:07 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$RLOJYWP\u
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/06/15 17:02:14 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/06/15 17:02:14 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/06/15 17:02:14 | 000,867,072 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe [2012/06/15 17:02:20 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -preferences [2012/06/15 17:02:20 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode [2012/06/15 17:02:20 | 000,913,888 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/31 16:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/31 16:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/31 16:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/10/31 16:15:08 | 001,242,136 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/07/30 19:23:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/07/30 19:23:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/07/30 19:23:43 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/10/08 02:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/10/08 02:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/06/15 17:02:14 | 000,867,072 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/06/15 17:02:14 | 000,867,072 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/06/15 17:02:14 | 000,867,072 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE [2012/06/15 17:02:20 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -PREFERENCES [2012/06/15 17:02:20 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE [2012/06/15 17:02:20 | 000,913,888 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\USERS\TAYLOR\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/10/31 16:15:08 | 001,242,136 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\USERS\TAYLOR\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/10/31 16:15:08 | 001,242,136 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\USERS\TAYLOR\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/10/31 16:15:08 | 001,242,136 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\USERS\TAYLOR\APPDATA\LOCAL\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/10/31 16:15:08 | 001,242,136 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/07/30 19:23:36 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/07/30 19:23:36 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/07/30 19:23:36 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/10/08 02:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/10/08 02:37:24 | 000,748,704 | ---- | M] (Microsoft Corporation)

shockz13

Rookie Surfer
Rookie Surfer

Posts : 57
Joined : 2009-01-19
Operating System : Windows 7 Ultimate SP1

View user profile

Back to top Go down

Re: Unsure if infected

Post by shockz13 on Wed 21 Nov 2012, 12:33 pm

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >
[2010/06/25 13:16:54 | 000,680,440 | ---- | M] (Microsoft Corporation) MD5=25D0A711E33C75B197D76884DBA1DBF1 -- C:\DPInst.exe

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\ /s >

< %PROGRAMFILES%\*. >
[2012/07/14 23:32:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2012/11/02 18:55:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD
[2010/09/11 23:26:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apache Software Foundation
[2012/10/25 13:50:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011/10/19 18:35:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASIO4ALL v2
[2012/11/03 17:55:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI
[2010/09/25 14:40:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ATI Technologies
[2011/09/12 23:10:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2010/06/25 18:41:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2010/11/17 17:38:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AviSynth 2.5
[2011/10/04 16:56:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Battlelog Web Plugins
[2011/07/04 23:48:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bethesda Softworks
[2012/06/11 15:36:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bohemia Interactive
[2012/10/25 13:56:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011/07/25 20:26:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Burrrn
[2010/04/05 03:01:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner
[2012/11/03 17:55:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010/08/13 18:02:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011/09/13 20:53:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dead Island
[2012/05/16 19:32:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Diablo II
[2011/02/14 18:55:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2012/10/30 22:35:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DsNET Corp
[2011/06/21 14:13:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EA Games
[2012/04/02 15:34:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Eidos
[2012/11/06 21:17:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Evaer
[2011/02/01 00:55:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Exact Audio Copy
[2010/10/30 00:39:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ffdshow
[2011/03/13 22:56:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FitDay
[2011/02/01 00:52:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FLAC
[2012/08/03 23:20:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FontExpert
[2012/10/27 02:20:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\foobar2000
[2010/12/18 01:11:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\freeSSHd
[2012/06/10 15:23:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GameSpy Arcade
[2012/11/03 02:08:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Golden Bow
[2012/01/30 21:47:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2012/06/26 22:12:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Heroes of Newerth
[2010/12/16 21:06:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ICW
[2011/03/16 22:24:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ImgBurn
[2012/07/14 23:38:45 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/11/14 03:26:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2012/10/25 14:01:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010/12/24 00:14:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2012/10/16 23:03:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JDownloader
[2011/10/12 21:14:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Last.fm
[2010/09/14 17:13:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LEGO Software
[2011/05/10 18:52:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LimeWire
[2010/11/27 02:13:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Livestream Procaster
[2012/11/20 19:05:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/09 12:01:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games
[2011/05/06 03:02:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011/04/07 20:19:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SDKs
[2012/05/10 03:32:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/04/07 20:21:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server
[2011/04/07 20:21:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/04/07 20:21:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/04/07 20:21:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2011/05/26 22:59:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft XNA
[2011/04/07 20:19:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011/02/04 18:12:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mIRC
[2012/08/24 15:42:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2012/06/28 15:17:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2011/10/16 21:58:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mp3tag
[2012/01/29 22:44:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mr QuestionMan
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2012/06/15 03:00:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2012/07/14 22:09:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mumble
[2010/08/10 01:13:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NeoSmart Technologies
[2011/05/10 19:30:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Net Tools
[2012/07/08 00:37:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Notepad++
[2012/11/03 18:22:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2011/11/11 17:19:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Origin
[2011/10/02 21:15:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Origin Games
[2012/10/23 15:49:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pando Networks
[2010/06/27 03:06:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Project64 1.6
[2011/01/26 14:17:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime Alternative
[2010/10/24 00:36:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\RayV
[2010/12/17 18:51:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2012/07/14 23:39:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Samsung
[2012/10/16 23:04:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Screaming Bee
[2012/06/12 15:29:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SIX Projects
[2012/04/08 14:09:26 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2012/04/13 02:53:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Skype Player
[2012/11/17 20:25:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Smartlaunch
[2012/08/28 19:40:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarCraft II
[2012/11/13 15:49:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2010/07/03 01:46:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TeamViewer
[2010/12/17 18:53:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp
[2012/03/20 20:03:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\THQ
[2012/10/27 02:47:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Torchlight II
[2010/10/02 01:19:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Turbine
[2011/03/06 18:57:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TVersity
[2010/10/28 23:54:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TVersity Codec Pack
[2009/07/13 22:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2012/08/11 14:47:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent
[2010/07/11 02:32:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2011/09/06 16:31:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VirtualDJ
[2012/10/17 16:38:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Voobly
[2010/09/02 22:22:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VSO
[2012/07/14 23:56:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VstPlugins
[2012/08/04 01:15:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Winamp
[2011/05/10 16:17:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Winamp Detect
[2009/07/13 23:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/03/31 03:00:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/07/31 03:37:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/07/31 03:37:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 23:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/07/31 03:37:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/07/31 03:37:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/07/31 03:37:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/04/11 21:20:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinPcap
[2011/08/27 13:58:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinSCP
[2012/10/31 16:35:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\World of Warcraft
[2012/01/12 03:28:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Xfire
[2010/07/09 23:34:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Xvid

