mikecab

so does this mean the ip attacks are something i should not worry about?

i get the following message: "c:qoobox refers to a location that is unavailable. it could beon a hard drive on this computer or on a network." please note that combo fix wouldnt run on a server

the protection log shows the following throughout the day this is AFTER the diabling of the non microsoft services this morning and the startup programs 2014/01/27 07:41:18 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 07:41:38 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 07:41:42 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 07:41:46 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 07:41:50 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 07:41:54 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 07:41:58 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 07:42:02 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 07:43:02 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 07:43:25 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 07:43:29 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 07:43:33 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 07:43:37 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 07:43:41 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 07:43:45 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 08:06:15 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.138 (Type: incoming) 2014/01/27 08:06:38 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.138 (Type: incoming) 2014/01/27 08:06:42 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.138 (Type: incoming) 2014/01/27 08:06:50 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.138 (Type: incoming) 2014/01/27 08:06:54 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.138 (Type: incoming) 2014/01/27 08:07:02 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.138 (Type: incoming) 2014/01/27 08:08:00 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 08:08:19 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 08:08:23 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 08:08:27 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 08:08:31 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 08:08:35 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 08:08:39 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 08:08:43 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 10:06:23 -0600 MLDCN01 (null) MESSAGE Starting database refresh 2014/01/27 10:06:23 -0600 MLDCN01 (null) MESSAGE Stopping IP protection 2014/01/27 10:06:23 -0600 MLDCN01 (null) MESSAGE IP Protection stopped successfully 2014/01/27 10:06:33 -0600 MLDCN01 (null) MESSAGE Database refreshed successfully 2014/01/27 10:06:33 -0600 MLDCN01 (null) MESSAGE Starting IP protection 2014/01/27 10:06:40 -0600 MLDCN01 (null) MESSAGE IP Protection started successfully 2014/01/27 10:08:20 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 10:08:33 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 10:08:37 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 10:08:41 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 10:08:45 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 10:08:49 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 10:08:52 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 10:08:53 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 10:08:57 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 10:09:16 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 10:09:20 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 10:09:24 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 10:09:28 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 10:09:32 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 10:09:36 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 10:09:40 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/27 10:10:05 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 10:10:17 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 10:10:21 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 10:10:25 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 10:10:29 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 10:10:33 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 10:10:37 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 10:10:37 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/27 10:10:41 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/27 10:10:49 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/27 10:10:53 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/27 10:10:57 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/27 10:11:01 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/27 10:11:05 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/27 10:11:09 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/27 10:11:13 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/27 13:38:10 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.138 (Type: incoming) 2014/01/27 13:38:22 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.138 (Type: incoming) 2014/01/27 13:38:26 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.138 (Type: incoming) 2014/01/27 13:38:30 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.138 (Type: incoming) 2014/01/27 13:38:34 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.138 (Type: incoming) 2014/01/27 13:38:38 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.138 (Type: incoming) 2014/01/27 13:38:42 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.138 (Type: incoming) 2014/01/27 13:38:46 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.138 (Type: incoming)

just reboot the computer with the services and startup programs all disabled...will report at days end

here is the protection log since the above posted scan 2014/01/24 14:53:52 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.142 (Type: incoming) 2014/01/24 14:53:54 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.150 (Type: incoming) 2014/01/24 14:54:03 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.142 (Type: incoming) 2014/01/24 14:54:07 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.142 (Type: incoming) 2014/01/24 14:54:11 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.142 (Type: incoming) 2014/01/24 14:54:15 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.142 (Type: incoming) 2014/01/24 14:54:17 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.150 (Type: incoming) 2014/01/24 14:54:19 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.142 (Type: incoming) 2014/01/24 14:54:23 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.142 (Type: incoming) 2014/01/24 14:54:25 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.150 (Type: incoming) 2014/01/24 14:54:27 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.142 (Type: incoming) 2014/01/24 14:54:33 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.150 (Type: incoming) 2014/01/24 14:54:37 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.150 (Type: incoming) 2014/01/24 14:54:41 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.150 (Type: incoming) 2014/01/24 14:55:37 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/24 14:55:39 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/24 14:55:53 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/24 14:55:54 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/24 14:55:57 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/24 14:55:58 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/24 14:56:01 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/24 14:56:02 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/24 14:56:05 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/24 14:56:06 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/24 14:56:09 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/24 14:56:10 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/24 14:56:13 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/24 14:56:14 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/24 14:56:17 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/24 14:56:18 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.82 (Type: incoming)

it seems stuck at "saving post" as i try to post the whole txt file here.... here is the end portion you asked about 12:52:03.0069 0x1224 ============================================================ 12:52:03.0069 0x1224 Scan finished 12:52:03.0069 0x1224 ============================================================ 12:52:03.0272 0x1fbc Detected object count: 0 12:52:03.0319 0x1fbc Actual detected object count: 0

since all the above was done, i checked the protection log and got the following 2014/01/23 10:16:33 -0600 MLDCN01 administrator IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/23 10:16:37 -0600 MLDCN01 administrator IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/23 10:16:41 -0600 MLDCN01 administrator IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/23 10:16:45 -0600 MLDCN01 administrator IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/23 10:16:49 -0600 MLDCN01 administrator IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/23 10:16:53 -0600 MLDCN01 administrator IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/23 10:16:57 -0600 MLDCN01 administrator IP-BLOCK 61.156.242.132 (Type: incoming) 2014/01/23 10:18:26 -0600 MLDCN01 administrator IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/23 10:18:30 -0600 MLDCN01 administrator IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/23 10:18:34 -0600 MLDCN01 administrator IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/23 11:26:57 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.142 (Type: incoming) 2014/01/23 11:27:01 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.142 (Type: incoming) 2014/01/23 11:27:05 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.142 (Type: incoming) 2014/01/23 11:27:17 -0600 MLDCN01 (null) IP-BLOCK 61.156.242.142 (Type: incoming) 2014/01/23 11:28:25 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/23 11:28:46 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/23 11:28:50 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/23 11:28:54 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/23 11:28:58 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/23 11:29:02 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/23 11:29:06 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming) 2014/01/23 11:29:10 -0600 MLDCN01 (null) IP-BLOCK 211.95.78.84 (Type: incoming)

After running the Malware Anti RootKit I got the following : "Scan Finished, No Malware Found!" Then i ran RogueKiller I hit CLEAN then REPORT and got the following RogueKiller V8.8.2 [Jan 17 2014] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP 64 / Windows Home Server / Windows Server 2003 (5.2.3790 Service Pack 2) 32 bits version Started in : Normal mode User : administrator [Admin rights] Mode : Remove -- Date : 01/23/2014 08:55:10 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] SSDT[13] : NtAlertResumeThread @ 0x809A87BA -> HOOKED (Unknown @ 0x89628370) [Address] SSDT[14] : NtAlertThread @ 0x8091F1EF -> HOOKED (Unknown @ 0x89628430) [Address] SSDT[18] : NtAllocateVirtualMemory @ 0x8084642E -> HOOKED (Unknown @ 0x897511C8) [Address] SSDT[45] : NtCreateMutant @ 0x8091998E -> HOOKED (Unknown @ 0x8989D398) [Address] SSDT[55] : NtCreateThread @ 0x8093DAFF -> HOOKED (Unknown @ 0x893FD918) [Address] SSDT[87] : NtFreeVirtualMemory @ 0x80850CAC -> HOOKED (Unknown @ 0x88AE51E8) [Address] SSDT[93] : NtImpersonateAnonymousToken @ 0x8091AF57 -> HOOKED (Unknown @ 0x896281F0) [Address] SSDT[95] : NtImpersonateThread @ 0x80927BB1 -> HOOKED (Unknown @ 0x896282B0) [Address] SSDT[113] : NtMapViewOfSection @ 0x80937205 -> HOOKED (Unknown @ 0x88AFC160) [Address] SSDT[120] : NtOpenEvent @ 0x80916340 -> HOOKED (Unknown @ 0x8989D2D8) [Address] SSDT[128] : LdrShutdownThread @ 0x80926473 -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB96D1184) [Address] SSDT[129] : NtOpenProcessToken @ 0x8093C609 -> HOOKED (Unknown @ 0x898A11E8) [Address] SSDT[134] : NtOpenThread @ 0x80919E7A -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB96D12D0) [Address] SSDT[135] : NtOpenThreadToken @ 0x80941260 -> HOOKED (Unknown @ 0x89CDDF30) [Address] SSDT[214] : NtResumeThread @ 0x8093D8B8 -> HOOKED (Unknown @ 0x88B061F8) [Address] SSDT[221] : NtSetContextThread @ 0x808C239C -> HOOKED (Unknown @ 0x88AC4108) [Address] SSDT[237] : NtSetInformationProcess @ 0x8093E565 -> HOOKED (Unknown @ 0x89CDDFC0) [Address] SSDT[238] : NtSetInformationThread @ 0x80940BB1 -> HOOKED (Unknown @ 0x89D55FC0) [Address] SSDT[262] : NtSuspendProcess @ 0x809A86FF -> HOOKED (Unknown @ 0x8989D218) [Address] SSDT[263] : NtSuspendThread @ 0x80906E25 -> HOOKED (Unknown @ 0x8973F2B0) [Address] SSDT[266] : NtTerminateProcess @ 0x809100CA -> HOOKED (Unknown @ 0x89D12D68) [Address] SSDT[267] : NtTerminateThread @ 0x80921686 -> HOOKED (Unknown @ 0x88AC4048) [Address] SSDT[277] : NtUnmapViewOfSection @ 0x80937490 -> HOOKED (Unknown @ 0x898912D8) [Address] SSDT[287] : NtWriteVirtualMemory @ 0x8093E49B -> HOOKED (Unknown @ 0x897431D8) [inline] EAT @explorer.exe (pfnUnmarshallRoutines) : RPCRT4.dll -> HOOKED (Unknown @ 0x78466E87) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) HP LOGICAL VOLUME SCSI Disk Device +++++ --- User --- [MBR] a8c4a3eeb4ec778f70d7320feccf1444 [bSP] 84c0f9575d9d12685717272325f18b93 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32 | Size: 69965 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x1] Incorrect function. ) +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) HP LOGICAL VOLUME SCSI Disk Device +++++ --- User --- [MBR] b798812e0b2eb52d05c8184a8f196588 [bSP] b1200636645a6e4589aa7d6a50bbd75d : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 279960 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x1] Incorrect function. ) Finished : << RKreport[0]_D_01232014_085510.txt >> RKreport[0]_S_01232014_085347.txt I did NOT see a report titles RKReport (2).txt on my desktop. However there was a RKreport[0]_D_01232014_085510.txt and a RKreport[0]_S_01232014_085347.txt this is the one ending in 5510 RogueKiller V8.8.2 [Jan 17 2014] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP 64 / Windows Home Server / Windows Server 2003 (5.2.3790 Service Pack 2) 32 bits version Started in : Normal mode User : administrator [Admin rights] Mode : Remove -- Date : 01/23/2014 08:55:10 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] SSDT[13] : NtAlertResumeThread @ 0x809A87BA -> HOOKED (Unknown @ 0x89628370) [Address] SSDT[14] : NtAlertThread @ 0x8091F1EF -> HOOKED (Unknown @ 0x89628430) [Address] SSDT[18] : NtAllocateVirtualMemory @ 0x8084642E -> HOOKED (Unknown @ 0x897511C8) [Address] SSDT[45] : NtCreateMutant @ 0x8091998E -> HOOKED (Unknown @ 0x8989D398) [Address] SSDT[55] : NtCreateThread @ 0x8093DAFF -> HOOKED (Unknown @ 0x893FD918) [Address] SSDT[87] : NtFreeVirtualMemory @ 0x80850CAC -> HOOKED (Unknown @ 0x88AE51E8) [Address] SSDT[93] : NtImpersonateAnonymousToken @ 0x8091AF57 -> HOOKED (Unknown @ 0x896281F0) [Address] SSDT[95] : NtImpersonateThread @ 0x80927BB1 -> HOOKED (Unknown @ 0x896282B0) [Address] SSDT[113] : NtMapViewOfSection @ 0x80937205 -> HOOKED (Unknown @ 0x88AFC160) [Address] SSDT[120] : NtOpenEvent @ 0x80916340 -> HOOKED (Unknown @ 0x8989D2D8) [Address] SSDT[128] : LdrShutdownThread @ 0x80926473 -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB96D1184) [Address] SSDT[129] : NtOpenProcessToken @ 0x8093C609 -> HOOKED (Unknown @ 0x898A11E8) [Address] SSDT[134] : NtOpenThread @ 0x80919E7A -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB96D12D0) [Address] SSDT[135] : NtOpenThreadToken @ 0x80941260 -> HOOKED (Unknown @ 0x89CDDF30) [Address] SSDT[214] : NtResumeThread @ 0x8093D8B8 -> HOOKED (Unknown @ 0x88B061F8) [Address] SSDT[221] : NtSetContextThread @ 0x808C239C -> HOOKED (Unknown @ 0x88AC4108) [Address] SSDT[237] : NtSetInformationProcess @ 0x8093E565 -> HOOKED (Unknown @ 0x89CDDFC0) [Address] SSDT[238] : NtSetInformationThread @ 0x80940BB1 -> HOOKED (Unknown @ 0x89D55FC0) [Address] SSDT[262] : NtSuspendProcess @ 0x809A86FF -> HOOKED (Unknown @ 0x8989D218) [Address] SSDT[263] : NtSuspendThread @ 0x80906E25 -> HOOKED (Unknown @ 0x8973F2B0) [Address] SSDT[266] : NtTerminateProcess @ 0x809100CA -> HOOKED (Unknown @ 0x89D12D68) [Address] SSDT[267] : NtTerminateThread @ 0x80921686 -> HOOKED (Unknown @ 0x88AC4048) [Address] SSDT[277] : NtUnmapViewOfSection @ 0x80937490 -> HOOKED (Unknown @ 0x898912D8) [Address] SSDT[287] : NtWriteVirtualMemory @ 0x8093E49B -> HOOKED (Unknown @ 0x897431D8) [inline] EAT @explorer.exe (pfnUnmarshallRoutines) : RPCRT4.dll -> HOOKED (Unknown @ 0x78466E87) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) HP LOGICAL VOLUME SCSI Disk Device +++++ --- User --- [MBR] a8c4a3eeb4ec778f70d7320feccf1444 [bSP] 84c0f9575d9d12685717272325f18b93 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32 | Size: 69965 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x1] Incorrect function. ) +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) HP LOGICAL VOLUME SCSI Disk Device +++++ --- User --- [MBR] b798812e0b2eb52d05c8184a8f196588 [bSP] b1200636645a6e4589aa7d6a50bbd75d : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 279960 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x1] Incorrect function. ) Finished : << RKreport[0]_D_01232014_085510.txt >> RKreport[0]_S_01232014_085347.txt this is the one ending in 5347 RogueKiller V8.8.2 [Jan 17 2014] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP 64 / Windows Home Server / Windows Server 2003 (5.2.3790 Service Pack 2) 32 bits version Started in : Normal mode User : administrator [Admin rights] Mode : Scan -- Date : 01/23/2014 08:53:47 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤ [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] SSDT[13] : NtAlertResumeThread @ 0x809A87BA -> HOOKED (Unknown @ 0x89628370) [Address] SSDT[14] : NtAlertThread @ 0x8091F1EF -> HOOKED (Unknown @ 0x89628430) [Address] SSDT[18] : NtAllocateVirtualMemory @ 0x8084642E -> HOOKED (Unknown @ 0x897511C8) [Address] SSDT[45] : NtCreateMutant @ 0x8091998E -> HOOKED (Unknown @ 0x8989D398) [Address] SSDT[55] : NtCreateThread @ 0x8093DAFF -> HOOKED (Unknown @ 0x893FD918) [Address] SSDT[87] : NtFreeVirtualMemory @ 0x80850CAC -> HOOKED (Unknown @ 0x88AE51E8) [Address] SSDT[93] : NtImpersonateAnonymousToken @ 0x8091AF57 -> HOOKED (Unknown @ 0x896281F0) [Address] SSDT[95] : NtImpersonateThread @ 0x80927BB1 -> HOOKED (Unknown @ 0x896282B0) [Address] SSDT[113] : NtMapViewOfSection @ 0x80937205 -> HOOKED (Unknown @ 0x88AFC160) [Address] SSDT[120] : NtOpenEvent @ 0x80916340 -> HOOKED (Unknown @ 0x8989D2D8) [Address] SSDT[128] : LdrShutdownThread @ 0x80926473 -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB96D1184) [Address] SSDT[129] : NtOpenProcessToken @ 0x8093C609 -> HOOKED (Unknown @ 0x898A11E8) [Address] SSDT[134] : NtOpenThread @ 0x80919E7A -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB96D12D0) [Address] SSDT[135] : NtOpenThreadToken @ 0x80941260 -> HOOKED (Unknown @ 0x89CDDF30) [Address] SSDT[214] : NtResumeThread @ 0x8093D8B8 -> HOOKED (Unknown @ 0x88B061F8) [Address] SSDT[221] : NtSetContextThread @ 0x808C239C -> HOOKED (Unknown @ 0x88AC4108) [Address] SSDT[237] : NtSetInformationProcess @ 0x8093E565 -> HOOKED (Unknown @ 0x89CDDFC0) [Address] SSDT[238] : NtSetInformationThread @ 0x80940BB1 -> HOOKED (Unknown @ 0x89D55FC0) [Address] SSDT[262] : NtSuspendProcess @ 0x809A86FF -> HOOKED (Unknown @ 0x8989D218) [Address] SSDT[263] : NtSuspendThread @ 0x80906E25 -> HOOKED (Unknown @ 0x8973F2B0) [Address] SSDT[266] : NtTerminateProcess @ 0x809100CA -> HOOKED (Unknown @ 0x89D12D68) [Address] SSDT[267] : NtTerminateThread @ 0x80921686 -> HOOKED (Unknown @ 0x88AC4048) [Address] SSDT[277] : NtUnmapViewOfSection @ 0x80937490 -> HOOKED (Unknown @ 0x898912D8) [Address] SSDT[287] : NtWriteVirtualMemory @ 0x8093E49B -> HOOKED (Unknown @ 0x897431D8) [inline] EAT @explorer.exe (pfnUnmarshallRoutines) : RPCRT4.dll -> HOOKED (Unknown @ 0x78466E87) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) HP LOGICAL VOLUME SCSI Disk Device +++++ --- User --- [MBR] a8c4a3eeb4ec778f70d7320feccf1444 [bSP] 84c0f9575d9d12685717272325f18b93 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32 | Size: 69965 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x1] Incorrect function. ) +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) HP LOGICAL VOLUME SCSI Disk Device +++++ --- User --- [MBR] b798812e0b2eb52d05c8184a8f196588 [bSP] b1200636645a6e4589aa7d6a50bbd75d : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 279960 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x1] Incorrect function. ) Finished : << RKreport[0]_S_01232014_085347.txt >>

I am running windows 2003 server so when i try and run combofix it states "This operating system is not supported! ComboFix is not meant for servers"

so far here is what is happening the above mentioned scan was completed at 8:02am the protection log shows the following 2014/01/22 08:07:07 -0600 MLDCN01 administrator IP-BLOCK 61.156.242.138 (Type: incoming) 2014/01/22 08:07:11 -0600 MLDCN01 administrator IP-BLOCK 61.156.242.138 (Type: incoming) 2014/01/22 08:07:16 -0600 MLDCN01 administrator IP-BLOCK 61.156.242.138 (Type: incoming) 2014/01/22 08:08:29 -0600 MLDCN01 administrator IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/22 08:08:48 -0600 MLDCN01 administrator IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/22 08:08:52 -0600 MLDCN01 administrator IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/22 08:08:56 -0600 MLDCN01 administrator IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/22 08:09:00 -0600 MLDCN01 administrator IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/22 08:09:04 -0600 MLDCN01 administrator IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/22 08:09:08 -0600 MLDCN01 administrator IP-BLOCK 211.95.78.82 (Type: incoming) 2014/01/22 08:09:12 -0600 MLDCN01 administrator IP-BLOCK 211.95.78.82 (Type: incoming) where is the point of entry? is there a program or something these ip addresses are trying to go through? how can I find out?

The JRT Log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Microsoft Windows Server 2003 R2 x86 Ran by administrator on Wed 01/22/2014 at 7:59:02.82 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\end" ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Wed 01/22/2014 at 8:02:49.86 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ okay now i will monitor the system a while and report what I encounter thank you so much for your help

ADWCLEANER text # AdwCleaner v3.017 - Report created 22/01/2014 at 07:31:31 # Updated 12/01/2014 by Xplode # Operating System : Microsoft Windows Server 2003 R2 Service Pack 2 (32 bits) # Username : administrator - MLDCN01 # Running from : C:\Documents and Settings\Administrator.DOMAIN\Desktop\AdwCleaner(1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\Software\Description Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v26.0 (en-US) [ File : C:\Documents and Settings\Administrator.DOMAIN\Application Data\Mozilla\Firefox\Profiles\9g63unzy.default\prefs.js ] ************************* AdwCleaner[R0].txt - [5840 octets] - [08/01/2014 11:27:23] AdwCleaner[R1].txt - [1277 octets] - [08/01/2014 12:08:09] AdwCleaner[R2].txt - [1400 octets] - [22/01/2014 07:30:19] AdwCleaner[s0].txt - [6064 octets] - [08/01/2014 11:35:42] AdwCleaner[s1].txt - [1344 octets] - [08/01/2014 15:32:16] AdwCleaner[s2].txt - [1327 octets] - [22/01/2014 07:31:31] ########## EOF - P:\AdwCleaner\AdwCleaner[s2].txt - [1387 octets] ##########

and here is the ADDITION.txt Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-01-2014 Ran by administrator at 2014-01-21 15:01:35 Running from C:\Documents and Settings\Administrator.DOMAIN\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden ASDM on 192.168.96.254 (HKCU Version: - Cisco Systems, Inc.) ATI Display Driver (Version: 8.24.3-060405a-042344C-HP - ) Cisco ASDM Launcher (Version: 1.5.24 - Cisco Systems, Inc.) HiJackThis (Version: 1.0.0 - Trend Micro) HP LTT Service (Version: 1.1.0.13 - Hewlett-Packard) HP LTT Service (Version: 1.1.0.13 - Hewlett-Packard) Hidden HP StorageWorks Library and Tape Tools (Version: 4.11.0.0 - Hewlett-Packard) HP StorageWorks Library and Tape Tools (Version: 4.11.0.0 - Hewlett-Packard) Hidden Java 7 Update 45 (Version: 7.0.450 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden LiveUpdate (Symantec Corporation) (Version: 3.4.1.234 - Symantec Corporation) LiveUpdate (Symantec Corporation) (Version: 3.4.1.234 - Symantec Corporation) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 11.0.5228.1 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 11.0.5614.0 - Microsoft Corporation) Hidden Microsoft Baseline Security Analyzer 2.1 (Version: 2.1.2111 - Microsoft Corporation) Microsoft Exchange (Version: - Microsoft Corporation) Microsoft Group Policy Management Console with SP1 (Version: 1.0.2.0 - Microsoft Corporation) Microsoft Internationalized Domain Names Mitigation APIs (Version: - Microsoft Corporation) Hidden Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version: - Microsoft Corporation) Hidden Microsoft National Language Support Downlevel APIs (Version: - Microsoft Corporation) Hidden Microsoft Report Viewer Redistributable 2005 (Version: - Microsoft Corporation) Microsoft Report Viewer Redistributable 2005 (Version: 8.0.56405 - Microsoft Corporation) Hidden Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 (Version: - Microsoft Corporation) Microsoft SQL Server 2005 Express Edition (BKUPEXEC) (Version: 9.2.3042.00 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden Microsoft SQL Server Native Client (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00 - Microsoft Corporation) Microsoft SQL Server VSS Writer (Version: 9.00.5000.00 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla) Mozilla Maintenance Service (Version: 26.0 - Mozilla) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 6 Service Pack 2 (KB2758696) (Version: 6.20.2016.0 - Microsoft Corporation) PerfectDisk 2008 Server (Version: 9.0.76 - Raxco Software Inc.) Printer DCA (Version: 4.0.2.12437 - Printer DCA) Printer DCA (Version: 4.0.3.14248 - Printer DCA) SHARP MX-B,M283/M363/M453/M503 Series PCL/PS Printer Driver (Version: 1.00.000 - SHARP) Spybot - Search & Destroy (Version: 2.2.25 - Safer-Networking Ltd.) Symantec Backup Exec 12 for Windows Servers (Version: 12.0.1364 - Symantec Corporation) Symantec Backup Exec for Windows Servers (Hotfix 141388) (Version: - Symantec Corporation) Symantec Backup Exec for Windows Servers (Hotfix 155482) (Version: - Symantec Corporation) Symantec Backup Exec for Windows Servers (Hotfix 17) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 300287) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 300289) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 300290) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 300699) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 302418) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 302980) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 302982) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 303865) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 304179) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 304389) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 304392) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 304586) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 304662) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 304922) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 304964) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 306240) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 306945) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 306950) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 307617) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 307711) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 308870) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 309178) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 311546) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 311551) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 311937) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 314323) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 314497) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 315656) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 315724) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Hotfix 358179) (Version: - Symantec Corporation) Symantec Backup Exec for Windows Servers (Service Pack 1) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Service Pack 2) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Service Pack 3) (Version: - Symantec Corporation) Hidden Symantec Backup Exec for Windows Servers (Service Pack 5) (Version: - Symantec Corporation) Symantec Backup Exec for Windows Servers (Version: 12.0.1364 - Symantec Corporation) Hidden Symantec Backup Exec License Assessment Tool (Version: 2.0.0 - Symantec Corporation) Hidden Symantec Endpoint Protection (Version: 11.0.1000.1375 - Symantec Corporation) Symantec Endpoint Protection Manager (Version: 11.0.1006.103 - Symantec Corporation) Update for Exchange Server 2003 (KB926666) (Version: 2 - Microsoft Corporation) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1 - Microsoft Corporation) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation) Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB2632503) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB982632) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB2467659) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB2492386) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB2718704) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB2748349) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB2808679) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB925876) (Version: 2 - Microsoft Corporation) Update for Windows Server 2003 (KB927891) (Version: 5 - Microsoft Corporation) Update for Windows Server 2003 (KB936357) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB942763) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB942840) (Version: 1 - Microsoft Corporation) Hidden Update for Windows Server 2003 (KB943729) (Version: - Microsoft Corporation) Update for Windows Server 2003 (KB948496) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB955759) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB955839) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB967715) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB968389) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB971029) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB971737) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB973687) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB973815) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB973825) (Version: 1 - Microsoft Corporation) Update for Windows Server 2003 (KB973917-v2) (Version: 2 - Microsoft Corporation) Windows Imaging (Version: 1.0.0.0 - Microsoft Corporation) Windows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation) Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (Version: - Microsoft Corporation) Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation) Windows Server 2003 Service Pack 1 Administration Tools Pack (Version: 5.2.3790.1830 - Microsoft Corporation) Windows Server 2003 Service Pack 2 (Version: 20070217.021455 - Microsoft Corporation) Windows Support Tools (Version: 5.2.3790.3959 - Microsoft Corporation) WinRAR archiver (Version: - ) ==================== Restore Points ========================= Could not list Restore Points. Check WMI. ==================== Hosts content: ========================== 2008-04-02 04:26 - 2014-01-03 16:12 - 00000741 ____R C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: C:\WINDOWS\Tasks\ShadowCopyVolume{d628b6fb-00f1-11dd-88ee-001cc4ef78fc}.job => C:\WINDOWS\system32\vssadmin.exe ==================== Loaded Modules (whitelisted) ============= 2013-03-28 18:49 - 2013-03-28 18:49 - 00774229 ____N () C:\Program Files\Hewlett-Packard\HP LTT Service\perl58.dll 2010-08-18 19:00 - 2010-08-18 19:00 - 00044032 _____ () C:\Program Files\Printer DCA\PrintFleet.Common.SevenZip.dll 2014-01-02 08:18 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll 2014-01-02 08:18 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-01-02 08:18 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2014-01-02 08:18 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-01-02 08:18 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2006-06-06 11:08 - 2006-06-06 11:08 - 00393216 ____R () C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\jslic.dll 2009-11-20 14:05 - 2010-06-03 14:21 - 00192512 _____ () C:\WINDOWS\system32\SPAAAL.DLL 2008-04-02 04:29 - 2006-03-22 06:00 - 00016896 _____ () C:\WINDOWS\system32\tsd32.dll 2010-04-30 17:25 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (01/21/2014 08:54:25 AM) (Source: LicenseService) (User: ) Description: The product Windows Server is out of licenses. Use Licensing from the Administrative Tools folder for more information on which users are out of compliance and how many licenses should be purchased. Error: (01/21/2014 03:02:07 AM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft SQL Server 2005 Express Edition -- Error 29528. The setup has encountered an unexpected error while Setting Internal Properties. The error is: Fatal error during installation. Error: (01/21/2014 02:39:24 AM) (Source: LicenseService) (User: ) Description: The product Windows Server is out of licenses. Use Licensing from the Administrative Tools folder for more information on which users are out of compliance and how many licenses should be purchased. Error: (01/20/2014 08:24:24 PM) (Source: LicenseService) (User: ) Description: The product Windows Server is out of licenses. Use Licensing from the Administrative Tools folder for more information on which users are out of compliance and how many licenses should be purchased. Error: (01/20/2014 02:09:23 PM) (Source: LicenseService) (User: ) Description: The product Windows Server is out of licenses. Use Licensing from the Administrative Tools folder for more information on which users are out of compliance and how many licenses should be purchased. Error: (01/20/2014 08:58:35 AM) (Source: Symantec AntiVirus) (User: ) Description: TruScan has generated an error: code 14: description: CAL Failure Error: (01/20/2014 08:05:25 AM) (Source: Windows Search Service) (User: ) Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again. Context: Application, SystemIndex Catalog Error: (01/20/2014 07:59:04 AM) (Source: Application Error) (User: ) Description: Faulting application SmcGui.exe, version 11.0.1000.1091, faulting module ntdll.dll, version 5.2.3790.4937, fault address 0x0004ea0d. Processing media-specific event for [smcGui.exe!ws!] Error: (01/20/2014 07:57:53 AM) (Source: Application Error) (User: ) Description: Faulting application GFValidate.exe, version 11.0.1006.106, faulting module msvcr80.dll, version 8.0.50727.3053, fault address 0x000046b4. Processing media-specific event for [GFValidate.exe!ws!] Error: (01/20/2014 07:55:59 AM) (Source: Backup Exec) (User: ) Description: An error occurred while processing a B2D command. Changer: MoveMedium() Attempt to Lock Slot Failed (a:\VERITAS\B2D\Folder.lck). Error=3 For more information, click the following link: http://eventlookup.veritas.com/eventlookup/EventLookup.jhtml System errors: ============= Error: (01/21/2014 00:26:32 PM) (Source: TermServDevices) (User: ) Description: Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again. Error: (01/21/2014 11:34:05 AM) (Source: TermServDevices) (User: ) Description: Driver Amyuni Document Converter 400 required for printer TS PDF Generator is unknown. Contact the administrator to install the driver before you log in again. Error: (01/21/2014 11:34:05 AM) (Source: TermServDevices) (User: ) Description: Driver SHARP MX-B401 PS required for printer SHARP MX-B401 PS is unknown. Contact the administrator to install the driver before you log in again. Error: (01/21/2014 11:34:04 AM) (Source: TermServDevices) (User: ) Description: Driver SHARP MX-4101N PCL6 required for printer SHARP MX-4101N PCL6 is unknown. Contact the administrator to install the driver before you log in again. Error: (01/21/2014 11:34:04 AM) (Source: TermServDevices) (User: ) Description: Driver Microsoft Shared Fax Driver required for printer Fax is unknown. Contact the administrator to install the driver before you log in again. Error: (01/21/2014 11:34:04 AM) (Source: TermServDevices) (User: ) Description: Driver SHARP MX-B401 PCL6 required for printer SHARP MX-B401 PCL6 is unknown. Contact the administrator to install the driver before you log in again. Error: (01/21/2014 11:34:04 AM) (Source: TermServDevices) (User: ) Description: Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again. Error: (01/21/2014 11:34:03 AM) (Source: TermServDevices) (User: ) Description: Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again. Error: (01/21/2014 03:02:57 AM) (Source: Windows Update Agent) (User: ) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332). Error: (01/20/2014 07:56:23 AM) (Source: Service Control Manager) (User: ) Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: %%1053 Microsoft Office Sessions: ========================= Error: (01/21/2014 08:54:25 AM) (Source: LicenseService)(User: ) Description: Windows Server Error: (01/21/2014 03:02:07 AM) (Source: MsiInstaller)(User: NT AUTHORITY) Description: Product: Microsoft SQL Server 2005 Express Edition -- Error 29528. The setup has encountered an unexpected error while Setting Internal Properties. The error is: Fatal error during installation. (NULL)(NULL)(NULL) Error: (01/21/2014 02:39:24 AM) (Source: LicenseService)(User: ) Description: Windows Server Error: (01/20/2014 08:24:24 PM) (Source: LicenseService)(User: ) Description: Windows Server Error: (01/20/2014 02:09:23 PM) (Source: LicenseService)(User: ) Description: Windows Server Error: (01/20/2014 08:58:35 AM) (Source: Symantec AntiVirus)(User: ) Description: TruScan has generated an error: code 14: description: CAL Failure Error: (01/20/2014 08:05:25 AM) (Source: Windows Search Service)(User: ) Description: Context: Application, SystemIndex Catalog Error: (01/20/2014 07:59:04 AM) (Source: Application Error)(User: ) Description: SmcGui.exe11.0.1000.1091ntdll.dll5.2.3790.49370004ea0d Error: (01/20/2014 07:57:53 AM) (Source: Application Error)(User: ) Description: GFValidate.exe11.0.1006.106msvcr80.dll8.0.50727.3053000046b4 Error: (01/20/2014 07:55:59 AM) (Source: Backup Exec)(User: ) Description: Changer: MoveMedium() Attempt to Lock Slot Failed (a:\VERITAS\B2D\Folder.lck). Error=3 ==================== Memory info =========================== Percentage of memory in use: 52% Total physical RAM: 3069.86 MB Available physical RAM: 1467.18 MB Total Pagefile: 4965.96 MB Available Pagefile: 3318.11 MB Total Virtual: 2047.88 MB Available Virtual: 1945.