< %appdata%\*.* >
[2012/06/19 15:59:02 | 000,000,132 | ---- | M] () -- C:\Users\Taylor\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/09/02 22:22:52 | 000,099,384 | ---- | M] () -- C:\Users\Taylor\AppData\Roaming\inst.exe
[2010/08/13 18:59:03 | 000,000,565 | ---- | M] () -- C:\Users\Taylor\AppData\Roaming\myMPQ.ini
[2012/11/19 22:20:28 | 000,000,641 | ---- | M] () -- C:\Users\Taylor\AppData\Roaming\pacemaker.ini
[2012/08/04 01:15:13 | 000,000,010 | ---- | M] () -- C:\Users\Taylor\AppData\Roaming\pacemaker_songparams.txt
[2010/09/02 22:22:52 | 000,007,859 | ---- | M] () -- C:\Users\Taylor\AppData\Roaming\pcouffin.cat
[2010/09/02 22:22:52 | 000,001,167 | ---- | M] () -- C:\Users\Taylor\AppData\Roaming\pcouffin.inf
[2010/09/02 22:23:25 | 000,000,034 | ---- | M] () -- C:\Users\Taylor\AppData\Roaming\pcouffin.log
[2010/09/02 22:22:52 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Taylor\AppData\Roaming\pcouffin.sys
[2010/07/04 01:05:15 | 000,000,764 | ---- | M] () -- C:\Users\Taylor\AppData\Roaming\RSBot Accounts.ini
[2011/05/21 11:11:42 | 000,000,292 | ---- | M] () -- C:\Users\Taylor\AppData\Roaming\RSBot_Accounts.ini
[2011/05/25 11:44:06 | 000,000,008 | ---- | M] () -- C:\Users\Taylor\AppData\Roaming\RSBuddy Login.ini
[2011/05/24 17:49:17 | 000,000,307 | ---- | M] () -- C:\Users\Taylor\AppData\Roaming\RSBuddy_shockz14.ini
[2010/11/06 00:55:51 | 000,001,057 | ---- | M] () -- C:\Users\Taylor\AppData\Roaming\vso_ts_preview.xml
[2011/09/28 19:23:58 | 000,000,600 | ---- | M] () -- C:\Users\Taylor\AppData\Roaming\winscp.rnd

< MD5 for: AFD.SYS >
[2011/12/27 21:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/27 21:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/27 22:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 20:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 17:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/27 22:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 03:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 20:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 21:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 21:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 20:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 19:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2012/06/01 22:52:32 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=063DD65889D21035311463337BD268E7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[2012/04/23 22:36:42 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=06E771AA596B8761107AB57E99F128D7 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_77ff39f3f916c65f\cryptsvc.dll
[2010/11/20 07:25:59 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=15597883FBE9B056F276ADA3AD87D9AF -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[2012/04/23 22:28:22 | 000,142,336 | ---- | M] (Microsoft Corporation) MD5=21993009E0CCB9B4FA195F14D3408626 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_7854c7b7125b248c\cryptsvc.dll
[2012/06/01 23:32:25 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=456107D69D4EE850A559434F19EFEE65 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_d2beeccacd6d6c07\cryptsvc.dll
[2012/04/23 23:37:37 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=4F5414602E2544A4554D95517948B705 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17827_none_d41dd577b1743795\cryptsvc.dll
[2012/04/23 22:47:04 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=520A108A2657F4BCA7FCED9CA7D885DE -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_762f534bfbdf7203\cryptsvc.dll
[2012/06/04 01:52:35 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=7E7D2DACF65D750D466F36BD3D09AE20 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[2009/07/13 19:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2012/06/01 22:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\SysWOW64\cryptsvc.dll
[2012/06/01 22:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) MD5=96C0E38905CFD788313BE8E11DAE3F2F -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[2012/06/01 23:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\Windows\SysNative\cryptsvc.dll
[2012/06/01 23:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=9C01375BE382E834CC26D1B7EAF2C4FE -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[2009/07/13 19:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll
[2010/11/20 06:18:24 | 000,136,192 | ---- | M] (Microsoft Corporation) MD5=A585BEBF7D054BD9618EDA0922D5484A -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
[2012/04/23 23:22:32 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=B7337E9C9E5936355BB700AA33E0936E -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.21979_none_d473633acab895c2\cryptsvc.dll
[2012/06/01 23:25:12 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=BAF19B633933A9FB4883D27D66C39E9A -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_d22a7e2db457eb07\cryptsvc.dll
[2012/04/23 23:36:46 | 000,183,808 | ---- | M] (Microsoft Corporation) MD5=CE8BF1423AEE47DA5275FBC8AD3BD642 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_d2773c98cda297d3\cryptsvc.dll
[2012/06/01 22:41:59 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=EA8C26ECF1656D9647EF044F115EC6DA -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21225_none_76a05147150ffad1\cryptsvc.dll
[2012/04/23 23:59:45 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=F02786B66375292E58C8777082D4396D -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17008_none_d24deecfb43ce339\cryptsvc.dll
[2012/06/01 22:45:21 | 000,139,264 | ---- | M] (Microsoft Corporation) MD5=F2FDE6C8DBAAD44CC58D1E07E4AF4EED -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.17035_none_760be2a9fbfa79d1\cryptsvc.dll
[2012/04/23 22:33:53 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=F522279B4717E2BFF269C771FAC2B78E -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.21199_none_7658a1151545269d\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\SysNative\dnsrslvr.dll
[2011/03/03 00:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=16835866AAA693C7D7FCEBA8FFF706E4 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_3fc3a19c992d2ff6\dnsrslvr.dll
[2009/07/13 19:40:32 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=676108C4E3AA6F6B34633748BD0BEBD9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16385_none_3dd76e849c0a6a12\dnsrslvr.dll
[2011/03/03 00:17:10 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=85CF424C74A1D5EC33533E1DBFF9920A -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.16772_none_3ddf452a9c04f6b8\dnsrslvr.dll
[2011/03/03 00:12:55 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=B2205BAEAE4C178ABEB1B149751FC2B9 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_40503f45b2481bc5\dnsrslvr.dll
[2010/11/20 07:26:07 | 000,183,296 | ---- | M] (Microsoft Corporation) MD5=CD55F5355D8F55D44C9F4ED875705BD6 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4008824c98f8edac\dnsrslvr.dll
[2011/03/03 00:23:37 | 000,182,272 | ---- | M] (Microsoft Corporation) MD5=D8065FA366D28746EE3D75F08ED6B2FE -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20914_none_3eabc3f7b4f01eb1\dnsrslvr.dll