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:68.33 GB) (Free:4.81 GB) NTFS Drive e: (DATA) (Fixed) (Total:273.4 GB) (Free:53.54 GB) NTFS Drive f: (DATA) (Network) (Total:273.4 GB) (Free:53.54 GB) NTFS Drive i: (PHOTOS) (Fixed) (Total:931.51 GB) (Free:738.15 GB) NTFS Drive o: (DATA) (Network) (Total:273.4 GB) (Free:53.54 GB) NTFS Drive p: (DATA) (Network) (Total:273.4 GB) (Free:53.54 GB) NTFS Drive q: (DATA) (Network) (Total:273.4 GB) (Free:53.54 GB) NTFS Drive s: (DATA) (Network) (Total:273.4 GB) (Free:53.54 GB) NTFS Drive t: (DATA) (Network) (Total:273.4 GB) (Free:53.54 GB) NTFS Drive x: () (Network) (Total:136.44 GB) (Free:68.6 GB) NTFS Drive y: () (Network) (Total:136.44 GB) (Free:68.6 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 68 GB) (Disk ID: 94249424) Partition 1: (Active) - (Size=68 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 273 GB) (Disk ID: 278DB745) Partition 1: (Not Active) - (Size=273 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: D8621C63) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Part 2 of the above(it would not fit in one single post. it was too long 2013-12-27 15:17 - 2014-01-17 11:23 - 00000000 ____D C:\WINDOWS\ie8updates 2013-12-27 15:17 - 2013-12-27 15:18 - 00110337 _____ C:\WINDOWS\KB982381-IE8.log 2013-12-27 15:17 - 2013-10-29 01:23 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2013-12-27 15:17 - 2013-10-29 01:23 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2013-12-27 15:17 - 2013-10-29 01:23 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2013-12-27 15:16 - 2013-12-27 15:17 - 00101093 _____ C:\WINDOWS\KB982632-IE8.log 2013-12-27 15:16 - 2010-04-16 06:06 - 00041984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll 2013-12-27 15:13 - 2013-12-27 15:16 - 00099011 _____ C:\WINDOWS\ie8.log 2013-12-27 15:13 - 2013-12-27 15:16 - 00000000 __HDC C:\WINDOWS\ie8 2013-12-27 14:04 - 2013-12-27 14:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$ 2013-12-27 14:04 - 2013-12-27 14:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$ 2013-12-27 14:03 - 2013-12-27 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$ 2013-12-27 13:56 - 2014-01-15 03:04 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-12-27 13:53 - 2013-12-27 13:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2742604$ 2013-12-27 13:52 - 2013-12-27 13:56 - 00018509 _____ C:\WINDOWS\KB2742604.log 2013-12-27 13:45 - 2013-12-27 13:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2655992$ 2013-12-27 13:44 - 2013-12-27 13:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$ 2013-12-27 13:42 - 2013-12-27 13:43 - 00011209 _____ C:\WINDOWS\KB2864058.log 2013-12-27 13:42 - 2013-12-27 13:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864058$ 2013-12-27 13:41 - 2013-12-27 13:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$ 2013-12-27 13:39 - 2013-12-27 13:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$ 2013-12-27 13:36 - 2013-12-27 13:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2833949$ 2013-12-27 13:34 - 2013-12-27 13:38 - 00013724 _____ C:\WINDOWS\KB2833949.log 2013-12-27 13:33 - 2013-12-27 13:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$ 2013-12-27 13:28 - 2013-12-27 13:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$ 2013-12-27 13:01 - 2013-12-27 13:02 - 00008363 _____ C:\WINDOWS\KB2904266.log 2013-12-27 13:01 - 2013-12-27 13:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$ 2013-12-27 12:59 - 2013-12-27 12:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$ 2013-12-27 12:41 - 2013-12-27 12:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$ 2013-12-27 11:55 - 2013-07-20 13:18 - 00146432 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys 2013-12-27 11:55 - 2013-07-20 13:18 - 00032128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys 2013-12-27 11:55 - 2013-07-20 13:18 - 00030720 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys 2013-12-27 11:55 - 2013-07-20 13:18 - 00020992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbuhci.sys 2013-12-27 11:55 - 2013-07-20 13:18 - 00017664 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbohci.sys 2013-12-27 11:55 - 2013-07-20 13:18 - 00005760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys 2013-12-27 11:54 - 2013-12-27 15:53 - 00092793 _____ C:\WINDOWS\KB2847311.log 2013-12-27 11:54 - 2013-12-27 15:46 - 00092858 _____ C:\WINDOWS\KB2868626.log 2013-12-27 11:53 - 2013-12-27 15:45 - 00094076 _____ C:\WINDOWS\KB2820917.log 2013-12-27 11:53 - 2013-12-27 15:44 - 00171193 _____ C:\WINDOWS\KB2898785-IE7.log 2013-12-27 11:53 - 2013-12-27 15:37 - 00092355 _____ C:\WINDOWS\KB2712808.log 2013-12-27 11:53 - 2013-12-27 15:37 - 00090632 _____ C:\WINDOWS\KB2892076.log 2013-12-27 11:53 - 2013-12-27 15:36 - 00091841 _____ C:\WINDOWS\KB2727528.log 2013-12-27 11:53 - 2013-12-27 15:36 - 00089518 _____ C:\WINDOWS\KB2845187.log 2013-12-27 11:53 - 2013-12-27 15:32 - 00092211 _____ C:\WINDOWS\KB2749655.log 2013-12-27 11:53 - 2013-12-27 15:30 - 00089064 _____ C:\WINDOWS\KB2803821-v2.log 2013-12-27 11:53 - 2013-07-17 05:06 - 00060544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys 2013-12-27 11:53 - 2013-07-17 05:06 - 00020480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys 2013-12-27 11:53 - 2012-08-21 06:56 - 00153600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\volsnap.sys 2013-12-27 11:52 - 2013-12-27 15:29 - 00091672 _____ C:\WINDOWS\KB2691442.log 2013-12-27 11:52 - 2013-12-27 15:28 - 00091439 _____ C:\WINDOWS\KB2705219-v2.log 2013-12-27 11:52 - 2013-12-27 15:28 - 00088080 _____ C:\WINDOWS\KB2850869.log 2013-12-27 11:52 - 2013-12-27 15:27 - 00087597 _____ C:\WINDOWS\KB2893294.log 2013-12-27 11:52 - 2013-07-02 19:01 - 00025472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys 2013-12-27 11:52 - 2013-07-02 18:52 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys 2013-12-27 11:51 - 2013-12-27 14:05 - 00025055 _____ C:\WINDOWS\KB2758857.log 2013-12-27 11:51 - 2013-12-27 14:04 - 00022194 _____ C:\WINDOWS\KB2893984.log 2013-12-27 11:51 - 2013-12-27 14:04 - 00021710 _____ C:\WINDOWS\KB2876217.log 2013-12-27 11:50 - 2013-12-27 13:46 - 00023869 _____ C:\WINDOWS\KB2655992.log 2013-12-27 11:50 - 2013-12-27 13:45 - 00023130 _____ C:\WINDOWS\KB2859537.log 2013-12-27 11:49 - 2013-12-27 13:42 - 00017934 _____ C:\WINDOWS\KB2898715.log 2013-12-27 11:49 - 2013-12-27 13:40 - 00016929 _____ C:\WINDOWS\KB2862152.log 2013-12-27 11:49 - 2013-12-27 13:34 - 00016314 _____ C:\WINDOWS\KB2864063.log 2013-12-27 11:49 - 2013-12-27 13:29 - 00015916 _____ C:\WINDOWS\KB2876331.log 2013-12-27 11:48 - 2013-12-27 13:00 - 00017683 _____ C:\WINDOWS\KB2719985.log 2013-12-27 11:47 - 2013-12-27 12:43 - 00016772 _____ C:\WINDOWS\KB2780091.log 2013-12-27 08:12 - 2012-06-02 15:19 - 00015384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll.mui ==================== One Month Modified Files and Folders ======= 2014-01-21 15:01 - 2014-01-21 12:26 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1 2014-01-21 15:00 - 2014-01-21 14:59 - 00017367 _____ C:\Documents and Settings\Administrator.DOMAIN\Desktop\FRST.txt 2014-01-21 14:58 - 2014-01-21 14:58 - 00000000 ____D C:\FRST 2014-01-21 14:56 - 2008-04-02 04:32 - 00000000 ____D C:\WINDOWS\system32\dhcp 2014-01-21 14:55 - 2014-01-21 14:58 - 01222144 _____ (Farbar) C:\Documents and Settings\Administrator.DOMAIN\Desktop\FRST.exe 2014-01-21 12:29 - 2008-04-02 05:03 - 00000478 ____C C:\WINDOWS\system32\cpl.cfg 2014-01-21 12:00 - 2008-04-05 18:29 - 00000492 _____ C:\WINDOWS\Tasks\ShadowCopyVolume{d628b6fb-00f1-11dd-88ee-001cc4ef78fc}.job 2014-01-21 11:36 - 2008-04-02 12:07 - 01143480 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-21 11:33 - 2012-02-18 00:43 - 00880360 _____ C:\WINDOWS\setupapi.log 2014-01-21 03:01 - 2008-04-02 12:06 - 00000000 ____D C:\WINDOWS\Registration 2014-01-21 03:00 - 2008-04-04 13:27 - 49341684 _____ C:\WINDOWS\system32\besnmp.TRC 2014-01-21 00:04 - 2008-04-02 04:32 - 00000000 ____D C:\WINDOWS\security 2014-01-20 08:03 - 2014-01-03 07:30 - 00000971 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dw.log 2014-01-20 07:58 - 2014-01-02 08:19 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job 2014-01-20 07:57 - 2008-04-11 13:08 - 00000000 ____D C:\WINDOWS\system32\CertLog 2014-01-20 07:57 - 2008-04-02 04:32 - 00000000 ____D C:\WINDOWS\system32\inetsrv 2014-01-20 07:55 - 2008-04-02 04:32 - 00000000 ____D C:\WINDOWS\system32\wins 2014-01-20 07:54 - 2013-11-20 15:41 - 00004342 _____ C:\WINDOWS\system32\TEST.log 2014-01-20 07:54 - 2008-04-07 11:31 - 00000000 ____D C:\WINDOWS\system32\LServer 2014-01-20 07:54 - 2008-04-04 14:17 - 00002472 ____C C:\WINDOWS\system32\config\netlogon.dnb 2014-01-20 07:54 - 2008-04-04 14:17 - 00002347 ____C C:\WINDOWS\system32\config\netlogon.dns 2014-01-20 07:54 - 2008-04-02 04:29 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2014-01-20 07:52 - 2008-04-04 13:59 - 00000000 ____D C:\WINDOWS\NTDS 2014-01-20 07:52 - 2008-04-02 12:14 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT 2014-01-19 03:01 - 2008-04-03 10:49 - 00000178 __SHC C:\Documents and Settings\Administrator.DOMAIN\ntuser.ini 2014-01-18 03:13 - 2014-01-17 11:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2014-01-18 03:13 - 2008-04-02 12:14 - 00109400 ____C C:\WINDOWS\PFRO.log 2014-01-18 03:10 - 2008-04-02 12:14 - 00032634 _____ C:\WINDOWS\Tasks\SchedLgU.Txt 2014-01-18 03:09 - 2014-01-02 08:19 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt 2014-01-18 03:09 - 2008-04-04 14:38 - 00524288 _____ C:\WINDOWS\system32\config\DnsEvent.Evt 2014-01-18 03:09 - 2008-04-04 14:00 - 00524288 _____ C:\WINDOWS\system32\config\NTDS.Evt 2014-01-18 03:09 - 2008-04-04 14:00 - 00065536 _____ C:\WINDOWS\system32\config\NtFrs.Evt 2014-01-18 03:03 - 2014-01-18 03:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB963093$ 2014-01-18 03:03 - 2014-01-18 03:02 - 00125954 _____ C:\WINDOWS\KB963093.log 2014-01-18 03:03 - 2014-01-17 10:44 - 00000000 ____D C:\Program Files\Windows Desktop Search 2014-01-18 03:03 - 2008-04-02 15:04 - 00219811 ____C C:\WINDOWS\updspapi.log 2014-01-18 03:03 - 2008-04-02 13:37 - 00820810 ____C C:\WINDOWS\nfsocm.log 2014-01-18 03:03 - 2008-04-02 13:37 - 00307444 ____C C:\WINDOWS\sfuocgen.log 2014-01-18 03:03 - 2008-04-02 13:37 - 00083322 ____C C:\WINDOWS\ocwss.log 2014-01-18 03:03 - 2008-04-02 13:37 - 00081342 ____C C:\WINDOWS\AdfsOcm.log 2014-01-18 03:03 - 2008-04-02 04:41 - 03085335 ____C C:\WINDOWS\iis6.log 2014-01-18 03:03 - 2008-04-02 04:41 - 02419474 ____C C:\WINDOWS\ocgen.log 2014-01-18 03:03 - 2008-04-02 04:41 - 02124250 ____C C:\WINDOWS\FaxSetup.log 2014-01-18 03:03 - 2008-04-02 04:41 - 01518312 ____C C:\WINDOWS\uddisetup.log 2014-01-18 03:03 - 2008-04-02 04:41 - 00995874 ____C C:\WINDOWS\msmqinst.log 2014-01-18 03:03 - 2008-04-02 04:41 - 00917715 ____C C:\WINDOWS\tsoc.log 2014-01-18 03:03 - 2008-04-02 04:41 - 00648564 ____C C:\WINDOWS\comsetup.log 2014-01-18 03:03 - 2008-04-02 04:41 - 00492177 ____C C:\WINDOWS\certocm.log 2014-01-18 03:03 - 2008-04-02 04:41 - 00440873 ____C C:\WINDOWS\ntdtcsetup.log 2014-01-18 03:03 - 2008-04-02 04:41 - 00355418 ____C C:\WINDOWS\netfxocm.log 2014-01-18 03:03 - 2008-04-02 04:41 - 00306514 ____C C:\WINDOWS\aspnetocm.log 2014-01-18 03:03 - 2008-04-02 04:41 - 00219173 ____C C:\WINDOWS\LicenOc.log 2014-01-18 03:03 - 2008-04-02 04:41 - 00107336 ____C C:\WINDOWS\pop3oc.log 2014-01-18 03:03 - 2008-04-02 04:41 - 00003423 _____ C:\WINDOWS\imsins.log 2014-01-18 03:01 - 2014-01-18 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$ 2014-01-18 03:01 - 2014-01-17 18:42 - 00014475 _____ C:\WINDOWS\KB2813345.log 2014-01-18 03:01 - 2008-04-02 04:41 - 00003423 _____ C:\WINDOWS\imsins.BAK 2014-01-17 18:42 - 2008-04-02 12:09 - 00000000 ___HD C:\WINDOWS\$hf_mig$ 2014-01-17 16:12 - 2008-04-02 15:16 - 00052441 ____C C:\WINDOWS\spupdsvc.log 2014-01-17 16:06 - 2014-01-17 10:48 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt 2014-01-17 16:06 - 2014-01-17 10:48 - 00065536 _____ C:\WINDOWS\system32\config\FwdEvents.Evt 2014-01-17 16:06 - 2014-01-17 10:48 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt 2014-01-17 16:06 - 2014-01-17 10:48 - 00065536 _____ C:\WINDOWS\system32\config\EventCollector-Operational.Evt 2014-01-17 13:24 - 2008-04-02 04:32 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2014-01-17 13:08 - 2014-01-17 10:42 - 00014682 _____ C:\WINDOWS\KB2808679.log 2014-01-17 13:07 - 2014-01-17 13:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$ 2014-01-17 13:06 - 2014-01-17 13:03 - 03366632 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939v3_20140117_125914558-Microsoft .NET Framework 4 Extended-MSP1.txt 2014-01-17 13:06 - 2014-01-17 12:59 - 00068410 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939v3_20140117_125914558.html 2014-01-17 13:05 - 2008-04-02 04:41 - 00947444 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2014-01-17 13:04 - 2014-01-17 13:04 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_190451_703.txt 2014-01-17 13:03 - 2014-01-17 12:59 - 10854738 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939v3_20140117_125914558-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 12:59 - 2014-01-17 12:59 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939v3_10.0.30319 2014-01-17 12:59 - 2014-01-17 10:52 - 00069339 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_clwireg.txt 2014-01-17 12:58 - 2014-01-17 12:55 - 03182994 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2858302v2_20140117_125038090-Microsoft .NET Framework 4 Extended-MSP1.txt 2014-01-17 12:58 - 2014-01-17 12:50 - 00068536 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2858302v2_20140117_125038090.html 2014-01-17 12:57 - 2014-01-17 12:57 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00009.log 2014-01-17 12:56 - 2014-01-17 12:56 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_185650_905.txt 2014-01-17 12:55 - 2014-01-17 12:50 - 10431726 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2858302v2_20140117_125038090-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 12:50 - 2014-01-17 12:50 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2858302v2_10.0.30319 2014-01-17 12:50 - 2014-01-17 12:45 - 09971648 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2861188_20140117_124507791-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 12:50 - 2014-01-17 12:45 - 00065446 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2861188_20140117_124507791.html 2014-01-17 12:45 - 2014-01-17 12:45 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2861188_10.0.30319 2014-01-17 12:44 - 2014-01-17 12:43 - 00013701 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00008.log 2014-01-17 12:44 - 2014-01-17 12:39 - 14785174 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2836941_20140117_183951873-Msi0.txt 2014-01-17 12:44 - 2014-01-17 12:39 - 00500794 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2836941_20140117_183951873.html 2014-01-17 12:39 - 2014-01-17 12:33 - 09655324 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2840628v2_20140117_123339027-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 12:39 - 2014-01-17 12:33 - 00065638 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2840628v2_20140117_123339027.html 2014-01-17 12:33 - 2014-01-17 12:33 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2840628v2_10.0.30319 2014-01-17 12:33 - 2014-01-17 12:26 - 09205346 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2835393_20140117_122653306-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 12:33 - 2014-01-17 12:26 - 00065622 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2835393_20140117_122653306.html 2014-01-17 12:26 - 2014-01-17 12:26 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2835393_10.0.30319 2014-01-17 12:26 - 2014-01-17 12:23 - 02955992 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939_20140117_121931496-Microsoft .NET Framework 4 Extended-MSP1.txt 2014-01-17 12:26 - 2014-01-17 12:19 - 00068992 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939_20140117_121931496.html 2014-01-17 12:25 - 2014-01-17 12:25 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00007.log 2014-01-17 12:24 - 2014-01-17 12:24 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_182442_113.txt 2014-01-17 12:23 - 2014-01-17 12:19 - 08713432 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939_20140117_121931496-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 12:19 - 2014-01-17 12:19 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939_10.0.30319 2014-01-17 12:19 - 2014-01-17 12:14 - 08293086 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2789642_20140117_121438244-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 12:19 - 2014-01-17 12:14 - 00065284 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2789642_20140117_121438244.html 2014-01-17 12:14 - 2014-01-17 12:14 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2789642_10.0.30319 2014-01-17 12:14 - 2014-01-17 12:11 - 02721352 