< MD5 for: ES.DLL >
[2012/10/31 16:14:04 | 000,008,728 | ---- | M] () MD5=07C0EEFCED87271FD2844DA8EE8B6042 -- C:\Users\Taylor\AppData\Local\Google\Chrome\Application\23.0.1271.64\Locales\es.dll
[2012/08/17 16:27:53 | 000,008,728 | ---- | M] () MD5=328868A14EB90E6A8EA9F3FC59FC49BB -- C:\Users\Taylor\AppData\Local\Google\Chrome\Application\21.0.1180.83\Locales\es.dll
[2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\SysNative\es.dll
[2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) MD5=4166F82BE4D24938977DD1746BE9B8A0 -- C:\Windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[2012/10/10 04:05:14 | 000,008,728 | ---- | M] () MD5=543EC1FF66953631A17477AEC9C7A111 -- C:\Users\Taylor\AppData\Local\Google\Chrome\Application\22.0.1229.94\Locales\es.dll
[2010/01/05 23:13:22 | 000,109,056 | R--- | M] () MD5=9CEF7F3B53832F993CE56966B883F0DE -- C:\Program Files (x86)\TVersity\Media Server1\locales\es.dll
[2012/10/03 19:14:58 | 000,008,728 | ---- | M] () MD5=CA2C5AA0DAC841157AE8680A48700073 -- C:\Users\Taylor\AppData\Local\Google\Chrome\Application\22.0.1229.92\Locales\es.dll
[2012/08/29 20:57:44 | 000,008,728 | ---- | M] () MD5=F01EB2548FC7BAEC80C00941089000DE -- C:\Users\Taylor\AppData\Local\Google\Chrome\Application\21.0.1180.89\Locales\es.dll
[2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\SysWOW64\es.dll
[2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) MD5=F6916EFC29D9953D5D0DF06882AE8E16 -- C:\Windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll
[2012/09/25 03:41:57 | 000,008,728 | ---- | M] () MD5=FABB2C5368FC626FB1D2A214028DF8EF -- C:\Users\Taylor\AppData\Local\Google\Chrome\Application\22.0.1229.79\Locales\es.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 19:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 23:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 23:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 23:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 00:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 00:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 23:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 00:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 23:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 19:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 00:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 00:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 00:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\SysNative\ipnathlp.dll
[2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) MD5=B95F6501A2F8B2E78C697FEC401970CE -- C:\Windows\winsxs\amd64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_60c2504d62fd4f0e\ipnathlp.dll

< MD5 for: NETBT.SYS >
[2010/11/20 03:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 03:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
[2009/07/13 17:21:29 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=9162B273A44AB9DCE5B44362731D062A -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_bc59ba0910f52e0c\netbt.sys

< MD5 for: NETMAN.DLL >
[2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\SysNative\netman.dll
[2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=847D3AE376C0817161A14A82C8922A9E -- C:\Windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll

< MD5 for: QMGR.DLL >
[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[2009/07/13 19:41:53 | 000,848,384 | ---- | M] (Microsoft Corporation) MD5=7F0C323FE3DA28AA4AA1BDA3F575707F -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_7f85b69413231233\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/20 07:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2009/07/13 19:41:53 | 000,509,440 | ---- | M] (Microsoft Corporation) MD5=7266972E86890E2B30C0C322E906B027 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2011/04/24 23:28:24 | 001,893,248 | ---- | M] (Microsoft Corporation) MD5=1F748D5439B65E0BEBD92F65048F030D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_0fb918de99201ffb\tcpip.sys
[2012/10/03 11:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/10/03 11:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2011/09/29 11:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2010/11/20 07:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2011/06/21 00:16:55 | 001,888,128 | ---- | M] (Microsoft Corporation) MD5=5279D4DD69C7C71524B8E7A5746D15CC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_0f8ed978993fa916\tcpip.sys
[2010/06/14 00:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2012/03/30 04:19:17 | 001,877,872 | ---- | M] (Microsoft Corporation) MD5=5EFD096DEF47F8B88EF591DA92143440 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21178_none_0faa5514992a39a7\tcpip.sys
[2011/04/24 23:32:22 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=61DC720BB065D607D5823F13D2A64321 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_0f668bf97fd90dd3\tcpip.sys
[2012/03/30 05:09:53 | 001,895,280 | ---- | M] (Microsoft Corporation) MD5=624C5B3AA4C99B3184BB922D9ECE3FF0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16986_none_0f140fa780164fde\tcpip.sys
[2012/08/22 12:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012/03/30 04:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2010/06/14 00:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/13 19:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[2011/04/24 23:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2011/06/21 00:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2011/09/29 10:17:51 | 001,886,064 | ---- | M] (Microsoft Corporation) MD5=AC3E29880DB5659532A1AA3439304A43 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.21060_none_0fad20ca992955d7\tcpip.sys
[2012/03/30 05:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2011/04/25 00:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2011/06/21 00:27:14 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=B9D87C7707F058AC652A398CD28DE14B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_0f4d1e3b7feb1307\tcpip.sys
[2012/10/03 11:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2011/06/21 00:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2011/09/29 10:24:44 | 001,897,328 | ---- | M] (Microsoft Corporation) MD5=F18F56EFC0BFB9C87BA01C37B27F4DA5 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16889_none_0f170e9f80139ebc\tcpip.sys
[2012/08/22 12:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2011/09/29 10:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< MD5 for: TDX.SYS >
[2009/07/13 17:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
[2010/11/20 03:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SysNative\drivers\tdx.sys
[2010/11/20 03:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 19:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 19:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2010/11/20 07:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 07:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 07:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 19:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 19:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/13 19:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 19:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 19:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 01:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 00:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WMISVC.DLL >
[2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\SysNative\wbem\WMIsvc.dll
[2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7600.16385_none_fca7ad7710a22535\WMIsvc.dll
[2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) MD5=19B07E7E8915D701225DA41CB3877306 -- C:\Windows\winsxs\amd64_microsoft-windows-wmi-core-svc_31bf3856ad364e35_6.1.7601.17514_none_fed8c13f0d90a8cf\WMIsvc.dll

< MD5 for: WSCSVC.DLL >
[2010/12/21 00:09:08 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=34D280957E8681E4BD9492B3F1FC27B9 -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.20862_none_76d192b6e4d9ed67\wscsvc.dll
[2010/12/21 00:16:27 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=8F9F3969933C02DA96EB0F84576DB43E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16723_none_767435e5cb9af730\wscsvc.dll
[2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\SysNative\wscsvc.dll
[2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7600.16385_none_76354f59cbc9dce8\wscsvc.dll
[2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) MD5=E8B1FE6669397D1772D8196DF0E57A9E -- C:\Windows\winsxs\amd64_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_78666321c8b86082\wscsvc.dll

< End of report >



# AdwCleaner v2.008 - Logfile created 11/20/2012 at 19:25:13
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : Taylor - TAYLOR-PC
# Boot Mode : Normal
# Running from : C:\Users\Taylor\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Users\Taylor\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\iy3jgbm5.default\extensions\staged

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = [You must be registered and logged in to see this link.] --> [You must be registered and logged in to see this link.]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = [You must be registered and logged in to see this link.] --> [You must be registered and logged in to see this link.]

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default
File : C:\Users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\iy3jgbm5.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Taylor\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3353 octets] - [20/11/2012 19:25:13]

########## EOF - C:\AdwCleaner[S1].txt - [3413 octets] ##########


shockz13

Rookie Surfer
Rookie Surfer

Posts : 57
Joined : 2009-01-19
Operating System : Windows 7 Ultimate SP1

View user profile

Back to top Go down

Re: Unsure if infected

Post by shockz13 on Wed 21 Nov 2012, 12:35 pm

No extras.txt was created

shockz13

Rookie Surfer
Rookie Surfer

Posts : 57
Joined : 2009-01-19
Operating System : Windows 7 Ultimate SP1

View user profile

Back to top Go down

Re: Unsure if infected

Post by Rodel Ituralde on Thu 22 Nov 2012, 7:16 am

Hello, and welcome to GeekPolice.

I'm Rodel Ituralde and I will be helping you with your issues.

Please note the following information about the malware forum:

  • Only Tech Officers, Global Moderators, Administrators, and Malware Advisors are allowed to give advice on removing malware from your computer.
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, do one of two things:

    Reply to this topic with the word BUMP, or see [You must be registered and logged in to see this link.]

  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


I am a student and will need to get approval prior to each step. I will return shortly with the first step.

Rodel Ituralde

Senior Surfer
Senior Surfer

Posts : 387
Joined : 2011-01-27
Operating System : Windows 7 Home Edition 32-bit, Windows 7 Home Edition 64-bit and Ubuntu 10.4

View user profile

Back to top Go down

Re: Unsure if infected

Post by Rodel Ituralde on Thu 22 Nov 2012, 4:00 pm

Good afternoon shockz13,

***Your log shows you have the uTorrent client installed, which is a P2P (Peer-to-Peer) file sharing program.***

I highly recommend that you consider uninstalling it. P2P programs represent a security threat to the information on your system as they allow others to access your system. Just look at the number of high profile compromises in the news as a result of P2P software:

Data about Obama's helicopter breached via P2P?
Leak of congressional ethics document prompts calls for cybersecurity probe
Walter Reed suffers peer-to-peer data breach
Update: Seattle man arrested for p-to-p ID theft

More listed here:
Data Security Threats And Breaches
You should read the link at the bottom of that page:
Why File Sharing Networks Are Dangerous (Dartmouth study, .pdf file)

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to-remove malware. There are many risks associated with P2P programs; none are worth the risks.

If you don't uninstall the P2P software, I will continue to help clean your system, but please realise that it's likely only a matter of time before you are infected again.

=====

You also have the Ask Toolbar (AskBarDis) installed. I strongly recommend you remove the Ask Toolbar from your computer because:

It promotes its toolbars on sites targeted at kids.
It promotes its toolbars through ads that appear to be part of other companies' sites.
It promotes its toolbars through other companies' spyware.
It is installed without any disclosure whatsoever and without any consent from the user whatsoever.
It solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.



Please go to Start>Control Panel>Programs and Features>Programs and uninstall the following programs (if present):

  • AskBarDis
  • uTorrent

Please restart your computer after these program removals.