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2736428_20140117_120729091-Microsoft .NET Framework 4 Extended-MSP1.txt 2014-01-17 12:14 - 2014-01-17 12:07 - 00062058 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2736428_20140117_120729091.html 2014-01-17 12:13 - 2014-01-17 12:13 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00006.log 2014-01-17 12:12 - 2014-01-17 12:12 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_181239_775.txt 2014-01-17 12:11 - 2014-01-17 12:07 - 07861306 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2736428_20140117_120729091-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 12:07 - 2014-01-17 12:07 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2736428_10.0.30319 2014-01-17 12:07 - 2014-01-17 12:04 - 02527842 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2742595_20140117_115831122-Microsoft .NET Framework 4 Extended-MSP1.txt 2014-01-17 12:07 - 2014-01-17 11:58 - 00061978 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2742595_20140117_115831122.html 2014-01-17 12:06 - 2014-01-17 12:05 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00005.log 2014-01-17 12:05 - 2014-01-17 12:05 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_180520_890.txt 2014-01-17 12:04 - 2014-01-17 11:58 - 07573974 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2742595_20140117_115831122-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 11:58 - 2014-01-17 11:58 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2742595_10.0.30319 2014-01-17 11:58 - 2014-01-17 11:52 - 07169322 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2729449_20140117_115244104-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 11:58 - 2014-01-17 11:52 - 00059476 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2729449_20140117_115244104.html 2014-01-17 11:52 - 2014-01-17 11:52 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2729449_10.0.30319 2014-01-17 11:52 - 2014-01-17 11:47 - 06771040 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2737019_20140117_114717408-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 11:52 - 2014-01-17 11:47 - 00059140 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2737019_20140117_114717408.html 2014-01-17 11:47 - 2014-01-17 11:47 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2737019_10.0.30319 2014-01-17 11:46 - 2014-01-17 11:46 - 01043234 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SilverlightMSI.log 2014-01-17 11:45 - 2014-01-17 11:38 - 06452408 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2604121_20140117_113841343-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 11:45 - 2014-01-17 11:38 - 00059914 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2604121_20140117_113841343.html 2014-01-17 11:38 - 2014-01-17 11:38 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2604121_10.0.30319 2014-01-17 11:37 - 2014-01-17 11:37 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQLBF9.mft 2014-01-17 11:35 - 2014-01-17 11:30 - 02348240 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2600217_20140117_112425337-Microsoft .NET Framework 4 Extended-MSP1.txt 2014-01-17 11:35 - 2014-01-17 11:24 - 00062488 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2600217_20140117_112425337.html 2014-01-17 11:34 - 2014-01-17 11:33 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00004.log 2014-01-17 11:33 - 2014-01-17 11:33 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_173322_569.txt 2014-01-17 11:30 - 2014-01-17 11:24 - 06005988 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2600217_20140117_112425337-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 11:24 - 2014-01-17 11:24 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2600217_10.0.30319 2014-01-17 11:24 - 2014-01-17 11:22 - 00011290 _____ C:\WINDOWS\KB2632503-IE8.log 2014-01-17 11:23 - 2013-12-27 15:17 - 00000000 ____D C:\WINDOWS\ie8updates 2014-01-17 11:22 - 2014-01-17 11:18 - 02128980 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2468871v2_20140117_110959222-Microsoft .NET Framework 4 Extended-MSP1.txt 2014-01-17 11:22 - 2014-01-17 11:09 - 00058512 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2468871v2_20140117_110959222.html 2014-01-17 11:20 - 2014-01-17 11:20 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00003.log 2014-01-17 11:19 - 2014-01-17 11:19 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_171956_835.txt 2014-01-17 11:18 - 2014-01-17 11:10 - 05647328 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2468871v2_20140117_110959222-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2468871v2_10.0.30319 2014-01-17 11:09 - 2014-01-17 11:03 - 05211426 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2533523_20140117_105636110-Microsoft .NET Framework 4 Client Profile-MSP1.txt 2014-01-17 11:09 - 2014-01-17 10:56 - 00058482 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2533523_20140117_105636110.html 2014-01-17 11:03 - 2014-01-17 10:56 - 02008886 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2533523_20140117_105636110-Microsoft .NET Framework 4 Extended-MSP0.txt 2014-01-17 10:58 - 2014-01-17 10:58 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00002.log 2014-01-17 10:57 - 2014-01-17 10:57 - 00003752 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_165732_063.txt 2014-01-17 10:56 - 2014-01-17 10:56 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2533523_10.0.30319 2014-01-17 10:56 - 2014-01-17 10:52 - 01729794 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2487367_20140117_105231032-Microsoft .NET Framework 4 Extended-MSP0.txt 2014-01-17 10:56 - 2014-01-17 10:52 - 00055262 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2487367_20140117_105231032.html 2014-01-17 10:54 - 2014-01-17 10:53 - 00014110 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00001.log 2014-01-17 10:53 - 2014-01-17 10:53 - 00003752 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_165325_923.txt 2014-01-17 10:52 - 2014-01-17 10:52 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2487367_10.0.30319 2014-01-17 10:52 - 2014-01-17 10:51 - 00011111 _____ C:\WINDOWS\KB2492386.log 2014-01-17 10:51 - 2014-01-17 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$ 2014-01-17 10:51 - 2014-01-17 10:50 - 00011646 _____ C:\WINDOWS\KB2481109.log 2014-01-17 10:51 - 2014-01-17 10:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2481109$ 2014-01-17 10:48 - 2014-01-17 10:48 - 00000000 __HDC C:\WINDOWS\$950099Uinstall_KB968930$ 2014-01-17 10:48 - 2014-01-17 10:48 - 00000000 ____D C:\WINDOWS\system32\winrm 2014-01-17 10:48 - 2014-01-17 10:48 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell 2014-01-17 10:48 - 2014-01-17 10:48 - 00000000 ____D C:\WINDOWS\$NtUninstallKB968930$ 2014-01-17 10:48 - 2008-04-02 04:32 - 00000000 ____D C:\WINDOWS\Help 2014-01-17 10:47 - 2014-01-17 10:47 - 00006058 _____ C:\WINDOWS\KB943729.log 2014-01-17 10:47 - 2014-01-17 10:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB943729$ 2014-01-17 10:47 - 2014-01-17 10:46 - 00009443 _____ C:\WINDOWS\KB956744.log 2014-01-17 10:46 - 2014-01-17 10:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956744$ 2014-01-17 10:46 - 2014-01-17 10:46 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Application Data\Windows Desktop Search 2014-01-17 10:46 - 2014-01-17 10:43 - 00026311 _____ C:\WINDOWS\KB940157.log 2014-01-17 10:44 - 2014-01-17 10:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB940157$ 2014-01-17 10:44 - 2014-01-17 10:43 - 00005910 _____ C:\WINDOWS\KB915800-v9.log 2014-01-17 10:43 - 2014-01-17 10:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB915800-v9$ 2014-01-17 10:06 - 2014-01-17 10:04 - 02095678 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 4 Setup_20140117_095936614-MSI_netfx_Extended_x86.msi.txt 2014-01-17 10:06 - 2014-01-17 09:59 - 00680390 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 4 Setup_20140117_095936614.html 2014-01-17 10:04 - 2014-01-17 10:04 - 00003752 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_160436_255.txt 2014-01-17 10:04 - 2014-01-17 09:59 - 05029466 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 4 Setup_20140117_095936614-MSI_netfx_Core_x86.msi.txt 2014-01-17 10:00 - 2008-04-04 13:19 - 00000000 ____D C:\Program Files\Microsoft.NET 2014-01-17 09:59 - 2014-01-17 09:59 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 4 Setup_4.0.30319 2014-01-17 09:37 - 2014-01-17 09:36 - 00017392 _____ C:\WINDOWS\KB925876.log 2014-01-17 09:36 - 2014-01-17 09:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB925876$ 2014-01-17 09:34 - 2014-01-17 09:34 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL21E.mft 2014-01-17 08:23 - 2008-04-04 13:18 - 00000000 ____D C:\Program Files\Microsoft SQL Server 2014-01-17 08:22 - 2008-04-04 14:14 - 00065536 _____ C:\WINDOWS\NETLOGON.CHG 2014-01-17 08:19 - 2014-01-03 11:30 - 00000238 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\JavaDeployReg.log 2014-01-17 08:11 - 2014-01-17 08:11 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL65.mft 2014-01-17 08:04 - 2014-01-17 08:04 - 00000000 __SHD C:\Documents and Settings\Administrator.DOMAIN\IECompatCache 2014-01-17 08:04 - 2008-04-03 10:49 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN 2014-01-17 07:48 - 2008-04-07 15:30 - 26223566 _____ C:\WINDOWS\system32\Dashboard.log 2014-01-17 07:34 - 2014-01-17 07:34 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\2 2014-01-16 15:02 - 2008-04-08 08:56 - 00002267 _____ C:\Documents and Settings\Administrator.DOMAIN\Desktop\Active Directory Users and Computers.lnk 2014-01-16 08:55 - 2014-01-16 08:55 - 00000705 _____ C:\Documents and Settings\Administrator.DOMAIN\Desktop\Shortcut to scripts.lnk 2014-01-16 05:33 - 2014-01-05 22:46 - 02316684 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MLDCN01.DR.TMP 2014-01-16 05:33 - 2014-01-05 22:46 - 00052456 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\asrpnp.sif 2014-01-16 05:33 - 2014-01-05 22:46 - 00003800 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\asr.sif 2014-01-16 05:29 - 2010-09-01 16:01 - 00000000 ___HD C:\Backup Exec AOFO Store 2014-01-16 05:29 - 2008-04-02 04:32 - 00000000 ____D C:\WINDOWS\repair 2014-01-15 03:06 - 2014-01-15 03:04 - 00005891 _____ C:\WINDOWS\KB2914368.log 2014-01-15 03:05 - 2014-01-15 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$ 2014-01-15 03:04 - 2013-12-27 13:56 - 00000000 ____D C:\WINDOWS\system32\MRT 2014-01-15 03:00 - 2008-04-03 10:42 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-01-15 00:30 - 2014-01-02 08:19 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2014-01-13 16:47 - 2008-04-03 10:50 - 00000738 _____ C:\Documents and Settings\Administrator.DOMAIN\Start Menu\Programs\Outlook Express.lnk 2014-01-09 07:23 - 2014-01-09 07:23 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL129.mft 2014-01-08 15:32 - 2014-01-08 15:32 - 00000451 ____T C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\CCI24.tmp 2014-01-08 15:32 - 2014-01-08 15:32 - 00000451 ____T C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\CCI23.tmp 2014-01-08 15:32 - 2014-01-08 15:32 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\PJBPFSPW 2014-01-08 15:15 - 2014-01-08 15:14 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\WERcac1.dir00 2014-01-08 12:21 - 2014-01-08 12:21 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL16.mft 2014-01-08 11:23 - 2014-01-08 11:27 - 01233962 _____ C:\Documents and Settings\Administrator.DOMAIN\Desktop\adwcleaner.exe 2014-01-08 09:39 - 2008-04-02 04:41 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2014-01-08 09:37 - 2014-01-08 09:37 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL78.mft 2014-01-08 08:32 - 2014-01-08 08:15 - 00000000 ____D C:\Program Files\Anvisoft 2014-01-08 08:29 - 2013-11-15 10:14 - 00000000 ____D C:\Program Files\PowerDataRecovery 2014-01-08 08:21 - 2014-01-08 08:21 - 00000004 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\AST_INSTALL.TMP 2014-01-08 08:15 - 2014-01-08 08:15 - 00000004 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\AUD_INSTALL.TMP 2014-01-08 07:49 - 2014-01-08 07:49 - 00000848 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MSI570a9.LOG 2014-01-08 07:49 - 2014-01-08 07:48 - 00000876 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MSI570a8.LOG 2014-01-08 07:48 - 2014-01-08 07:48 - 00000866 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MSI570a7.LOG 2014-01-08 07:36 - 2014-01-08 07:36 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQLF9.mft 2014-01-08 07:33 - 2008-04-04 11:30 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\{CA648C72-66AB-4652-A825-9994AB5F6D15} 2014-01-08 07:31 - 2008-04-04 13:28 - 00035586 ____C C:\WINDOWS\system32\BEPerfDll.ini 2014-01-08 07:31 - 2008-04-04 13:28 - 00005382 ____C C:\WINDOWS\system32\BEPerfDll.h 2014-01-08 07:18 - 2014-01-08 07:18 - 00000036 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\UMI_ERRORS.TXT 2014-01-08 05:59 - 2014-01-08 05:55 - 00000178 ___SH C:\Documents and Settings\mjc\ntuser.ini 2014-01-08 05:59 - 2014-01-08 05:55 - 00000000 ____D C:\Documents and Settings\mjc 2014-01-08 05:55 - 2014-01-08 05:55 - 00000803 _____ C:\Documents and Settings\mjc\Start Menu\Programs\Internet Explorer.lnk 2014-01-08 05:55 - 2014-01-08 05:55 - 00000738 _____ C:\Documents and Settings\mjc\Start Menu\Programs\Outlook Express.lnk 2014-01-08 05:55 - 2014-01-08 05:55 - 00000000 __SHD C:\Documents and Settings\mjc\IETldCache 2014-01-08 05:55 - 2014-01-08 05:55 - 00000000 ___RD C:\Documents and Settings\mjc\Start Menu\Programs\Accessories 2014-01-08 05:55 - 2008-04-02 12:09 - 00005670 ____C C:\WINDOWS\wmsetup.log 2014-01-06 15:39 - 2014-01-06 15:39 - 00002014 _____ C:\Documents and Settings\Administrator.DOMAIN\Desktop\HiJackThis.lnk 2014-01-06 15:39 - 2014-01-06 15:39 - 00000000 ____D C:\Program Files\Trend Micro 2014-01-06 15:39 - 2014-01-06 15:39 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Start Menu\Programs\HiJackThis 2014-01-06 12:43 - 2014-01-06 12:43 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL36.mft 2014-01-06 11:40 - 2008-04-04 13:28 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2014-01-06 11:39 - 2008-04-02 13:39 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups 2014-01-06 11:33 - 2008-04-04 13:27 - 00000000 ____D C:\WINDOWS\FltMgr 2014-01-06 09:08 - 2014-01-06 08:23 - 00001623 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\jusched.log 2014-01-06 08:23 - 2014-01-06 08:23 - 00004162 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\java_install_sp.log 2014-01-06 08:23 - 2014-01-06 08:23 - 00001178 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\jinstall.cfg 2014-01-06 08:12 - 2014-01-06 08:13 - 00700783 _____ (Swearware) C:\Documents and Settings\Administrator.DOMAIN\Desktop\dds+.exe 2014-01-06 07:58 - 2008-04-11 13:17 - 00001126 ____C C:\WINDOWS\certmmc.log 2014-01-06 07:50 - 2014-01-06 07:50 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL5D.mft 2014-01-04 03:01 - 2012-10-02 09:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2014-01-03 16:16 - 2014-01-03 16:07 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Desktop\RK_Quarantine 2014-01-03 16:16 - 2014-01-03 11:29 - 00016221 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\scm-ui.log 2014-01-03 16:16 - 2014-01-03 11:29 - 00002162 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\scm-ui.err 2014-01-03 16:16 - 2010-08-09 12:11 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\hsperfdata_administrator 2014-01-03 16:15 - 2014-01-03 16:11 - 00492000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdf01000.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\update.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00247360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip6.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wlbs.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00152200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpwd.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00136496 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WimFltr.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00122624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scsiport.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\videoprt.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sacdrv.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\redbook.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00049664 _____ (LSI Logic) C:\WINDOWS\system32\Drivers\symmpi.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00043696 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\srtspx.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00041608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\termdd.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00039984 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\VirtFile.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00032688 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\tpfilter.