=====

Next, pease run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
    IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
    IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = [You must be registered and logged in to see this link.]
    [2011/03/20 20:10:43 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
    [2010/12/29 01:47:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l
    [2010/12/29 01:47:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n
    [2010/12/29 01:48:35 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u
    [2010/12/29 01:43:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\17\l
    [2010/12/29 01:43:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\17\n
    [2010/12/29 01:43:46 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\17\u
    [2010/12/29 01:43:51 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\18\l
    [2010/12/29 01:43:51 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\18\n
    [2010/12/29 01:43:52 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\18\u
    [2010/12/29 01:43:57 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\19\l
    [2010/12/29 01:43:57 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\19\n
    [2010/12/29 01:43:57 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\19\u
    [2010/12/29 01:44:01 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1a\l
    [2010/12/29 01:44:01 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1a\n
    [2010/12/29 01:44:01 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1a\u
    [2010/12/29 01:44:05 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1b\l
    [2010/12/29 01:44:05 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1b\n
    [2010/12/29 01:44:05 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1b\u
    [2010/12/29 01:44:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1c\l
    [2010/12/29 01:44:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1c\n
    [2010/12/29 01:44:12 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1c\u
    [2010/12/29 01:44:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1d\l
    [2010/12/29 01:44:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1d\n
    [2010/12/29 01:44:20 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1d\u
    [2010/12/29 01:44:23 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1e\l
    [2010/12/29 01:44:23 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1e\n
    [2010/12/29 01:44:24 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1e\u
    [2010/12/29 01:44:28 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1f\l
    [2010/12/29 01:44:28 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1f\n
    [2010/12/29 01:44:29 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1f\u
    [2010/12/29 01:44:35 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1g\l
    [2010/12/29 01:44:35 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1g\n
    [2010/12/29 01:44:36 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1g\u
    [2010/12/29 01:44:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1h\l
    [2010/12/29 01:44:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1h\n
    [2010/12/29 01:44:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1h\u
    [2010/12/29 01:44:49 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1i\l
    [2010/12/29 01:44:49 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1i\n
    [2010/12/29 01:44:50 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1i\u
    [2010/12/29 01:44:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1j\l
    [2010/12/29 01:44:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1j\n
    [2010/12/29 01:44:57 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1j\u
    [2010/12/29 01:45:01 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1k\l
    [2010/12/29 01:45:02 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1k\n
    [2010/12/29 01:45:02 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1k\u
    [2010/12/29 01:45:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1l\l
    [2010/12/29 01:45:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1l\n
    [2010/12/29 01:45:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1l\u
    [2010/12/29 01:45:15 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1m\l
    [2010/12/29 01:45:15 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1m\n
    [2010/12/29 01:45:16 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1m\u
    [2010/12/29 01:45:22 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1n\l
    [2010/12/29 01:45:22 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1n\n
    [2010/12/29 01:45:23 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1n\u
    [2010/12/29 01:45:35 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1o\l
    [2010/12/29 01:45:35 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1o\n
    [2010/12/29 01:45:35 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1o\u
    [2010/12/29 01:45:37 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1p\l
    [2010/12/29 01:45:37 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1p\n
    [2010/12/29 01:45:38 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1p\u
    [2010/12/29 01:45:41 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1q\l
    [2010/12/29 01:45:41 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1q\n
    [2010/12/29 01:45:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1q\u
    [2010/12/29 01:45:45 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1r\l
    [2010/12/29 01:45:45 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1r\n
    [2010/12/29 01:45:45 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1r\u
    [2010/12/29 01:45:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\2\l
    [2010/12/29 01:45:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\2\n
    [2010/12/29 01:45:49 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\2\u
    [2010/12/29 01:45:51 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\3\l
    [2010/12/29 01:45:51 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\3\n
    [2010/12/29 01:45:52 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\3\u
    [2010/12/29 01:45:55 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\4\l
    [2010/12/29 01:45:55 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\4\n
    [2010/12/29 01:45:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\4\u
    [2010/12/29 01:46:02 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\5\l
    [2010/12/29 01:46:02 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\5\n
    [2010/12/29 01:46:02 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\5\u
    [2010/12/29 01:46:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\6\l
    [2010/12/29 01:46:09 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\6\n
    [2010/12/29 01:46:11 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\6\u
    [2010/12/29 01:46:15 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\7\l
    [2010/12/29 01:46:15 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\7\n
    [2010/12/29 01:46:15 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\7\u
    [2010/12/29 01:46:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\8\l
    [2010/12/29 01:46:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\8\n
    [2010/12/29 01:46:20 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\8\u
    [2010/12/29 01:46:24 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\9\l
    [2010/12/29 01:46:24 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\9\n
    [2010/12/29 01:46:24 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\9\u
    [2010/12/29 01:46:29 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\a\l
    [2010/12/29 01:46:29 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\a\n
    [2010/12/29 01:46:30 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\a\u
    [2010/12/29 01:46:36 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\b\l
    [2010/12/29 01:46:36 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\b\n
    [2010/12/29 01:46:37 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\b\u
    [2010/12/29 01:46:42 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\c\l
    [2010/12/29 01:46:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\c\n
    [2010/12/29 01:46:43 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\c\u
    [2010/12/29 01:46:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\d\l
    [2010/12/29 01:46:48 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\d\n
    [2010/12/29 01:46:49 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\d\u
    [2010/12/29 01:46:56 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\e\l
    [2010/12/29 01:46:57 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\e\n
    [2010/12/29 01:46:58 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\e\u
    [2010/12/29 01:47:07 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\f\l
    [2010/12/29 01:47:08 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\f\n
    [2010/12/29 01:47:08 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\f\u
    [2010/12/29 01:47:12 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\g\l
    [2010/12/29 01:47:12 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\g\n
    [2010/12/29 01:47:12 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\g\u
    [2010/12/29 01:47:15 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\h\l
    [2010/12/29 01:47:16 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\h\n
    [2010/12/29 01:47:16 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\h\u
    [2010/12/29 01:47:24 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\i\l
    [2010/12/29 01:47:25 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\i\n
    [2010/12/29 01:47:26 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\i\u
    [2010/12/29 01:47:32 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\j\l
    [2010/12/29 01:47:32 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\j\n
    [2010/12/29 01:47:33 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\j\u
    [2010/12/29 01:47:38 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\k\l
    [2010/12/29 01:47:38 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\k\n
    [2010/12/29 01:47:39 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\k\u
    [2010/12/29 01:47:45 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\l
    [2010/12/29 01:47:45 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\n
    [2010/12/29 01:47:45 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\u
    [2010/12/29 01:47:50 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\m\l
    [2010/12/29 01:47:50 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\m\n
    [2010/12/29 01:47:50 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\m\u
    [2010/12/29 01:47:54 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\l
    [2010/12/29 01:47:55 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\n
    [2010/12/29 01:47:55 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\u
    [2010/12/29 01:47:59 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\o\l
    [2010/12/29 01:47:59 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\o\n
    [2010/12/29 01:48:01 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\o\u
    [2010/12/29 01:48:05 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\p\l
    [2010/12/29 01:48:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\p\n
    [2010/12/29 01:48:06 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\p\u
    [2010/12/29 01:48:13 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\q\l
    [2010/12/29 01:48:13 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\q\n
    [2010/12/29 01:48:13 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\q\u
    [2010/12/29 01:48:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\r\l
    [2010/12/29 01:48:17 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\r\n
    [2010/12/29 01:48:19 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\r\u
    [2010/12/29 01:48:25 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\s\l
    [2010/12/29 01:48:25 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\s\n
    [2010/12/29 01:48:26 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\s\u
    [2010/12/29 01:48:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\t\l
    [2010/12/29 01:48:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\t\n
    [2010/12/29 01:48:31 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\t\u
    [2010/12/29 01:48:34 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\l
    [2010/12/29 01:48:35 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\n
    [2010/12/29 01:48:35 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\u
    [2010/12/29 01:48:39 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\v\l
    [2010/12/29 01:48:39 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\v\n
    [2010/12/29 01:48:39 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\v\u
    [2010/12/29 01:48:44 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\w\l
    [2010/12/29 01:48:44 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\w\n
    [2010/12/29 01:48:45 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\w\u
    [2010/12/29 01:48:50 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\x\l
    [2010/12/29 01:48:50 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\x\n
    [2010/12/29 01:48:51 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\x\u
    [2010/12/29 01:48:54 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\y\l
    [2010/12/29 01:48:54 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\y\n
    [2010/12/29 01:48:55 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\y\u
    [2010/12/29 01:48:58 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\z\l
    [2010/12/29 01:48:58 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\z\n
    [2010/12/29 01:48:59 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\z\u
    [2010/10/25 23:53:07 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$RLOJYWP\u

    :Commands
    [EmptyTemp]


  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=====

Then, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

[You must be registered and logged in to see this link.]

[size="5"]*[/size] Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=====

In your reply please provide the contents of the OTL fix log and ComboFix.txt.

Rodel Ituralde

Senior Surfer
Senior Surfer

Posts : 387
Joined : 2011-01-27
Operating System : Windows 7 Home Edition 32-bit, Windows 7 Home Edition 64-bit and Ubuntu 10.4

View user profile

Back to top Go down

Re: Unsure if infected

Post by shockz13 on Fri 23 Nov 2012, 4:24 pm

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchddr.xml moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\z folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\y folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\x folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\w folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\v folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\t folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\s folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\r folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\q folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\p folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\o folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\m folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\k folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\j folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\i folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\h folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\g folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\f folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\e folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\d folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\c folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\b folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\a folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\9 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\8 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\7 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\6 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\5 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\4 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\3 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\2 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1r folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1q folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1p folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1o folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1m folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1k folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1j folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1i folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1h folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1g folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1f folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1e folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1d folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1c folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1b folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1a folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\19 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\18 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\17 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\16 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\15 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\14 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\13 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\12 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\11 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\10 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\1 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\0 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\z folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\y folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\x folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\w folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\v folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\t folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\s folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\r folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\q folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\p folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\o folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\m folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\k folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\j folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\i folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\h folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\g folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\f folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\e folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\d folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\c folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\b folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\a folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\9 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\8 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\7 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\6 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\5 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\4 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\3 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\2 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1r folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1q folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1p folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1o folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1m folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1k folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1j folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1i folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1h folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1g folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1f folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1e folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1d folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1c folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1b folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1a folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\19 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\18 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\17 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\16 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\15 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\14 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\13 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\12 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\11 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\10 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\1 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\0 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\z folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\y folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\x folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\w folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\v folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\t folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\s folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\r folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\q folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\p folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\o folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\m folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\k folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\j folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\i folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\h folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\g folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\f folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\e folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\d folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\c folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\b folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\a folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\9 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\8 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\7 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\6 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\5 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\4 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\3 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\2 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1r folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1q folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1p folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1o folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1m folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1k folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1j folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1i folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1h folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1g folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1f folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1e folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1d folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1c folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1b folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1a folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\19 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\18 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\17 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\16 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\15 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\14 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\13 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\12 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\11 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\10 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\1 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\0 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\17\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\17\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\17\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\18\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\18\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\18\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\19\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\19\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\19\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1a\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1a\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1a\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1b\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1b\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1b\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1c\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1c\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1c\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1d\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1d\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1d\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1e\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1e\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1e\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1f\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1f\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1f\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1g\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1g\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1g\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1h\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1h\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1h\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1i\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1i\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1i\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1j\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1j\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1j\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1k\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1k\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1k\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1l\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1l\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1l\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1m\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1m\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1m\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1n\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1n\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1n\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1o\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1o\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1o\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1p\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1p\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1p\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1q\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1q\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1q\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1r\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1r\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\1r\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\2\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\2\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\2\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\3\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\3\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\3\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\4\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\4\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\4\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\5\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\5\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\5\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\6\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\6\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\6\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\7\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\7\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\7\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\8\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\8\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\8\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\9\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\9\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\9\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\a\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\a\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\a\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\b\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\b\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\b\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\c\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\c\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\c\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\d\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\d\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\d\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\e\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\e\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\e\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\f\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\f\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\f\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\g\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\g\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\g\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\h\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\h\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\h\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\i\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\i\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\i\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\j\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\j\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\j\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\k\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\k\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\k\u folder moved successfully.
Folder C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\l\ not found.
Folder C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\n\ not found.
Folder C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\l\u\ not found.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\m\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\m\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\m\u folder moved successfully.
Folder C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\l\ not found.
Folder C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\n\ not found.
Folder C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\n\u\ not found.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\o\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\o\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\o\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\p\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\p\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\p\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\q\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\q\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\q\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\r\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\r\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\r\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\s\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\s\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\s\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\t\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\t\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\t\u folder moved successfully.
Folder C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\l\ not found.
Folder C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\n\ not found.
Folder C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\u\u\ not found.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\v\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\v\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\v\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\w\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\w\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\w\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\x\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\x\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\x\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\y\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\y\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\y\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\z\l folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\z\n folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$R0BEJFL\z\u folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$RLOJYWP\u\b folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$RLOJYWP\u\8 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$RLOJYWP\u\3 folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$RLOJYWP\u\1k folder moved successfully.
C:\$Recycle.bin\S-1-5-21-2209329743-2471226501-2642877297-1001\$RLOJYWP\u folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: ASPNET

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest

User: HomeGroupUser$

User: Mcx1-TAYLOR-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 97404 bytes
->Flash cache emptied: 56475 bytes

User: Public

User: sshd

User: Taylor
->Temp folder emptied: 17517117 bytes
->Temporary Internet Files folder emptied: 9153181 bytes
->Java cache emptied: 196782253 bytes
->FireFox cache emptied: 152821695 bytes
->Google Chrome cache emptied: 370373877 bytes
->Flash cache emptied: 57818 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 409729264 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 245711439 bytes

Total Files Cleaned = 1,338.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11222012_224558

Files\Folders moved on Reboot...
C:\Users\Taylor\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