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00032224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdfldr.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00032128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciidex.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00024200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdtcp.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vgapnp.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vga.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdi.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00020480 _____ (Parallel Technologies, Inc.) C:\WINDOWS\system32\Drivers\ptilink.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\WINDOWS\system32\Drivers\secdrv.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00020272 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SCSICHNG.SYS.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspti.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023x.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00012936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdpipe.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\watchdog.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmilib.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpcdd.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00005760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciide.sys.bak 2014-01-03 16:15 - 2014-01-03 16:11 - 00004736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swenum.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00214016 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\cpqteam.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmio.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ftdisk.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltmgr.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00117248 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\hpqilo2.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00100864 _____ (LSI Logic) C:\WINDOWS\system32\Drivers\lsi_scsi.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipsec.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxg.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00071184 _____ (Raxco Software, Inc.) C:\WINDOWS\system32\Drivers\DefragFS.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00065072 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\HpCISSs2.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00045848 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\LMIRfsDriver.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fips.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\imapi.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00039472 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\halfinch.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpc.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ip6fw.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00035592 _____ (Hewlett-Packard) C:\WINDOWS\system32\Drivers\hptapefltr.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfs.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipfltdrv.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00025472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fdc.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00023552 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\hpcisss.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbatt.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssmbios.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crcdisk.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00016384 _____ (Hewlett-Packard) C:\WINDOWS\system32\Drivers\hplto.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irenum.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxapi.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00010144 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\lmimirr.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmload.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mnmdd.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgthk.sys.bak 2014-01-03 16:15 - 2014-01-03 16:10 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys.bak 2014-01-03 16:14 - 2014-01-03 16:10 - 01431040 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati2mtag.sys.bak 2014-01-03 16:14 - 2014-01-03 16:10 - 00385536 _____ (Broadcom Corporation) C:\WINDOWS\system32\Drivers\bxvbdx.sys.bak 2014-01-03 16:14 - 2014-01-03 16:10 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys.bak 2014-01-03 16:14 - 2014-01-03 16:10 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys.bak 2014-01-03 16:14 - 2014-01-03 16:10 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys.bak 2014-01-03 16:14 - 2014-01-03 16:10 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmarpc.sys.bak 2014-01-03 16:14 - 2014-01-03 16:10 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\classpnp.sys.bak 2014-01-03 16:14 - 2014-01-03 16:10 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys.bak 2014-01-03 16:14 - 2014-01-03 16:10 - 00050176 _____ (Broadcom Corporation) C:\WINDOWS\system32\Drivers\bxnd52x.sys.bak 2014-01-03 16:14 - 2014-01-03 16:10 - 00035888 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\cpqcidrv.sys.bak 2014-01-03 16:14 - 2014-01-03 16:10 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\asyncmac.sys.bak 2014-01-03 16:14 - 2014-01-03 16:10 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\battc.sys.bak 2014-01-03 16:14 - 2014-01-03 16:10 - 00010624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\compbatt.sys.bak 2014-01-03 16:14 - 2014-01-03 16:10 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys.bak 2014-01-03 16:14 - 2014-01-03 16:10 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\audstub.sys.bak 2014-01-03 11:40 - 2008-04-03 10:50 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2014-01-03 11:36 - 2014-01-03 11:33 - 05347820 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SEP_INST.LOG 2014-01-03 11:35 - 2014-01-03 11:35 - 00000586 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\srtUnin.log 2014-01-03 11:35 - 2014-01-03 11:34 - 00136496 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2014-01-03 11:35 - 2014-01-03 11:34 - 00060808 _____ (Symantec Corporation) C:\WINDOWS\system32\S32EVNT1.DLL 2014-01-03 11:35 - 2014-01-03 11:34 - 00018748 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SYMEVENT.LOG 2014-01-03 11:35 - 2014-01-03 11:34 - 00010652 _____ C:\WINDOWS\system32\Drivers\SYMEVENT.CAT 2014-01-03 11:35 - 2008-04-03 10:50 - 00000000 ____D C:\Program Files\Symantec 2014-01-03 11:31 - 2014-01-03 11:31 - 00000000 __SHD C:\Documents and Settings\Administrator.DOMAIN\PrivacIE 2014-01-03 11:29 - 2014-01-03 11:29 - 00000097 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\sesm.xml 2014-01-03 11:28 - 2014-01-03 11:28 - 00000276 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MSIfcc4f.LOG 2014-01-03 11:25 - 2014-01-03 11:25 - 00376832 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\~DFB56D.tmp 2014-01-03 11:00 - 2014-01-03 11:00 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL5B.mft 2014-01-03 07:40 - 2014-01-03 07:39 - 00000000 ____D C:\Program Files\Mozilla Firefox 2014-01-03 07:27 - 2013-12-16 06:55 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1813487859 2014-01-03 07:27 - 2013-12-16 06:50 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1813187828 2014-01-03 07:27 - 2013-12-16 06:45 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1812887781 2014-01-03 07:27 - 2013-12-16 06:40 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1812587750 2014-01-03 07:27 - 2013-12-16 06:35 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1812287718 2014-01-03 07:27 - 2013-12-16 06:30 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1811987687 2014-01-03 07:27 - 2013-12-16 06:25 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1811687656 2014-01-03 07:27 - 2013-12-16 06:20 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1811387625 2014-01-03 07:27 - 2013-12-16 06:15 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1811087593 2014-01-03 07:27 - 2013-12-16 06:10 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1810787562 2014-01-03 07:27 - 2013-12-16 06:05 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1810487531 2014-01-03 07:27 - 2013-12-16 06:00 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1810187500 2014-01-03 07:27 - 2013-12-16 05:55 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1809885781 2014-01-03 07:27 - 2013-12-16 05:50 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1809585750 2014-01-03 07:27 - 2013-12-16 05:45 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1809285718 2014-01-03 07:27 - 2013-07-09 10:04 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\is-VE1IA.tmp 2014-01-03 07:27 - 2013-07-09 10:04 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\is-AD5T3.tmp 2014-01-03 07:27 - 2011-11-09 06:36 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1685103292 2014-01-03 07:27 - 2011-08-03 01:53 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1579094263 2014-01-03 07:27 - 2011-08-03 01:48 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1579394309 2014-01-03 07:27 - 2011-08-03 01:43 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1579694356 2014-01-03 07:27 - 2011-08-03 00:58 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1582395184 2014-01-03 07:27 - 2011-08-03 00:53 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1582695231 2014-01-03 07:27 - 2011-08-03 00:48 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1582995278 2014-01-03 07:27 - 2011-02-09 05:15 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\493272000 2014-01-03 07:27 - 2011-02-09 05:10 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\492971984 2014-01-03 07:27 - 2011-02-09 05:05 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\492671968 2014-01-03 07:27 - 2011-02-09 05:00 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\492371937 2014-01-03 07:27 - 2011-02-09 04:55 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\492071921 2014-01-03 07:27 - 2011-02-09 04:50 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\491771906 2014-01-03 07:27 - 2011-02-09 04:45 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\491471890 2014-01-03 07:27 - 2011-02-09 04:40 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\491171875 2014-01-03 07:27 - 2010-11-16 07:01 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-321698905 2014-01-03 07:27 - 2010-11-16 06:56 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-321999046 2014-01-03 07:27 - 2010-11-16 06:51 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-322299077 2014-01-03 07:27 - 2010-11-16 06:45 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-322600796 2014-01-03 07:27 - 2010-11-01 14:50 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1589475358 2014-01-03 07:27 - 2010-11-01 14:45 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1589775389 2014-01-03 07:27 - 2010-11-01 14:40 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1590075421 2014-01-03 07:27 - 2010-11-01 14:35 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1590375452 2014-01-03 07:27 - 2010-08-11 06:29 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\WERc152.dir00 2014-01-03 07:27 - 2010-08-11 06:13 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\WERb158.dir00 2014-01-02 08:22 - 2014-01-02 08:18 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2 2014-01-02 08:19 - 2014-01-02 08:19 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job 2013-12-29 03:00 - 2013-12-29 03:00 - 00008365 _____ C:\WINDOWS\KB2510531-IE8.log 2013-12-27 16:24 - 2008-04-03 10:50 - 00000803 _____ C:\Documents and Settings\Administrator.DOMAIN\Start Menu\Programs\Internet Explorer.lnk 2013-12-27 16:24 - 2008-04-02 12:09 - 00316640 ____C C:\WINDOWS\WMSysPr9.prx 2013-12-27 16:23 - 2013-12-27 16:23 - 00000000 __SHD C:\Documents and Settings\Administrator.DOMAIN\IETldCache 2013-12-27 16:22 - 2008-04-02 12:06 - 00003122 ____C C:\WINDOWS\DtcInstall.log 2013-12-27 16:19 - 2009-01-09 16:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB949014$ 2013-12-27 16:19 - 2008-04-02 04:40 - 00099848 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-12-27 16:19 - 2008-04-02 04:32 - 00000000 ____D C:\WINDOWS\Media 2013-12-27 15:57 - 2013-12-27 15:56 - 00085072 _____ C:\WINDOWS\KB2834886.log 2013-12-27 15:56 - 2013-12-27 15:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$ 2013-12-27 15:53 - 2013-12-27 15:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$ 2013-12-27 15:53 - 2013-12-27 11:54 - 00092793 _____ C:\WINDOWS\KB2847311.log 2013-12-27 15:52 - 2013-12-27 15:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$ 2013-12-27 15:46 - 2013-12-27 15:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$ 2013-12-27 15:46 - 2013-12-27 11:54 - 00092858 _____ C:\WINDOWS\KB2868626.log 2013-12-27 15:45 - 2013-12-27 15:45 - 00083601 _____ C:\WINDOWS\KB2900986.log 2013-12-27 15:45 - 2013-12-27 15:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$ 2013-12-27 15:45 - 2013-12-27 15:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$ 2013-12-27 15:45 - 2013-12-27 11:53 - 00094076 _____ C:\WINDOWS\KB2820917.log 2013-12-27 15:44 - 2013-12-27 15:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$ 2013-12-27 15:44 - 2013-12-27 11:53 - 00171193 _____ C:\WINDOWS\KB2898785-IE7.log 2013-12-27 15:44 - 2008-04-03 16:57 - 00000000 ____D C:\WINDOWS\ie7updates 2013-12-27 15:43 - 2013-12-27 15:43 - 00086506 _____ C:\WINDOWS\KB2698365.log 2013-12-27 15:43 - 2013-12-27 15:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$ 2013-12-27 15:42 - 2013-12-27 15:42 - 00001105 _____ C:\WINDOWS\KB2779562.log 2013-12-27 15:42 - 2013-12-27 15:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2772930$ 2013-12-27 15:42 - 2008-04-03 10:42 - 00380792 ____C C:\WINDOWS\system32\TZLog.log 2013-12-27 15:37 - 2013-12-27 15:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892076$ 2013-12-27 15:37 - 2013-12-27 15:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$ 2013-12-27 15:37 - 2013-12-27 11:53 - 00092355 _____ C:\WINDOWS\KB2712808.log 2013-12-27 15:37 - 2013-12-27 11:53 - 00090632 _____ C:\WINDOWS\KB2892076.log 2013-12-27 15:36 - 2013-12-27 15:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$ 2013-12-27 15:36 - 2013-12-27 11:53 - 00091841 _____ C:\WINDOWS\KB2727528.log 2013-12-27 15:36 - 2013-12-27 11:53 - 00089518 _____ C:\WINDOWS\KB2845187.log 2013-12-27 15:35 - 2013-12-27 15:35 - 00556862 _____ C:\WINDOWS\msxml6-KB2758696-enu-x86.LOG 2013-12-27 15:35 - 2013-12-27 15:35 - 00085261 _____ C:\WINDOWS\KB2748349.log 2013-12-27 15:35 - 2013-12-27 15:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2748349$ 2013-12-27 15:35 - 2013-12-27 15:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$ 2013-12-27 15:32 - 2013-12-27 15:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$ 2013-12-27 15:32 - 2013-12-27 11:53 - 00092211 _____ C:\WINDOWS\KB2749655.log 2013-12-27 15:31 - 2013-12-27 15:30 - 00082140 _____ C:\WINDOWS\KB2868038.log 2013-12-27 15:30 - 2013-12-27 15:30 - 00084474 _____ C:\WINDOWS\KB2685939.log 2013-12-27 15:30 - 2013-12-27 15:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$ 2013-12-27 15:30 - 2013-12-27 15:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2685939$ 2013-12-27 15:30 - 2013-12-27 11:53 - 00089064 _____ C:\WINDOWS\KB2803821-v2.log 2013-12-27 15:29 - 2013-12-27 15:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2803821-v2$ 2013-12-27 15:29 - 2013-12-27 15:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$ 2013-12-27 15:29 - 2013-12-27 11:52 - 00091672 _____ C:\WINDOWS\KB2691442.log 2013-12-27 15:28 - 2013-12-27 15:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$ 2013-12-27 15:28 - 2013-12-27 11:52 - 00091439 _____ C:\WINDOWS\KB2705219-v2.log 2013-12-27 15:28 - 2013-12-27 11:52 - 00088080 _____ C:\WINDOWS\KB2850869.log 2013-12-27 15:27 - 2013-12-27 15:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$ 2013-12-27 15:27 - 2013-12-27 15:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2705219-v2$ 2013-12-27 15:27 - 2013-12-27 15:26 - 00080809 _____ C:\WINDOWS\KB2862335.log 2013-12-27 15:27 - 2013-12-27 11:52 - 00087597 _____ C:\WINDOWS\KB2893294.log 2013-12-27 15:26 - 2013-12-27 15:26 - 00083330 _____ C:\WINDOWS\KB2807986.log 2013-12-27 15:26 - 2013-12-27 15:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$ 2013-12-27 15:26 - 2013-12-27 15:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$ 2013-12-27 15:22 - 2013-12-27 15:21 - 00088738 _____ C:\WINDOWS\KB2898785-IE8.log 2013-12-27 15:22 - 2010-03-04 07:59 - 00075923 ____C C:\WINDOWS\ie8_main.log 2013-12-27 15:21 - 2013-12-27 15:20 - 00090003 _____ C:\WINDOWS\KB2862772-IE8.log 2013-12-27 15:20 - 2013-12-27 15:19 - 00093671 _____ C:\WINDOWS\KB2744842-IE8.log 2013-12-27 15:19 - 2013-12-27 15:18 - 00097310 _____ C:\WINDOWS\KB2618444-IE8.log 2013-12-27 15:18 - 2013-12-27 15:18 - 00087471 _____ C:\WINDOWS\KB2467659.log 2013-12-27 15:18 - 2013-12-27 15:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2467659$ 2013-12-27 15:18 - 2013-12-27 15:17 - 00110337 _____ C:\WINDOWS\KB982381-IE8.log 2013-12-27 15:17 - 2013-12-27 15:16 - 00101093 _____ C:\WINDOWS\KB982632-IE8.log 2013-12-27 15:16 - 2013-12-27 15:13 - 00099011 _____ C:\WINDOWS\ie8.log 2013-12-27 15:16 - 2013-12-27 15:13 - 00000000 __HDC C:\WINDOWS\ie8 2013-12-27 14:05 - 2013-12-27 11:51 - 00025055 _____ C:\WINDOWS\KB2758857.log 2013-12-27 14:04 - 2013-12-27 14:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$ 2013-12-27 14:04 - 2013-12-27 14:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$ 2013-12-27 14:04 - 2013-12-27 11:51 - 00022194 _____ C:\WINDOWS\KB2893984.log 2013-12-27 14:04 - 2013-12-27 11:51 - 00021710 _____ C:\WINDOWS\KB2876217.log 2013-12-27 14:03 - 2013-12-27 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$ 2013-12-27 13:56 - 2013-12-27 13:52 - 00018509 _____ C:\WINDOWS\KB2742604.log 2013-12-27 13:53 - 2013-12-27 13:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2742604$ 2013-12-27 13:46 - 2013-12-27 11:50 - 00023869 _____ C:\WINDOWS\KB2655992.log 2013-12-27 13:45 - 2013-12-27 13:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2655992$ 2013-12-27 13:45 - 2013-12-27 11:50 - 00023130 _____ C:\WINDOWS\KB2859537.log 2013-12-27 13:44 - 2013-12-27 13:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$ 2013-12-27 13:43 - 2013-12-27 13:42 - 00011209 _____ C:\WINDOWS\KB2864058.log 2013-12-27 13:42 - 2013-12-27 13:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864058$ 2013-12-27 13:42 - 2013-12-27 11:49 - 00017934 _____ C:\WINDOWS\KB2898715.log 2013-12-27 13:41 - 2013-12-27 13:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$ 2013-12-27 13:40 - 2013-12-27 11:49 - 00016929 _____ C:\WINDOWS\KB2862152.log 2013-12-27 13:39 - 2013-12-27 13:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$ 2013-12-27 13:38 - 2013-12-27 13:34 - 00013724 _____ C:\WINDOWS\KB2833949.log 2013-12-27 13:36 - 2013-12-27 13:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2833949$ 2013-12-27 13:34 - 2013-12-27 11:49 - 00016314 _____ C:\WINDOWS\KB2864063.log 2013-12-27 13:33 - 2013-12-27 13:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$ 2013-12-27 13:29 - 2013-12-27 11:49 - 00015916 _____ C:\WINDOWS\KB2876331.log 2013-12-27 13:28 - 2013-12-27 13:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$ 2013-12-27 13:09 - 2010-10-29 15:34 - 00000000 ____D C:\WINDOWS\system32\XPSViewer 2013-12-27 13:02 - 2013-12-27 13:01 - 00008363 _____ C:\WINDOWS\KB2904266.log 2013-12-27 13:01 - 2013-12-27 13:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$ 2013-12-27 13:00 - 2013-12-27 11:48 - 00017683 _____ C:\WINDOWS\KB2719985.log 2013-12-27 12:59 - 2013-12-27 12:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$ 2013-12-27 12:43 - 2013-12-27 11:47 - 00016772 _____ C:\WINDOWS\KB2780091.log 2013-12-27 12:41 - 2013-12-27 12:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$ 2013-12-27 11:24 - 2008-04-02 15:01 - 00580379 ____C C:\WINDOWS\svcpack.log 2013-12-27 11:18 - 2008-04-02 12:04 - 00000546 ____C C:\WINDOWS\cmsetacl.log 2013-12-27 11:17 - 2008-04-02 15:08 - 00000000 ____D C:\Program Files\cmak 2013-12-27 11:17 - 2008-04-02 15:02 - 24485888 ____C C:\WINDOWS\system32\config\software.sp 2013-12-27 11:17 - 2008-04-02 12:05 - 00000000 ____D C:\WINDOWS\Cluster 2013-12-27 11:16 - 2008-04-02 15:02 - 05009408 ____C C:\WINDOWS\system32\config\system.sp 2013-12-27 11:16 - 2008-04-02 15:02 - 00000000 ____D C:\WINDOWS\PolicyBackup ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2008-04-02 15:05] - [2007-02-17 02:58] - 1053184 ____A (Microsoft Corporation) A26C39540F8BE3729846E360E2C57344 C:\Windows\System32\winlogon.exe [2008-04-02 15:05] - [2007-02-17 04:09] - 0528384 ____A (Microsoft Corporation) B4AA8AE0F18E5DFCF99A671A181D3EDC C:\Windows\System32\svchost.exe [2008-04-02 15:05] - [2007-02-17 04:04] - 0014848 ____A (Microsoft Corporation) C09CCFE81DEC9B162533D7184D705682 C:\Windows\System32\services.exe [2008-04-02 04:28] - [2009-02-03 05:07] - 0113152 ____A (Microsoft Corporation) CF500580CDD83B145646A4DCFCE1CF3C C:\Windows\System32\User32.dll [2008-04-03 09:53] - [2007-03-02 00:38] - 0583680 ____A (Microsoft Corporation) 1959150096B010BA953A78B0D6B0B4E4 C:\Windows\System32\userinit.exe [2008-04-02 04:29] - [2007-02-17 04:07] - 0026112 ____A (Microsoft Corporation) B5FEB3B971A8B8C81CE9DE65031A87E5 C:\Windows\System32\rpcss.dll [2009-04-16 22:35] - [2009-02-09 05:02] - 0486912 ____A (Microsoft Corporation) 305A8757D66B5D416B47C497C27A01FE ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys [2008-04-02 04:29] - [2012-08-21 06:56] - 0153600 ____A (Microsoft Corporation) 701D86EC9D221F68C8528CC47D3958E6 C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!. ==================== End Of Log ============================

here is my copy and paste of FRST.txt Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2014 Ran by administrator (administrator) on XXXXXX on 21-01-2014 14:59:47 Running from C:\Documents and Settings\Administrator.DOMAIN\Desktop Microsoft® Windows® Server 2003, Standard Edition Service Pack 2 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) =================== (Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (iAnywhere Solutions, Inc.) C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv9.exe (Symantec Corporation) C:\Program Files\Symantec\Backup Exec\beremote.exe (Microsoft Corporation) C:\WINDOWS\system32\certsrv.exe (Microsoft Corporation) C:\WINDOWS\system32\dfssvc.exe (Microsoft Corporation) C:\WINDOWS\system32\dns.exe () C:\Program Files\Hewlett-Packard\HP LTT Service\NotificationClient.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP LTT Service\hp_taserv.exe () C:\Program Files\Hewlett-Packard\HP LTT Service\LttWebService.exe (Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation) C:\WINDOWS\system32\ismserv.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Microsoft Corporation) C:\WINDOWS\system32\llssrv.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\WINDOWS\system32\ntfrs.exe (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (PrintFleet Inc) C:\Program Files\Printer DCA\PrinterDCA.Service.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Microsoft Corporation) C:\WINDOWS\system32\snmp.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Hewlett-Packard Company) C:\WINDOWS\system32\sysdown.exe (Microsoft Corporation) C:\WINDOWS\system32\lserver.exe (Microsoft Corporation) C:\WINDOWS\system32\wins.exe (Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation) E:\Program Files\Exchsrvr\bin\exmgmt.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe (Microsoft Corporation) C:\WINDOWS\system32\inetsrv\w3wp.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE (Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin\GFValidate.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe (Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk2008\PerfectDisk.exe (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.) HKLM\...\Winlogon: [uIHost] %SystemRoot%\system32\logonui.exe [x ] () Winlogon\Notify\AtiExtEvent: Ati2evxx.dll [X] Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.) Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [showSuperHidden] 1 HKLM\...\Command Processor: <======= ATTENTION HKCU\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [39264 2007-03-13] (Microsoft Corporation) HKU\BEAdmin\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [ 2006-03-22] (Microsoft Corporation) HKU\Default User\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [ 2006-03-22] (Microsoft Corporation) Lsa: [Notification Packages] RASSFM KDCSVC WDIGEST scecli SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, pwdssp.dll ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM - DefaultScope value is missing. BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: hpapp\Apps - No CLSID Value - ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll [256000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll" Hosts: 127.0.0.1 localhost Tcpip\..\Interfaces\{0584FE11-21AD-400C-A2A6-807BCAAA6FEE}: [NameServer]192.168.100.20 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator.DOMAIN\Application Data\Mozilla\Firefox\Profiles\9g63unzy.default FF Homepage: google.com FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Administrator.DOMAIN\Application Data\Mozilla\Firefox\Profiles\9g63unzy.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-10-02] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] ========================== Services (Whitelisted) ================= R2 ASANYs_sem5; C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv9.exe [73728 2006-12-28] (iAnywhere Solutions, Inc.) S4 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [238968 2008-02-21] (Symantec Corporation) R2 BackupExecAgentAccelerator; C:\Program Files\Symantec\Backup Exec\beremote.exe [840008 2010-06-04] (Symantec Corporation) S2 BackupExecAgentBrowser; C:\Program Files\Symantec\Backup Exec\benetns.exe [241992 2009-01-22] (Symantec Corporation) S2 BackupExecDeviceMediaService; C:\Program Files\Symantec\Backup Exec\pvlsvr.exe [1259336 2009-01-22] (Symantec Corporation) S2 BackupExecJobEngine; C:\Program Files\Symantec\Backup Exec\bengine.exe [3291464 2010-06-04] (Symantec Corporation) S2 BackupExecRPCService; C:\Program Files\Symantec\Backup Exec\beserver.exe [6313800 2010-06-04] (Symantec Corporation) R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2008-04-09] (Symantec Corporation) R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2008-04-09] (Symantec Corporation) R2 CertSvc; C:\WINDOWS\system32\certsrv.exe [316416 2007-02-17] (Microsoft Corporation) R2 Dfs; C:\Windows\system32\Dfssvc.exe [164864 2007-02-17] (Microsoft Corporation) R2 DHCPServer; C:\Windows\system32\tcpsvcs.exe [21504 2006-03-22] (Microsoft Corporation) R2 DNS; C:\Windows\System32\dns.exe [450560 2012-01-30] (Microsoft Corporation) R2 HP LTT Notification Service; C:\Program Files\Hewlett-Packard\HP LTT Service\NotificationClient.exe [21304 2013-07-25] () R2 HP LTT Service; C:\Program Files\Hewlett-Packard\HP LTT Service\hp_taserv.exe [1108376 2013-07-25] (Hewlett-Packard) R2 HP LTT Web Service; C:\Program Files\Hewlett-Packard\HP LTT Service\LttWebService.exe [156472 2013-07-25] () R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [14336 2007-02-17] (Microsoft Corporation) R2 IsmServ; C:\Windows\System32\ismserv.exe [40448 2007-02-17] (Microsoft Corporation) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-11-26] (Oracle Corporation) R2 kdc; C:\Windows\System32\lsass.exe [13312 2006-03-22] (Microsoft Corporation) R2 LicenseService; C:\Windows\System32\llssrv.exe [94720 2007-02-18] (Microsoft Corporation) S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3220856 2008-02-21] (Symantec Corporation) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MSExchangeMGMT; E:\Program Files\Exchsrvr\bin\exmgmt.exe [3217408 2005-08-25] (Microsoft Corporation) S2 MSSQL$BKUPEXEC; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation) R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) R2 NtFrs; C:\Windows\system32\ntfrs.exe [792064 2007-02-17] (Microsoft Corporation) R2 PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [693512 2008-12-31] (Raxco Software, Inc.) R3 PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [910600 2008-12-31] (Raxco Software, Inc.) S3 PD91VMDefrag; C:\Program Files\Raxco\PerfectDisk2008\PD91VMDefrag.exe [226568 2008-02-29] (Raxco Software, Inc.) R2 Printer DCA; C:\Program Files\Printer DCA\PrinterDCA.Service.exe [71424 2010-12-22] (PrintFleet Inc) S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [67072 2007-02-17] (Microsoft Corporation) S3 sacsvr; C:\Windows\system32\sacsvr.dll [12288 2006-03-22] (Microsoft Corporation) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.) R2 semsrv; C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe [234944 2008-02-23] (Symantec Corporation) R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2569600 2008-04-09] (Symantec Corporation) S3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [234888 2008-04-09] (Symantec Corporation) R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2189240 2008-04-09] (Symantec Corporation) R2 sysdown; C:\Windows\system32\sysdown.exe [6656 2007-07-16] (Hewlett-Packard Company) R2 TermServLicensing; C:\Windows\system32\lserver.exe [349696 2007-02-17] (Microsoft Corporation) S4 TrkSvr; C:\Windows\system32\trksvr.dll [50688 2006-03-22] (Microsoft Corporation) S4 Tssdis; C:\Windows\System32\tssdis.exe [71168 2007-02-17] (Microsoft Corporation) R2 WINS; C:\Windows\System32\wins.exe [158720 2011-08-10] (Microsoft Corporation) R2 Eventlog; [x] S3 WinHttpAutoProxySvc; winhttp.dll [x] ==================== Drivers (Whitelisted) ==================== S4 ClusDisk; C:\Windows\System32\DRIVERS\ClusDisk.sys [69120 2007-02-17] (Microsoft Corporation) R3 CpqCiDrv; C:\Windows\System32\DRIVERS\cpqcidrv.sys [35888 2007-06-22] (Hewlett-Packard Company) S3 CPQTeam; C:\Windows\System32\DRIVERS\cpqteam.sys [214016 2007-08-30] (Hewlett-Packard Company) R2 DefragFS; C:\Windows\System32\Drivers\DefragFS.sys [71184 2009-01-05] (Raxco Software, Inc.) R0 DfsDriver; C:\Windows\System32\drivers\Dfs.sys [34816 2007-02-17] (Microsoft Corporation) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-17] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-17] (Symantec Corporation) S1 halfinchVRTS; C:\Windows\System32\DRIVERS\halfinch.sys [39472 2007-07-27] (Symantec Corporation) R0 HpCISSs2; C:\Windows\System32\drivers\HpCISSs2.sys [65072 2007-06-21] (Hewlett-Packard Company) S3 hplto; C:\Windows\System32\DRIVERS\hplto.sys [16384 2013-03-22] (Hewlett-Packard) R3 hpqilo2; C:\Windows\System32\DRIVERS\hpqilo2.sys [117248 2007-07-16] (Hewlett-Packard Company) S3 hptapefltr; C:\Windows\System32\DRIVERS\hptapefltr.sys [35592 2010-07-20] (Hewlett-Packard) R3 l2nd; C:\Windows\System32\DRIVERS\bxnd52x.sys [50176 2007-06-04] (Broadcom Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140119.019\NAVENG.SYS [93272 2013-12-17] (Symantec Corporation) R3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140119.019\NAVEX15.SYS [1612376 2013-12-17] (Symantec Corporation) R1 SCSIChanger; C:\Windows\System32\DRIVERS\scsichng.sys [20272 2007-08-23] (Symantec Corporation) R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [418864 2008-04-09] (Symantec Corporation) R1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2008-04-09] (Symantec Corporation) S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2008-04-09] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2008-04-09] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [136496 2014-01-03] (Symantec Corporation) R0 symmpi; C:\Windows\System32\DRIVERS\symmpi.sys [49664 2005-03-24] (LSI Logic) S3 tpfilter; C:\Windows\System32\DRIVERS\tpfilter.sys [32688 2008-01-18] (Symantec Corporation) R3 VirtFile; C:\Windows\System32\DRIVERS\VirtFile.sys [40240 2010-06-04] (Symantec Corporation) R2 WGX; C:\Windows\System32\Drivers\WGX.SYS [38248 2008-04-09] (Symantec Corporation) S3 WLBS; C:\Windows\System32\DRIVERS\wlbs.sys [169984 2007-02-17] (Microsoft Corporation) S4 adpu320; No ImagePath S4 afcnt; No ImagePath S4 cpqarry2; No ImagePath S4 cpqcissm; No ImagePath S4 cpqfcalm; No ImagePath S4 dellcerc; No ImagePath S4 elxstor; No ImagePath S4 hpt3xx; No ImagePath S4 iirsp; No ImagePath S4 IntelIde; No ImagePath S3 IpInIp; system32\DRIVERS\ipinip.sys [x] S4 ipsraidn; No ImagePath U3 LicenseInfo; No ImagePath S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [x] S4 LMIRfsClientNP; No ImagePath S4 lp6nds35; No ImagePath S4 nfrd960; No ImagePath S4 ql2100; No ImagePath S4 ql2200; No ImagePath S4 ql2300; No ImagePath U5 sacdrv; C:\Windows\System32\Drivers\sacdrv.sys [72704 2007-02-17] (Microsoft Corporation) U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [105472 2007-02-17] (Microsoft Corporation) U5 Tape; C:\Windows\System32\Drivers\Tape.sys [22528 2007-02-17] (Microsoft Corporation) U3 TrueSight; \??\ [x] S4 vsdatant; a [x] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== NETSVC: Sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation) NETSVC: TrkSvr -> C:\Windows\system32\trksvr.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2014-01-21 14:59 - 2014-01-21 15:00 - 00017367 _____ C:\Documents and Settings\Administrator.DOMAIN\Desktop\FRST.txt 2014-01-21 14:58 - 2014-01-21 14:58 - 00000000 ____D C:\FRST 2014-01-21 14:58 - 2014-01-21 14:55 - 01222144 _____ (Farbar) C:\Documents and Settings\Administrator.DOMAIN\Desktop\FRST.exe 2014-01-21 12:26 - 2014-01-21 15:01 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1 2014-01-18 03:03 - 2014-01-18 03:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB963093$ 2014-01-18 03:02 - 2014-01-18 03:03 - 00125954 _____ C:\WINDOWS\KB963093.log 2014-01-18 03:01 - 2014-01-18 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$ 2014-01-17 18:42 - 2014-01-18 03:01 - 00014475 _____ C:\WINDOWS\KB2813345.log 2014-01-17 13:07 - 2014-01-17 13:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$ 2014-01-17 13:04 - 2014-01-17 13:04 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_190451_703.txt 2014-01-17 13:03 - 2014-01-17 13:06 - 03366632 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939v3_20140117_125914558-Microsoft .NET Framework 4 Extended-MSP1.txt 2014-01-17 12:59 - 2014-01-17 13:06 - 00068410 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939v3_20140117_125914558.html 2014-01-17 12:59 - 2014-01-17 13:03 - 10854738 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939v3_20140117_125914558-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 12:59 - 2014-01-17 12:59 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939v3_10.0.30319 2014-01-17 12:57 - 2014-01-17 12:57 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00009.log 2014-01-17 12:56 - 2014-01-17 12:56 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_185650_905.txt 2014-01-17 12:55 - 2014-01-17 12:58 - 03182994 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2858302v2_20140117_125038090-Microsoft .NET Framework 4 Extended-MSP1.txt 2014-01-17 12:50 - 2014-01-17 12:58 - 00068536 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2858302v2_20140117_125038090.html 2014-01-17 12:50 - 2014-01-17 12:55 - 10431726 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2858302v2_20140117_125038090-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 12:50 - 2014-01-17 12:50 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2858302v2_10.0.30319 2014-01-17 12:45 - 2014-01-17 12:50 - 09971648 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2861188_20140117_124507791-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 12:45 - 2014-01-17 12:50 - 00065446 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2861188_20140117_124507791.html 2014-01-17 12:45 - 2014-01-17 12:45 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2861188_10.0.30319 2014-01-17 12:43 - 2014-01-17 12:44 - 00013701 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00008.log 2014-01-17 12:39 - 2014-01-17 12:44 - 14785174 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2836941_20140117_183951873-Msi0.txt 2014-01-17 12:39 - 2014-01-17 12:44 - 00500794 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2836941_20140117_183951873.html 2014-01-17 12:33 - 2014-01-17 12:39 - 09655324 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2840628v2_20140117_123339027-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 12:33 - 2014-01-17 12:39 - 00065638 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2840628v2_20140117_123339027.html 2014-01-17 12:33 - 2014-01-17 12:33 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2840628v2_10.0.30319 2014-01-17 12:26 - 2014-01-17 12:33 - 09205346 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2835393_20140117_122653306-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 12:26 - 2014-01-17 12:33 - 00065622 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2835393_20140117_122653306.html 2014-01-17 12:26 - 2014-01-17 12:26 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2835393_10.0.30319 2014-01-17 12:25 - 2014-01-17 12:25 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00007.log 2014-01-17 12:24 - 2014-01-17 12:24 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_182442_113.txt 2014-01-17 12:23 - 2014-01-17 12:26 - 02955992 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939_20140117_121931496-Microsoft .NET Framework 4 Extended-MSP1.txt 2014-01-17 12:19 - 2014-01-17 12:26 - 00068992 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939_20140117_121931496.html 2014-01-17 12:19 - 2014-01-17 12:23 - 08713432 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939_20140117_121931496-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 12:19 - 2014-01-17 12:19 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939_10.0.30319 2014-01-17 12:14 - 2014-01-17 12:19 - 08293086 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2789642_20140117_121438244-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 12:14 - 2014-01-17 12:19 - 00065284 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2789642_20140117_121438244.html 2014-01-17 12:14 - 2014-01-17 12:14 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2789642_10.0.30319 2014-01-17 12:13 - 2014-01-17 12:13 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00006.log 2014-01-17 12:12 - 2014-01-17 12:12 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_181239_775.txt 2014-01-17 12:11 - 2014-01-17 12:14 - 02721352 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2736428_20140117_120729091-Microsoft .NET Framework 4 Extended-MSP1.txt 2014-01-17 12:07 - 2014-01-17 12:14 - 00062058 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2736428_20140117_120729091.html 2014-01-17 12:07 - 2014-01-17 12:11 - 07861306 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2736428_20140117_120729091-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 12:07 - 2014-01-17 12:07 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2736428_10.0.30319 2014-01-17 12:05 - 2014-01-17 12:06 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00005.log 2014-01-17 12:05 - 2014-01-17 12:05 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_180520_890.txt 2014-01-17 12:04 - 2014-01-17 12:07 - 02527842 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2742595_20140117_115831122-Microsoft .NET Framework 4 Extended-MSP1.txt 2014-01-17 11:58 - 2014-01-17 12:07 - 00061978 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2742595_20140117_115831122.html 2014-01-17 11:58 - 2014-01-17 12:04 - 07573974 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2742595_20140117_115831122-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 11:58 - 2014-01-17 11:58 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2742595_10.0.30319 2014-01-17 11:52 - 2014-01-17 11:58 - 07169322 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2729449_20140117_115244104-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 11:52 - 2014-01-17 11:58 - 00059476 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2729449_20140117_115244104.html 2014-01-17 11:52 - 2014-01-17 11:52 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2729449_10.0.30319 2014-01-17 11:47 - 2014-01-17 11:52 - 06771040 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2737019_20140117_114717408-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 11:47 - 2014-01-17 11:52 - 00059140 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2737019_20140117_114717408.html 2014-01-17 11:47 - 2014-01-17 11:47 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2737019_10.0.30319 2014-01-17 11:46 - 2014-01-18 03:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2014-01-17 11:46 - 2014-01-17 11:46 - 01043234 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SilverlightMSI.log 2014-01-17 11:38 - 2014-01-17 11:45 - 06452408 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2604121_20140117_113841343-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 11:38 - 2014-01-17 11:45 - 00059914 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2604121_20140117_113841343.html 2014-01-17 11:38 - 2014-01-17 11:38 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2604121_10.0.30319 2014-01-17 11:37 - 2014-01-17 11:37 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQLBF9.mft 2014-01-17 11:33 - 2014-01-17 11:34 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00004.log 2014-01-17 11:33 - 2014-01-17 11:33 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_173322_569.txt 2014-01-17 11:30 - 2014-01-17 11:35 - 02348240 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2600217_20140117_112425337-Microsoft .NET Framework 4 Extended-MSP1.txt 2014-01-17 11:24 - 2014-01-17 11:35 - 00062488 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2600217_20140117_112425337.html 2014-01-17 11:24 - 2014-01-17 11:30 - 06005988 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2600217_20140117_112425337-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 11:24 - 2014-01-17 11:24 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2600217_10.0.30319 2014-01-17 11:22 - 2014-01-17 11:24 - 00011290 _____ C:\WINDOWS\KB2632503-IE8.log 2014-01-17 11:20 - 2014-01-17 11:20 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00003.log 2014-01-17 11:19 - 2014-01-17 11:19 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_171956_835.txt 2014-01-17 11:18 - 2014-01-17 11:22 - 02128980 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2468871v2_20140117_110959222-Microsoft .NET Framework 4 Extended-MSP1.txt 2014-01-17 11:10 - 2014-01-17 11:18 - 05647328 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2468871v2_20140117_110959222-Microsoft .NET Framework 4 Client Profile-MSP0.txt 2014-01-17 11:09 - 2014-01-17 11:22 - 00058512 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2468871v2_20140117_110959222.html 2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2468871v2_10.0.30319 2014-01-17 11:03 - 2014-01-17 11:09 - 05211426 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2533523_20140117_105636110-Microsoft .NET Framework 4 Client Profile-MSP1.txt 2014-01-17 10:58 - 2014-01-17 10:58 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00002.log 2014-01-17 10:57 - 2014-01-17 10:57 - 00003752 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_165732_063.txt 2014-01-17 10:56 - 2014-01-17 11:09 - 00058482 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2533523_20140117_105636110.html 2014-01-17 10:56 - 2014-01-17 11:03 - 02008886 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2533523_20140117_105636110-Microsoft .NET Framework 4 Extended-MSP0.txt 2014-01-17 10:56 - 2014-01-17 10:56 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2533523_10.0.30319 2014-01-17 10:53 - 2014-01-17 10:54 - 00014110 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00001.log 2014-01-17 10:53 - 2014-01-17 10:53 - 00003752 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_165325_923.txt 2014-01-17 10:52 - 2014-01-17 12:59 - 00069339 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_clwireg.txt 2014-01-17 10:52 - 2014-01-17 10:56 - 01729794 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2487367_20140117_105231032-Microsoft .NET Framework 4 Extended-MSP0.txt 2014-01-17 10:52 - 2014-01-17 10:56 - 00055262 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2487367_20140117_105231032.html 2014-01-17 10:52 - 2014-01-17 10:52 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2487367_10.0.30319 2014-01-17 10:51 - 2014-01-17 10:52 - 00011111 _____ C:\WINDOWS\KB2492386.log 2014-01-17 10:51 - 2014-01-17 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$ 2014-01-17 10:50 - 2014-01-17 10:51 - 00011646 _____ C:\WINDOWS\KB2481109.log 2014-01-17 10:50 - 2014-01-17 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2481109$ 2014-01-17 10:48 - 2014-01-17 16:06 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt 2014-01-17 10:48 - 2014-01-17 16:06 - 00065536 _____ C:\WINDOWS\system32\config\FwdEvents.Evt 2014-01-17 10:48 - 2014-01-17 16:06 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt 2014-01-17 10:48 - 2014-01-17 16:06 - 00065536 _____ C:\WINDOWS\system32\config\EventCollector-Operational.Evt 2014-01-17 10:48 - 2014-01-17 10:48 - 00000000 __HDC C:\WINDOWS\$950099Uinstall_KB968930$ 2014-01-17 10:48 - 2014-01-17 10:48 - 00000000 ____D C:\WINDOWS\system32\winrm 2014-01-17 10:48 - 2014-01-17 10:48 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell 2014-01-17 10:48 - 2014-01-17 10:48 - 00000000 ____D C:\WINDOWS\$NtUninstallKB968930$ 2014-01-17 10:47 - 2014-01-17 10:47 - 00006058 _____ C:\WINDOWS\KB943729.log 2014-01-17 10:47 - 2014-01-17 10:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB943729$ 2014-01-17 10:46 - 2014-01-17 10:47 - 00009443 _____ C:\WINDOWS\KB956744.log 2014-01-17 10:46 - 2014-01-17 10:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956744$ 2014-01-17 10:46 - 2014-01-17 10:46 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Application Data\Windows Desktop Search 2014-01-17 10:44 - 2014-01-18 03:03 - 00000000 ____D C:\Program Files\Windows Desktop Search 2014-01-17 10:44 - 2014-01-17 10:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB940157$ 2014-01-17 10:43 - 2014-01-17 10:46 - 00026311 _____ C:\WINDOWS\KB940157.log 2014-01-17 10:43 - 2014-01-17 10:44 - 00005910 _____ C:\WINDOWS\KB915800-v9.log 2014-01-17 10:43 - 2014-01-17 10:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB915800-v9$ 2014-01-17 10:42 - 2014-01-17 13:08 - 00014682 _____ C:\WINDOWS\KB2808679.log 2014-01-17 10:41 - 2011-10-25 10:38 - 00726528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jscript.dll 2014-01-17 10:41 - 2011-10-25 10:38 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2014-01-17 10:40 - 2011-03-11 23:58 - 01364226 ____C C:\WINDOWS\system32\dllcache\sysmain.sdb 2014-01-17 10:40 - 2011-03-11 23:58 - 00735440 ____C C:\WINDOWS\system32\dllcache\msimain.sdb 2014-01-17 10:40 - 2011-03-11 23:57 - 00421376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aclayers.dll 2014-01-17 10:40 - 2011-01-27 11:11 - 00136192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aaclient.dll 2014-01-17 10:40 - 2011-01-27 11:11 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tsgqec.dll 2014-01-17 10:40 - 2010-12-22 04:53 - 00677888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstsc.exe 2014-01-17 10:04 - 2014-01-17 10:06 - 02095678 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 4 Setup_20140117_095936614-MSI_netfx_Extended_x86.msi.txt 2014-01-17 10:04 - 2014-01-17 10:04 - 00003752 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_160436_255.txt 2014-01-17 09:59 - 2014-01-17 10:06 - 00680390 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 4 Setup_20140117_095936614.html 2014-01-17 09:59 - 2014-01-17 10:04 - 05029466 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 4 Setup_20140117_095936614-MSI_netfx_Core_x86.msi.txt 2014-01-17 09:59 - 2014-01-17 09:59 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 4 Setup_4.0.30319 2014-01-17 09:36 - 2014-01-17 09:37 - 00017392 _____ C:\WINDOWS\KB925876.log 2014-01-17 09:36 - 2014-01-17 09:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB925876$ 2014-01-17 09:34 - 2014-01-17 09:34 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL21E.mft 2014-01-17 08:11 - 2014-01-17 08:11 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL65.mft 2014-01-17 08:04 - 2014-01-17 08:04 - 00000000 __SHD C:\Documents and Settings\Administrator.DOMAIN\IECompatCache 2014-01-17 07:34 - 2014-01-17 07:34 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\2 2014-01-16 08:55 - 2014-01-16 08:55 - 00000705 _____ C:\Documents and Settings\Administrator.DOMAIN\Desktop\Shortcut to scripts.lnk 2014-01-15 03:05 - 2014-01-15 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$ 2014-01-15 03:04 - 2014-01-15 03:06 - 00005891 _____ C:\WINDOWS\KB2914368.log 2014-01-09 07:23 - 2014-01-09 07:23 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL129.mft 2014-01-08 15:32 - 2014-01-08 15:32 - 00000451 ____T C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\CCI24.tmp 2014-01-08 15:32 - 2014-01-08 15:32 - 00000451 ____T C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\CCI23.tmp 2014-01-08 15:32 - 2014-01-08 15:32 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\PJBPFSPW 2014-01-08 15:14 - 2014-01-08 15:15 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\WERcac1.dir00 2014-01-08 12:21 - 2014-01-08 12:21 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL16.mft 2014-01-08 11:27 - 2014-01-08 11:23 - 01233962 _____ C:\Documents and Settings\Administrator.DOMAIN\Desktop\adwcleaner.exe 2014-01-08 09:37 - 2014-01-08 09:37 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL78.mft 2014-01-08 08:21 - 2014-01-08 08:21 - 00000004 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\AST_INSTALL.TMP 2014-01-08 08:15 - 2014-01-08 08:32 - 00000000 ____D C:\Program Files\Anvisoft 2014-01-08 08:15 - 2014-01-08 08:15 - 00000004 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\AUD_INSTALL.TMP 2014-01-08 07:49 - 2014-01-08 07:49 - 00000848 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MSI570a9.LOG 2014-01-08 07:48 - 2014-01-08 07:49 - 00000876 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MSI570a8.LOG 2014-01-08 07:48 - 2014-01-08 07:48 - 00000866 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MSI570a7.LOG 2014-01-08 07:36 - 2014-01-08 07:36 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQLF9.mft 2014-01-08 07:18 - 2014-01-08 07:18 - 00000036 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\UMI_ERRORS.TXT 2014-01-08 05:55 - 2014-01-08 05:59 - 00000178 ___SH C:\Documents and Settings\mjc\ntuser.ini 2014-01-08 05:55 - 2014-01-08 05:59 - 00000000 ____D C:\Documents and Settings\mjc 2014-01-08 05:55 - 2014-01-08 05:55 - 00000803 _____ C:\Documents and Settings\mjc\Start Menu\Programs\Internet Explorer.lnk 2014-01-08 05:55 - 2014-01-08 05:55 - 00000738 _____ C:\Documents and Settings\mjc\Start Menu\Programs\Outlook Express.lnk 2014-01-08 05:55 - 2014-01-08 05:55 - 00000000 __SHD C:\Documents and Settings\mjc\IETldCache 2014-01-08 05:55 - 2014-01-08 05:55 - 00000000 ___RD C:\Documents and Settings\mjc\Start Menu\Programs\Accessories 2014-01-08 05:55 - 2010-06-03 14:29 - 00000000 ____D C:\Documents and Settings\mjc\Application Data\Sharp 2014-01-08 05:55 - 2008-04-02 12:09 - 00001503 _____ C:\Documents and Settings\mjc\Start Menu\Programs\Remote Assistance.lnk 2014-01-08 05:55 - 2008-04-02 04:44 - 00000000 _____ C:\Documents and Settings\mjc\Sti_Trace.log 2014-01-06 15:39 - 2014-01-06 15:39 - 00002014 _____ C:\Documents and Settings\Administrator.DOMAIN\Desktop\HiJackThis.lnk 2014-01-06 15:39 - 2014-01-06 15:39 - 00000000 ____D C:\Program Files\Trend Micro 2014-01-06 15:39 - 2014-01-06 15:39 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Start Menu\Programs\HiJackThis 2014-01-06 12:43 - 2014-01-06 12:43 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL36.mft 2014-01-06 08:23 - 2014-01-06 09:08 - 00001623 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\jusched.log 2014-01-06 08:23 - 2014-01-06 08:23 - 00004162 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\java_install_sp.log 2014-01-06 08:23 - 2014-01-06 08:23 - 00001178 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\jinstall.cfg 2014-01-06 08:13 - 2014-01-06 08:12 - 00700783 _____ (Swearware) C:\Documents and Settings\Administrator.DOMAIN\Desktop\dds+.exe 2014-01-06 07:50 - 2014-01-06 07:50 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL5D.mft 2014-01-05 22:46 - 2014-01-16 05:33 - 02316684 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MLDCN01.DR.TMP 2014-01-05 22:46 - 2014-01-16 05:33 - 00052456 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\asrpnp.sif 2014-01-05 22:46 - 2014-01-16 05:33 - 00003800 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\asr.sif 2014-01-05 18:31 - 2008-04-09 10:57 - 00038248 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\WGX.SYS 2014-01-03 16:11 - 2014-01-03 16:15 - 00492000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdf01000.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\update.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00247360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip6.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wlbs.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00152200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpwd.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00136496 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WimFltr.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00122624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scsiport.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\videoprt.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sacdrv.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\redbook.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00049664 _____ (LSI Logic) C:\WINDOWS\system32\Drivers\symmpi.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00043696 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\srtspx.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00041608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\termdd.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00039984 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\VirtFile.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00032688 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\tpfilter.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00032224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdfldr.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00032128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciidex.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00024200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdtcp.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vgapnp.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vga.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdi.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00020480 _____ (Parallel Technologies, Inc.) C:\WINDOWS\system32\Drivers\ptilink.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\WINDOWS\system32\Drivers\secdrv.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00020272 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SCSICHNG.SYS.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspti.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023x.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00012936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdpipe.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\watchdog.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmilib.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpcdd.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00005760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciide.sys.bak 2014-01-03 16:11 - 2014-01-03 16:15 - 00004736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swenum.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00214016 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\cpqteam.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmio.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ftdisk.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltmgr.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00117248 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\hpqilo2.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00100864 _____ (LSI Logic) C:\WINDOWS\system32\Drivers\lsi_scsi.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipsec.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxg.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00071184 _____ (Raxco Software, Inc.) C:\WINDOWS\system32\Drivers\DefragFS.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00065072 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\HpCISSs2.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00045848 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\LMIRfsDriver.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fips.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\imapi.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00039472 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\halfinch.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpc.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ip6fw.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00035592 _____ (Hewlett-Packard) C:\WINDOWS\system32\Drivers\hptapefltr.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfs.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipfltdrv.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00025472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fdc.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00023552 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\hpcisss.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbatt.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssmbios.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crcdisk.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00016384 _____ (Hewlett-Packard) C:\WINDOWS\system32\Drivers\hplto.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irenum.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxapi.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00010144 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\lmimirr.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmload.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mnmdd.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgthk.sys.bak 2014-01-03 16:10 - 2014-01-03 16:15 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys.bak 2014-01-03 16:10 - 2014-01-03 16:14 - 01431040 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati2mtag.sys.bak 2014-01-03 16:10 - 2014-01-03 16:14 - 00385536 _____ (Broadcom Corporation) C:\WINDOWS\system32\Drivers\bxvbdx.sys.bak 2014-01-03 16:10 - 2014-01-03 16:14 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys.bak 2014-01-03 16:10 - 2014-01-03 16:14 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys.bak 2014-01-03 16:10 - 2014-01-03 16:14 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys.bak 2014-01-03 16:10 - 2014-01-03 16:14 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmarpc.sys.bak 2014-01-03 16:10 - 2014-01-03 16:14 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\classpnp.sys.bak 2014-01-03 16:10 - 2014-01-03 16:14 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys.bak 2014-01-03 16:10 - 2014-01-03 16:14 - 00050176 _____ (Broadcom Corporation) C:\WINDOWS\system32\Drivers\bxnd52x.sys.bak 2014-01-03 16:10 - 2014-01-03 16:14 - 00035888 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\cpqcidrv.sys.bak 2014-01-03 16:10 - 2014-01-03 16:14 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\asyncmac.sys.bak 2014-01-03 16:10 - 2014-01-03 16:14 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\battc.sys.bak 2014-01-03 16:10 - 2014-01-03 16:14 - 00010624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\compbatt.sys.bak 2014-01-03 16:10 - 2014-01-03 16:14 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys.bak 2014-01-03 16:10 - 2014-01-03 16:14 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\audstub.sys.bak 2014-01-03 16:09 - 2011-11-22 10:29 - 00777216 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ntdll_dump.dll 2014-01-03 16:07 - 2014-01-03 16:16 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Desktop\RK_Quarantine 2014-01-03 11:35 - 2014-01-03 11:35 - 00000586 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\srtUnin.log 2014-01-03 11:34 - 2014-01-03 11:35 - 00136496 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2014-01-03 11:34 - 2014-01-03 11:35 - 00060808 _____ (Symantec Corporation) C:\WINDOWS\system32\S32EVNT1.DLL 2014-01-03 11:34 - 2014-01-03 11:35 - 00018748 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SYMEVENT.LOG 2014-01-03 11:34 - 2014-01-03 11:35 - 00010652 _____ C:\WINDOWS\system32\Drivers\SYMEVENT.CAT 2014-01-03 11:33 - 2014-01-03 11:36 - 05347820 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SEP_INST.LOG 2014-01-03 11:31 - 2014-01-03 11:31 - 00000000 __SHD C:\Documents and Settings\Administrator.DOMAIN\PrivacIE 2014-01-03 11:30 - 2014-01-17 08:19 - 00000238 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\JavaDeployReg.log 2014-01-03 11:29 - 2014-01-03 16:16 - 00016221 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\scm-ui.log 2014-01-03 11:29 - 2014-01-03 16:16 - 00002162 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\scm-ui.err 2014-01-03 11:29 - 2014-01-03 11:29 - 00000097 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\sesm.xml 2014-01-03 11:28 - 2014-01-03 11:28 - 00000276 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MSIfcc4f.LOG 2014-01-03 11:25 - 2014-01-03 11:25 - 00376832 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\~DFB56D.tmp 2014-01-03 11:00 - 2014-01-03 11:00 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL5B.mft 2014-01-03 09:08 - 2006-03-22 06:00 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20140103-090803.backup 2014-01-03 07:39 - 2014-01-03 07:40 - 00000000 ____D C:\Program Files\Mozilla Firefox 2014-01-03 07:30 - 2014-01-20 08:03 - 00000971 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dw.log 2014-01-02 08:19 - 2014-01-20 07:58 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job 2014-01-02 08:19 - 2014-01-18 03:09 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt 2014-01-02 08:19 - 2014-01-15 00:30 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2014-01-02 08:19 - 2014-01-02 08:19 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job 2014-01-02 08:18 - 2014-01-02 08:22 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2 2014-01-02 08:18 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe 2013-12-29 03:00 - 2013-12-29 03:00 - 00008365 _____ C:\WINDOWS\KB2510531-IE8.log 2013-12-27 16:23 - 2013-12-27 16:23 - 00000000 __SHD C:\Documents and Settings\Administrator.DOMAIN\IETldCache 2013-12-27 15:56 - 2013-12-27 15:57 - 00085072 _____ C:\WINDOWS\KB2834886.log 2013-12-27 15:56 - 2013-12-27 15:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$ 2013-12-27 15:53 - 2013-12-27 15:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$ 2013-12-27 15:52 - 2013-12-27 15:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$ 2013-12-27 15:46 - 2013-12-27 15:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$ 2013-12-27 15:45 - 2013-12-27 15:45 - 00083601 _____ C:\WINDOWS\KB2900986.log 2013-12-27 15:45 - 2013-12-27 15:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$ 2013-12-27 15:45 - 2013-12-27 15:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$ 2013-12-27 15:44 - 2013-12-27 15:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$ 2013-12-27 15:43 - 2013-12-27 15:43 - 00086506 _____ C:\WINDOWS\KB2698365.log 2013-12-27 15:43 - 2013-12-27 15:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$ 2013-12-27 15:42 - 2013-12-27 15:42 - 00001105 _____ C:\WINDOWS\KB2779562.log 2013-12-27 15:42 - 2013-12-27 15:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2772930$ 2013-12-27 15:37 - 2013-12-27 15:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892076$ 2013-12-27 15:36 - 2013-12-27 15:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$ 2013-12-27 15:36 - 2013-12-27 15:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$ 2013-12-27 15:35 - 2013-12-27 15:35 - 00556862 _____ C:\WINDOWS\msxml6-KB2758696-enu-x86.LOG 2013-12-27 15:35 - 2013-12-27 15:35 - 00085261 _____ C:\WINDOWS\KB2748349.log 2013-12-27 15:35 - 2013-12-27 15:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2748349$ 2013-12-27 15:35 - 2013-12-27 15:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$ 2013-12-27 15:32 - 2013-12-27 15:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$ 2013-12-27 15:30 - 2013-12-27 15:31 - 00082140 _____ C:\WINDOWS\KB2868038.log 2013-12-27 15:30 - 2013-12-27 15:30 - 00084474 _____ C:\WINDOWS\KB2685939.log 2013-12-27 15:30 - 2013-12-27 15:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$ 2013-12-27 15:30 - 2013-12-27 15:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2685939$ 2013-12-27 15:29 - 2013-12-27 15:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2803821-v2$ 2013-12-27 15:29 - 2013-12-27 15:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$ 2013-12-27 15:28 - 2013-12-27 15:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$ 2013-12-27 15:27 - 2013-12-27 15:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$ 2013-12-27 15:27 - 2013-12-27 15:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2705219-v2$ 2013-12-27 15:26 - 2013-12-27 15:27 - 00080809 _____ C:\WINDOWS\KB2862335.log 2013-12-27 15:26 - 2013-12-27 15:26 - 00083330 _____ C:\WINDOWS\KB2807986.log 2013-12-27 15:26 - 2013-12-27 15:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$ 2013-12-27 15:26 - 2013-12-27 15:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$ 2013-12-27 15:21 - 2013-12-27 15:22 - 00088738 _____ C:\WINDOWS\KB2898785-IE8.log 2013-12-27 15:21 - 2013-10-29 01:23 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-12-27 15:21 - 2013-10-29 01:23 - 06020608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll 2013-12-27 15:21 - 2013-10-29 01:23 - 06020608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-12-27 15:21 - 2013-10-29 01:23 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-12-27 15:21 - 2013-10-29 01:23 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll 2013-12-27 15:21 - 2013-10-29 01:23 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-12-27 15:21 - 2013-10-29 01:23 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll 2013-12-27 15:21 - 2013-10-29 01:23 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-12-27 15:21 - 2013-10-29 01:23 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2013-12-27 15:21 - 2013-10-29 01:23 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll 2013-12-27 15:21 - 2013-10-29 01:23 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2013-12-27 15:21 - 2013-10-29 01:23 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2013-12-27 15:20 - 2013-12-27 15:21 - 00090003 _____ C:\WINDOWS\KB2862772-IE8.log 2013-12-27 15:19 - 2013-12-27 15:20 - 00093671 _____ C:\WINDOWS\KB2744842-IE8.log 2013-12-27 15:19 - 2013-10-29 01:23 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2013-12-27 15:18 - 2013-12-27 15:19 - 00097310 _____ C:\WINDOWS\KB2618444-IE8.log 2013-12-27 15:18 - 2013-12-27 15:18 - 00087471 _____ C:\WINDOWS\KB2467659.log 2013-12-27 15:18 - 2013-12-27 15:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2467659$