shockz13

Rookie Surfer
Rookie Surfer

Posts : 57
Joined : 2009-01-19
Operating System : Windows 7 Ultimate SP1

View user profile

Back to top Go down

Re: Unsure if infected

Post by shockz13 on Fri 23 Nov 2012, 4:25 pm

ComboFix 12-11-22.03 - Taylor 22/11/2012 22:57:16.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.2.1033.18.4095.2573 [GMT -6:00]
Running from: c:\users\Taylor\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WinPCap
c:\program files (x86)\WinPCap\daemon_mgm.exe
c:\program files (x86)\WinPCap\INSTALL.LOG
c:\program files (x86)\WinPCap\npf_mgm.exe
c:\program files (x86)\WinPCap\rpcapd.exe
c:\program files (x86)\WinPCap\Uninstall.exe
c:\programdata\41D5E19E8F.sys
c:\users\Taylor\AppData\Roaming\inst.exe
c:\users\Taylor\AppData\Roaming\vso_ts_preview.xml
c:\users\Taylor\Avisynth_256.exe
c:\users\Taylor\ChromeSetup.exe
c:\users\Taylor\DM-238.exe
c:\users\Taylor\Dropbox 0.7.110.exe
c:\users\Taylor\Eclipse Library Installer x86-64(1).exe
c:\users\Taylor\Eclipse Library Installer x86-64.exe
c:\users\Taylor\Eclipse Library Installer x86.exe
c:\users\Taylor\eMule0.50a-Installer.exe
c:\users\Taylor\flac-1.2.1b.exe
c:\windows\SysWow64\drivers\npf.sys
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\system
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))))
.
.
2012-11-23 04:45 . 2012-11-23 04:45 -------- d-----w- C:\_OTL
2012-11-20 10:19 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80CB5A06-B117-4BA7-8876-509B2BBBBA58}\mpengine.dll
2012-11-18 02:25 . 2012-11-18 02:25 -------- d-----w- c:\programdata\Caphyon
2012-11-18 02:25 . 2012-11-18 02:25 -------- d-----w- c:\program files (x86)\Smartlaunch
2012-11-18 02:23 . 2012-11-18 02:26 -------- d-----w- c:\users\Taylor\AppData\Roaming\Smartlaunch
2012-11-14 09:07 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 09:07 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 09:07 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 09:07 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 09:01 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 09:01 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 09:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 09:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 09:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 09:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 09:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-11 07:45 . 2012-11-11 09:02 -------- d-----w- c:\users\Taylor\D2-1.12A-enUS
2012-11-10 07:55 . 2012-11-10 07:55 -------- d-----w- c:\users\Taylor\AppData\Roaming\D3IC
2012-11-07 03:47 . 2012-11-07 03:48 -------- d-----w- c:\program files\Virtual Audio Cable
2012-11-07 03:44 . 2012-11-08 00:14 -------- d-----w- c:\users\Taylor\AppData\Roaming\Evaer
2012-11-07 03:17 . 2012-11-07 03:17 -------- d-----w- c:\program files (x86)\Evaer
2012-11-06 23:34 . 2012-11-06 23:34 -------- d-----w- c:\program files\CPUID
2012-11-04 00:21 . 2012-11-04 00:21 -------- d-----w- c:\users\UpdatusUser
2012-11-04 00:20 . 2012-07-03 15:25 31080 ----a-w- c:\windows\system32\nvhdap64.dll
2012-11-04 00:20 . 2012-07-03 15:25 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2012-11-04 00:20 . 2012-07-03 07:37 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2012-11-04 00:14 . 2012-11-23 05:08 -------- d-----w- c:\programdata\NVIDIA
2012-11-04 00:14 . 2012-10-02 19:51 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-11-04 00:14 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-11-04 00:14 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-11-04 00:14 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-11-04 00:14 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-11-04 00:14 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-04 00:14 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-11-04 00:13 . 2012-11-04 00:13 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-11-04 00:13 . 2012-11-04 00:21 -------- d-----w- c:\program files\NVIDIA Corporation
2012-11-04 00:13 . 2012-11-04 00:13 -------- d-----w- C:\NVIDIA
2012-11-03 08:08 . 2012-11-03 08:08 -------- d-----w- c:\programdata\Golden Bow Systems
2012-11-03 08:08 . 2012-11-03 08:08 -------- d-----w- c:\program files (x86)\Golden Bow
2012-11-03 00:55 . 2012-11-03 00:55 -------- d-----w- c:\program files (x86)\AMD
2012-10-27 23:08 . 2012-10-27 23:08 -------- d-sh--w- c:\users\Taylor\AppData\Roaming\Common
2012-10-27 23:08 . 2012-10-27 23:08 -------- d-----w- c:\users\Taylor\AppData\Local\Programs
2012-10-27 08:47 . 2012-10-27 08:47 -------- d-----w- c:\programdata\RELOADED
2012-10-27 08:43 . 2012-10-27 08:47 -------- d-----w- c:\program files (x86)\Torchlight II
2012-10-27 08:21 . 2012-11-21 06:07 -------- d-----w- c:\users\Taylor\AppData\Roaming\foobar2000
2012-10-27 08:20 . 2012-10-27 08:20 -------- d-----w- c:\program files (x86)\foobar2000
2012-10-27 07:55 . 2008-10-06 11:53 7696384 ----a-w- c:\windows\SysWow64\CM112.dll
2012-10-27 07:55 . 2008-07-23 16:59 389120 ----a-w- c:\windows\system32\CM112.cpl
2012-10-27 07:55 . 2007-10-22 18:01 139264 ----a-w- c:\windows\Vmix112.dll
2012-10-27 07:54 . 2008-06-04 12:59 313344 ----a-w- c:\windows\system32\CmiInstallResAll64.dll
2012-10-27 07:53 . 2008-09-10 14:54 1286656 ----a-w- c:\windows\system32\drivers\cm11264.sys
2012-10-27 07:42 . 2012-10-27 07:42 -------- d-----w- c:\windows\SysWow64\Wat
2012-10-27 07:42 . 2012-10-27 07:42 -------- d-----w- c:\windows\system32\Wat
2012-10-25 20:01 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-10-25 19:59 . 2012-10-25 19:59 -------- d-----w- c:\program files\iPod
2012-10-25 19:59 . 2012-10-25 20:01 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-10-25 19:59 . 2012-10-25 20:01 -------- d-----w- c:\program files\iTunes
2012-10-25 19:59 . 2012-10-25 20:01 -------- d-----w- c:\program files (x86)\iTunes
2012-10-25 19:56 . 2012-10-25 19:56 -------- d-----w- c:\program files (x86)\Bonjour
2012-10-25 19:56 . 2012-10-25 19:56 -------- d-----w- c:\program files\Bonjour
2012-10-25 19:50 . 2012-10-25 19:50 -------- d-----w- c:\program files (x86)\Apple Software Update
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-18 02:36 . 2012-07-15 05:29 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-18 02:36 . 2011-10-19 22:23 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-14 19:40 . 2010-06-25 23:45 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-07 03:47 . 2012-09-27 04:26 66728 ----a-w- c:\windows\system32\drivers\vrtaucbl.sys
2012-11-03 23:48 . 2011-04-27 19:12 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-10-27 07:43 . 2011-07-07 15:33 14848 ----a-w- c:\windows\system32\slwga.dll
2012-10-27 07:43 . 2011-07-07 15:33 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2012-10-27 07:43 . 2011-07-07 15:33 419840 ----a-w- c:\windows\system32\systemcpl.dll
2012-10-27 07:43 . 2011-07-07 15:34 1008640 ----a-w- c:\windows\system32\user32.dll
2012-10-27 07:43 . 2011-07-07 15:34 833024 ----a-w- c:\windows\SysWow64\user32.dll
2012-10-11 03:23 . 2012-10-11 03:23 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-11 03:23 . 2012-10-11 03:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 03:23 . 2012-10-11 03:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 03:23 . 2012-10-11 03:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 03:23 . 2012-10-11 03:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 03:23 . 2012-10-11 03:23 313704 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2012-10-11 03:23 . 2012-10-11 03:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 03:23 . 2012-10-11 03:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 03:23 . 2012-10-11 03:23 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-11 03:23 . 2012-10-11 03:23 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-11 03:23 . 2012-10-11 03:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 03:23 . 2012-10-11 03:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 03:23 . 2012-10-11 03:23 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-11 03:23 . 2012-10-11 03:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 03:23 . 2012-10-11 03:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 03:23 . 2012-10-11 03:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 03:23 . 2012-10-11 03:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 03:23 . 2012-10-11 03:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 03:22 . 2012-10-11 03:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 03:22 . 2012-10-11 03:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 03:22 . 2012-10-11 03:22 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 03:22 . 2012-10-11 03:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 03:22 . 2012-10-11 03:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 03:22 . 2012-10-11 03:22 364904 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2012-10-11 03:22 . 2012-10-11 03:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 03:22 . 2012-10-11 03:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 03:22 . 2012-10-11 03:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 19:15 . 2012-10-02 19:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-30 01:54 . 2010-10-26 05:42 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-21 03:56 . 2012-09-21 03:56 1610752 ----a-w- c:\windows\SysWow64\h264enc.ax
2012-09-17 08:27 . 2012-09-17 08:27 202752 ----a-w- c:\windows\SysWow64\mp4decoder.dll
2012-09-14 19:19 . 2012-10-10 11:25 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 11:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 11:25 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 11:25 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 11:25 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 11:25 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-20 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2009-07-14 . 72D7B3EA16946E8F0CF7458150031CC6 . 1008640 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[-] 2012-10-27 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-10-27 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 64792 ----a-w- c:\program files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Taylor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Taylor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Taylor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Taylor\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-08-04 1022352]
"F.lux"="c:\users\Taylor\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start [You must be registered and logged in to see this link.] [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Essential Update"="c:\xampp\webdav\conhost.exe" [2011-05-24 17920]
.
c:\users\Taylor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
µTorrent.lnk - c:\program files (x86)\uTorrent\uTorrent.exe [2010-6-26 1022352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 sshd;CYGWIN sshd;c:\cygwin\bin\cygrunsrv.exe [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 cm1123264;C-Media CM112 UDAX Sound Interface;c:\windows\system32\drivers\cm11264.sys [2008-09-10 1286656]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 PCANDIS4;PCANDIS4 Protocol Driver;c:\progra~1\Ugutil\program\PCANDIS4.SYS [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-09-03 82816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-27 1255736]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
R4 AMD FusionUtility Service;AMD FusionUtility Service;c:\program files (x86)\AMD\Fusion Utility for Desktop\FusionUtility2Service.exe [2010-04-14 275832]
R4 AMD Reservation Manager;AMD Reservation Manager;c:\program files (x86)\AMD\Reservation Manager\AMD Reservation Manager.exe [2010-04-14 140160]
R4 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-12-20 29416]
R4 Synergy;Synergy;c:\program files\Synergy\synergyd.exe [2012-07-14 420936]
R4 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-06-28 173352]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-08-14 834544]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 EuMusDesignVirtualAudioCableWdm;Virtual Audio Cable (WDM);c:\windows\system32\DRIVERS\vrtaucbl.sys [2012-11-07 66728]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 USBADVAU;USB Advance Audio Interface;c:\windows\system32\drivers\cm11264.sys [2008-09-10 1286656]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 02:36]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 03:47]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 03:47]
.
2012-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2209329743-2471226501-2642877297-1001Core.job
- c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-13 00:26]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2209329743-2471226501-2642877297-1001UA.job
- c:\users\Taylor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-13 00:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 16:20 75544 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Taylor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Taylor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Taylor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Taylor\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-21 7981088]
"CM112Sound"="c:\windows\Syswow64\cm112.dll" [2008-10-06 7696384]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
TCP: DhcpNameServer = 192.168.1.1 5.5.5.5 65.87.230.4
FF - ProfilePath - c:\users\Taylor\AppData\Roaming\Mozilla\Firefox\Profiles\iy3jgbm5.default\
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 3200
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-WinPcapInst - c:\program files (x86)\WinPcap\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{593DDEC6-7468-4CDD-90E1-42DADAA222E9}"=hex:51,66,7a,6c,4c,1d,38,12,a8,dd,2e,
5d,5a,3a,b3,09,ef,f7,01,9a,df,fc,66,fd
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:74,58,85,76,4d,19,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,1b,f3,d3,a1,c4,2e,46,8a,f0,d4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f3,1b,f3,d3,a1,c4,2e,46,8a,f0,d4,\
.
[HKEY_USERS\S-1-5-21-2209329743-2471226501-2642877297-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:66,5c,15,0c,57,a1,a9,c4,f1,d8,d0,39,ea,73,bd,ed,46,a4,72,4a,6b,2d,3c,
34,c4,71,e8,73,7a,81,d5,96,53,c4,34,3e,22,18,b5,0e,18,4c,55,1b,f4,76,f8,26,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\Taylor\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2012-11-22 23:22:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-23 05:22
.
Pre-Run: 69,249,449,984 bytes free
Post-Run: 68,635,934,720 bytes free
.
- - End Of File - - 1782CD1D73CD2F6FBC9A0190198C999D

shockz13

Rookie Surfer
Rookie Surfer

Posts : 57
Joined : 2009-01-19
Operating System : Windows 7 Ultimate SP1

View user profile

Back to top Go down

Re: Unsure if infected

Post by Rodel Ituralde on Sat 24 Nov 2012, 10:03 am

Hello shockz13,

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


What issues remain?

Rodel Ituralde

Senior Surfer
Senior Surfer

Posts : 387
Joined : 2011-01-27
Operating System : Windows 7 Home Edition 32-bit, Windows 7 Home Edition 64-bit and Ubuntu 10.4

View user profile

Back to top Go down

Re: Unsure if infected

Post by Sponsored content Today at 12:47 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum