Jump to content

Recommended Posts

I keep getting popups that say "successfully blocked access to a potentially malicious website type incoming" with the IP addresses 211.95.78.84 and 61.156.242.138.

 

I downloaded DDS but it wouldnt run on my system because it wasnt made for Windows Server 2003

 

I ran a full scan but come up clean. Any advice?

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Hello mikecab

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
Link to post
Share on other sites

here is my copy and paste of FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2014
Ran by administrator (administrator) on XXXXXX on 21-01-2014 14:59:47
Running from C:\Documents and Settings\Administrator.DOMAIN\Desktop
Microsoft® Windows® Server 2003, Standard Edition Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) ===================

(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
(iAnywhere Solutions, Inc.) C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv9.exe
(Symantec Corporation) C:\Program Files\Symantec\Backup Exec\beremote.exe
(Microsoft Corporation) C:\WINDOWS\system32\certsrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\dfssvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\dns.exe
() C:\Program Files\Hewlett-Packard\HP LTT Service\NotificationClient.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP LTT Service\hp_taserv.exe
() C:\Program Files\Hewlett-Packard\HP LTT Service\LttWebService.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\WINDOWS\system32\ismserv.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\WINDOWS\system32\llssrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\WINDOWS\system32\ntfrs.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
(PrintFleet Inc) C:\Program Files\Printer DCA\PrinterDCA.Service.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\snmp.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
(Hewlett-Packard Company) C:\WINDOWS\system32\sysdown.exe
(Microsoft Corporation) C:\WINDOWS\system32\lserver.exe
(Microsoft Corporation) C:\WINDOWS\system32\wins.exe
(Microsoft Corporation) C:\WINDOWS\system32\tcpsvcs.exe
(Microsoft Corporation) E:\Program Files\Exchsrvr\bin\exmgmt.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\inetsrv\w3wp.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection Manager\bin\GFValidate.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
(Symantec Corporation) C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk2008\PerfectDisk.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM\...\Winlogon: [uIHost] %SystemRoot%\system32\logonui.exe [x ] ()
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll [X]
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [showSuperHidden] 1
HKLM\...\Command Processor:  <======= ATTENTION
HKCU\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [39264 2007-03-13] (Microsoft Corporation)
HKU\BEAdmin\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [ 2006-03-22] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [tscuninstall] - C:\Windows\system32\tscupgrd.exe [ 2006-03-22] (Microsoft Corporation)
Lsa: [Notification Packages] RASSFM KDCSVC WDIGEST scecli
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, pwdssp.dll

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: hpapp\Apps - No CLSID Value -
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 03 %SystemRoot%\System32\mswsock.dll [256000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Hosts: 127.0.0.1    localhost
Tcpip\..\Interfaces\{0584FE11-21AD-400C-A2A6-807BCAAA6FEE}: [NameServer]192.168.100.20

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator.DOMAIN\Application Data\Mozilla\Firefox\Profiles\9g63unzy.default
FF Homepage: google.com
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Administrator.DOMAIN\Application Data\Mozilla\Firefox\Profiles\9g63unzy.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-10-02]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

R2 ASANYs_sem5; C:\Program Files\Symantec\Symantec Endpoint Protection Manager\ASA\win32\dbsrv9.exe [73728 2006-12-28] (iAnywhere Solutions, Inc.)
S4 Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [238968 2008-02-21] (Symantec Corporation)
R2 BackupExecAgentAccelerator; C:\Program Files\Symantec\Backup Exec\beremote.exe [840008 2010-06-04] (Symantec Corporation)
S2 BackupExecAgentBrowser; C:\Program Files\Symantec\Backup Exec\benetns.exe [241992 2009-01-22] (Symantec Corporation)
S2 BackupExecDeviceMediaService; C:\Program Files\Symantec\Backup Exec\pvlsvr.exe [1259336 2009-01-22] (Symantec Corporation)
S2 BackupExecJobEngine; C:\Program Files\Symantec\Backup Exec\bengine.exe [3291464 2010-06-04] (Symantec Corporation)
S2 BackupExecRPCService; C:\Program Files\Symantec\Backup Exec\beserver.exe [6313800 2010-06-04] (Symantec Corporation)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2008-04-09] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [108392 2008-04-09] (Symantec Corporation)
R2 CertSvc; C:\WINDOWS\system32\certsrv.exe [316416 2007-02-17] (Microsoft Corporation)
R2 Dfs; C:\Windows\system32\Dfssvc.exe [164864 2007-02-17] (Microsoft Corporation)
R2 DHCPServer; C:\Windows\system32\tcpsvcs.exe [21504 2006-03-22] (Microsoft Corporation)
R2 DNS; C:\Windows\System32\dns.exe [450560 2012-01-30] (Microsoft Corporation)
R2 HP LTT Notification Service; C:\Program Files\Hewlett-Packard\HP LTT Service\NotificationClient.exe [21304 2013-07-25] ()
R2 HP LTT Service; C:\Program Files\Hewlett-Packard\HP LTT Service\hp_taserv.exe [1108376 2013-07-25] (Hewlett-Packard)
R2 HP LTT Web Service; C:\Program Files\Hewlett-Packard\HP LTT Service\LttWebService.exe [156472 2013-07-25] ()
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [14336 2007-02-17] (Microsoft Corporation)
R2 IsmServ; C:\Windows\System32\ismserv.exe [40448 2007-02-17] (Microsoft Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-11-26] (Oracle Corporation)
R2 kdc; C:\Windows\System32\lsass.exe [13312 2006-03-22] (Microsoft Corporation)
R2 LicenseService; C:\Windows\System32\llssrv.exe [94720 2007-02-18] (Microsoft Corporation)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [3220856 2008-02-21] (Symantec Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSExchangeMGMT; E:\Program Files\Exchsrvr\bin\exmgmt.exe [3217408 2005-08-25] (Microsoft Corporation)
S2 MSSQL$BKUPEXEC; C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 NtFrs; C:\Windows\system32\ntfrs.exe [792064 2007-02-17] (Microsoft Corporation)
R2 PD91Agent; C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe [693512 2008-12-31] (Raxco Software, Inc.)
R3 PD91Engine; C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe [910600 2008-12-31] (Raxco Software, Inc.)
S3 PD91VMDefrag; C:\Program Files\Raxco\PerfectDisk2008\PD91VMDefrag.exe [226568 2008-02-29] (Raxco Software, Inc.)
R2 Printer DCA; C:\Program Files\Printer DCA\PrinterDCA.Service.exe [71424 2010-12-22] (PrintFleet Inc)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [67072 2007-02-17] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [12288 2006-03-22] (Microsoft Corporation)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 semsrv; C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\SemSvc.exe [234944 2008-02-23] (Symantec Corporation)
R2 SmcService; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2569600 2008-04-09] (Symantec Corporation)
S3 SNAC; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [234888 2008-04-09] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2189240 2008-04-09] (Symantec Corporation)
R2 sysdown; C:\Windows\system32\sysdown.exe [6656 2007-07-16] (Hewlett-Packard Company)
R2 TermServLicensing; C:\Windows\system32\lserver.exe [349696 2007-02-17] (Microsoft Corporation)
S4 TrkSvr; C:\Windows\system32\trksvr.dll [50688 2006-03-22] (Microsoft Corporation)
S4 Tssdis; C:\Windows\System32\tssdis.exe [71168 2007-02-17] (Microsoft Corporation)
R2 WINS; C:\Windows\System32\wins.exe [158720 2011-08-10] (Microsoft Corporation)
R2 Eventlog;  [x]
S3 WinHttpAutoProxySvc; winhttp.dll [x]

==================== Drivers (Whitelisted) ====================

S4 ClusDisk; C:\Windows\System32\DRIVERS\ClusDisk.sys [69120 2007-02-17] (Microsoft Corporation)
R3 CpqCiDrv; C:\Windows\System32\DRIVERS\cpqcidrv.sys [35888 2007-06-22] (Hewlett-Packard Company)
S3 CPQTeam; C:\Windows\System32\DRIVERS\cpqteam.sys [214016 2007-08-30] (Hewlett-Packard Company)
R2 DefragFS; C:\Windows\System32\Drivers\DefragFS.sys [71184 2009-01-05] (Raxco Software, Inc.)
R0 DfsDriver; C:\Windows\System32\drivers\Dfs.sys [34816 2007-02-17] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-17] (Symantec Corporation)
S1 halfinchVRTS; C:\Windows\System32\DRIVERS\halfinch.sys [39472 2007-07-27] (Symantec Corporation)
R0 HpCISSs2; C:\Windows\System32\drivers\HpCISSs2.sys [65072 2007-06-21] (Hewlett-Packard Company)
S3 hplto; C:\Windows\System32\DRIVERS\hplto.sys [16384 2013-03-22] (Hewlett-Packard)
R3 hpqilo2; C:\Windows\System32\DRIVERS\hpqilo2.sys [117248 2007-07-16] (Hewlett-Packard Company)
S3 hptapefltr; C:\Windows\System32\DRIVERS\hptapefltr.sys [35592 2010-07-20] (Hewlett-Packard)
R3 l2nd; C:\Windows\System32\DRIVERS\bxnd52x.sys [50176 2007-06-04] (Broadcom Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140119.019\NAVENG.SYS [93272 2013-12-17] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140119.019\NAVEX15.SYS [1612376 2013-12-17] (Symantec Corporation)
R1 SCSIChanger; C:\Windows\System32\DRIVERS\scsichng.sys [20272 2007-08-23] (Symantec Corporation)
R1 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [418864 2008-04-09] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [279088 2008-04-09] (Symantec Corporation)
S3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [317616 2008-04-09] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [43696 2008-04-09] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [136496 2014-01-03] (Symantec Corporation)
R0 symmpi; C:\Windows\System32\DRIVERS\symmpi.sys [49664 2005-03-24] (LSI Logic)
S3 tpfilter; C:\Windows\System32\DRIVERS\tpfilter.sys [32688 2008-01-18] (Symantec Corporation)
R3 VirtFile; C:\Windows\System32\DRIVERS\VirtFile.sys [40240 2010-06-04] (Symantec Corporation)
R2 WGX; C:\Windows\System32\Drivers\WGX.SYS [38248 2008-04-09] (Symantec Corporation)
S3 WLBS; C:\Windows\System32\DRIVERS\wlbs.sys [169984 2007-02-17] (Microsoft Corporation)
S4 adpu320; No ImagePath
S4 afcnt; No ImagePath
S4 cpqarry2; No ImagePath
S4 cpqcissm; No ImagePath
S4 cpqfcalm; No ImagePath
S4 dellcerc; No ImagePath
S4 elxstor; No ImagePath
S4 hpt3xx; No ImagePath
S4 iirsp; No ImagePath
S4 IntelIde; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S4 ipsraidn; No ImagePath
U3 LicenseInfo; No ImagePath
S2 LMIInfo; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys [x]
S4 LMIRfsClientNP; No ImagePath
S4 lp6nds35; No ImagePath
S4 nfrd960; No ImagePath
S4 ql2100; No ImagePath
S4 ql2200; No ImagePath
S4 ql2300; No ImagePath
U5 sacdrv; C:\Windows\System32\Drivers\sacdrv.sys [72704 2007-02-17] (Microsoft Corporation)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [105472 2007-02-17] (Microsoft Corporation)
U5 Tape; C:\Windows\System32\Drivers\Tape.sys [22528 2007-02-17] (Microsoft Corporation)
U3 TrueSight; \??\ [x]
S4 vsdatant; a [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

NETSVC: Sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
NETSVC: TrkSvr -> C:\Windows\system32\trksvr.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2014-01-21 14:59 - 2014-01-21 15:00 - 00017367 _____ C:\Documents and Settings\Administrator.DOMAIN\Desktop\FRST.txt
2014-01-21 14:58 - 2014-01-21 14:58 - 00000000 ____D C:\FRST
2014-01-21 14:58 - 2014-01-21 14:55 - 01222144 _____ (Farbar) C:\Documents and Settings\Administrator.DOMAIN\Desktop\FRST.exe
2014-01-21 12:26 - 2014-01-21 15:01 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1
2014-01-18 03:03 - 2014-01-18 03:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB963093$
2014-01-18 03:02 - 2014-01-18 03:03 - 00125954 _____ C:\WINDOWS\KB963093.log
2014-01-18 03:01 - 2014-01-18 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2014-01-17 18:42 - 2014-01-18 03:01 - 00014475 _____ C:\WINDOWS\KB2813345.log
2014-01-17 13:07 - 2014-01-17 13:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$
2014-01-17 13:04 - 2014-01-17 13:04 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_190451_703.txt
2014-01-17 13:03 - 2014-01-17 13:06 - 03366632 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939v3_20140117_125914558-Microsoft .NET Framework 4 Extended-MSP1.txt
2014-01-17 12:59 - 2014-01-17 13:06 - 00068410 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939v3_20140117_125914558.html
2014-01-17 12:59 - 2014-01-17 13:03 - 10854738 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939v3_20140117_125914558-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 12:59 - 2014-01-17 12:59 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939v3_10.0.30319
2014-01-17 12:57 - 2014-01-17 12:57 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00009.log
2014-01-17 12:56 - 2014-01-17 12:56 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_185650_905.txt
2014-01-17 12:55 - 2014-01-17 12:58 - 03182994 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2858302v2_20140117_125038090-Microsoft .NET Framework 4 Extended-MSP1.txt
2014-01-17 12:50 - 2014-01-17 12:58 - 00068536 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2858302v2_20140117_125038090.html
2014-01-17 12:50 - 2014-01-17 12:55 - 10431726 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2858302v2_20140117_125038090-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 12:50 - 2014-01-17 12:50 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2858302v2_10.0.30319
2014-01-17 12:45 - 2014-01-17 12:50 - 09971648 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2861188_20140117_124507791-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 12:45 - 2014-01-17 12:50 - 00065446 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2861188_20140117_124507791.html
2014-01-17 12:45 - 2014-01-17 12:45 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2861188_10.0.30319
2014-01-17 12:43 - 2014-01-17 12:44 - 00013701 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00008.log
2014-01-17 12:39 - 2014-01-17 12:44 - 14785174 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2836941_20140117_183951873-Msi0.txt
2014-01-17 12:39 - 2014-01-17 12:44 - 00500794 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2836941_20140117_183951873.html
2014-01-17 12:33 - 2014-01-17 12:39 - 09655324 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2840628v2_20140117_123339027-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 12:33 - 2014-01-17 12:39 - 00065638 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2840628v2_20140117_123339027.html
2014-01-17 12:33 - 2014-01-17 12:33 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2840628v2_10.0.30319
2014-01-17 12:26 - 2014-01-17 12:33 - 09205346 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2835393_20140117_122653306-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 12:26 - 2014-01-17 12:33 - 00065622 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2835393_20140117_122653306.html
2014-01-17 12:26 - 2014-01-17 12:26 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2835393_10.0.30319
2014-01-17 12:25 - 2014-01-17 12:25 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00007.log
2014-01-17 12:24 - 2014-01-17 12:24 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_182442_113.txt
2014-01-17 12:23 - 2014-01-17 12:26 - 02955992 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939_20140117_121931496-Microsoft .NET Framework 4 Extended-MSP1.txt
2014-01-17 12:19 - 2014-01-17 12:26 - 00068992 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939_20140117_121931496.html
2014-01-17 12:19 - 2014-01-17 12:23 - 08713432 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939_20140117_121931496-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 12:19 - 2014-01-17 12:19 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939_10.0.30319
2014-01-17 12:14 - 2014-01-17 12:19 - 08293086 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2789642_20140117_121438244-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 12:14 - 2014-01-17 12:19 - 00065284 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2789642_20140117_121438244.html
2014-01-17 12:14 - 2014-01-17 12:14 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2789642_10.0.30319
2014-01-17 12:13 - 2014-01-17 12:13 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00006.log
2014-01-17 12:12 - 2014-01-17 12:12 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_181239_775.txt
2014-01-17 12:11 - 2014-01-17 12:14 - 02721352 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2736428_20140117_120729091-Microsoft .NET Framework 4 Extended-MSP1.txt
2014-01-17 12:07 - 2014-01-17 12:14 - 00062058 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2736428_20140117_120729091.html
2014-01-17 12:07 - 2014-01-17 12:11 - 07861306 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2736428_20140117_120729091-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 12:07 - 2014-01-17 12:07 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2736428_10.0.30319
2014-01-17 12:05 - 2014-01-17 12:06 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00005.log
2014-01-17 12:05 - 2014-01-17 12:05 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_180520_890.txt
2014-01-17 12:04 - 2014-01-17 12:07 - 02527842 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2742595_20140117_115831122-Microsoft .NET Framework 4 Extended-MSP1.txt
2014-01-17 11:58 - 2014-01-17 12:07 - 00061978 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2742595_20140117_115831122.html
2014-01-17 11:58 - 2014-01-17 12:04 - 07573974 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2742595_20140117_115831122-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 11:58 - 2014-01-17 11:58 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2742595_10.0.30319
2014-01-17 11:52 - 2014-01-17 11:58 - 07169322 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2729449_20140117_115244104-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 11:52 - 2014-01-17 11:58 - 00059476 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2729449_20140117_115244104.html
2014-01-17 11:52 - 2014-01-17 11:52 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2729449_10.0.30319
2014-01-17 11:47 - 2014-01-17 11:52 - 06771040 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2737019_20140117_114717408-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 11:47 - 2014-01-17 11:52 - 00059140 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2737019_20140117_114717408.html
2014-01-17 11:47 - 2014-01-17 11:47 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2737019_10.0.30319
2014-01-17 11:46 - 2014-01-18 03:13 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-17 11:46 - 2014-01-17 11:46 - 01043234 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SilverlightMSI.log
2014-01-17 11:38 - 2014-01-17 11:45 - 06452408 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2604121_20140117_113841343-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 11:38 - 2014-01-17 11:45 - 00059914 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2604121_20140117_113841343.html
2014-01-17 11:38 - 2014-01-17 11:38 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2604121_10.0.30319
2014-01-17 11:37 - 2014-01-17 11:37 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQLBF9.mft
2014-01-17 11:33 - 2014-01-17 11:34 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00004.log
2014-01-17 11:33 - 2014-01-17 11:33 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_173322_569.txt
2014-01-17 11:30 - 2014-01-17 11:35 - 02348240 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2600217_20140117_112425337-Microsoft .NET Framework 4 Extended-MSP1.txt
2014-01-17 11:24 - 2014-01-17 11:35 - 00062488 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2600217_20140117_112425337.html
2014-01-17 11:24 - 2014-01-17 11:30 - 06005988 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2600217_20140117_112425337-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 11:24 - 2014-01-17 11:24 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2600217_10.0.30319
2014-01-17 11:22 - 2014-01-17 11:24 - 00011290 _____ C:\WINDOWS\KB2632503-IE8.log
2014-01-17 11:20 - 2014-01-17 11:20 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00003.log
2014-01-17 11:19 - 2014-01-17 11:19 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_171956_835.txt
2014-01-17 11:18 - 2014-01-17 11:22 - 02128980 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2468871v2_20140117_110959222-Microsoft .NET Framework 4 Extended-MSP1.txt
2014-01-17 11:10 - 2014-01-17 11:18 - 05647328 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2468871v2_20140117_110959222-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 11:09 - 2014-01-17 11:22 - 00058512 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2468871v2_20140117_110959222.html
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2468871v2_10.0.30319
2014-01-17 11:03 - 2014-01-17 11:09 - 05211426 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2533523_20140117_105636110-Microsoft .NET Framework 4 Client Profile-MSP1.txt
2014-01-17 10:58 - 2014-01-17 10:58 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00002.log
2014-01-17 10:57 - 2014-01-17 10:57 - 00003752 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_165732_063.txt
2014-01-17 10:56 - 2014-01-17 11:09 - 00058482 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2533523_20140117_105636110.html
2014-01-17 10:56 - 2014-01-17 11:03 - 02008886 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2533523_20140117_105636110-Microsoft .NET Framework 4 Extended-MSP0.txt
2014-01-17 10:56 - 2014-01-17 10:56 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2533523_10.0.30319
2014-01-17 10:53 - 2014-01-17 10:54 - 00014110 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00001.log
2014-01-17 10:53 - 2014-01-17 10:53 - 00003752 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_165325_923.txt
2014-01-17 10:52 - 2014-01-17 12:59 - 00069339 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_clwireg.txt
2014-01-17 10:52 - 2014-01-17 10:56 - 01729794 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2487367_20140117_105231032-Microsoft .NET Framework 4 Extended-MSP0.txt
2014-01-17 10:52 - 2014-01-17 10:56 - 00055262 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2487367_20140117_105231032.html
2014-01-17 10:52 - 2014-01-17 10:52 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2487367_10.0.30319
2014-01-17 10:51 - 2014-01-17 10:52 - 00011111 _____ C:\WINDOWS\KB2492386.log
2014-01-17 10:51 - 2014-01-17 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$
2014-01-17 10:50 - 2014-01-17 10:51 - 00011646 _____ C:\WINDOWS\KB2481109.log
2014-01-17 10:50 - 2014-01-17 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2481109$
2014-01-17 10:48 - 2014-01-17 16:06 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-01-17 10:48 - 2014-01-17 16:06 - 00065536 _____ C:\WINDOWS\system32\config\FwdEvents.Evt
2014-01-17 10:48 - 2014-01-17 16:06 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-01-17 10:48 - 2014-01-17 16:06 - 00065536 _____ C:\WINDOWS\system32\config\EventCollector-Operational.Evt
2014-01-17 10:48 - 2014-01-17 10:48 - 00000000 __HDC C:\WINDOWS\$950099Uinstall_KB968930$
2014-01-17 10:48 - 2014-01-17 10:48 - 00000000 ____D C:\WINDOWS\system32\winrm
2014-01-17 10:48 - 2014-01-17 10:48 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell
2014-01-17 10:48 - 2014-01-17 10:48 - 00000000 ____D C:\WINDOWS\$NtUninstallKB968930$
2014-01-17 10:47 - 2014-01-17 10:47 - 00006058 _____ C:\WINDOWS\KB943729.log
2014-01-17 10:47 - 2014-01-17 10:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB943729$
2014-01-17 10:46 - 2014-01-17 10:47 - 00009443 _____ C:\WINDOWS\KB956744.log
2014-01-17 10:46 - 2014-01-17 10:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956744$
2014-01-17 10:46 - 2014-01-17 10:46 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Application Data\Windows Desktop Search
2014-01-17 10:44 - 2014-01-18 03:03 - 00000000 ____D C:\Program Files\Windows Desktop Search
2014-01-17 10:44 - 2014-01-17 10:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB940157$
2014-01-17 10:43 - 2014-01-17 10:46 - 00026311 _____ C:\WINDOWS\KB940157.log
2014-01-17 10:43 - 2014-01-17 10:44 - 00005910 _____ C:\WINDOWS\KB915800-v9.log
2014-01-17 10:43 - 2014-01-17 10:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB915800-v9$
2014-01-17 10:42 - 2014-01-17 13:08 - 00014682 _____ C:\WINDOWS\KB2808679.log
2014-01-17 10:41 - 2011-10-25 10:38 - 00726528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jscript.dll
2014-01-17 10:41 - 2011-10-25 10:38 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-01-17 10:40 - 2011-03-11 23:58 - 01364226 ____C C:\WINDOWS\system32\dllcache\sysmain.sdb
2014-01-17 10:40 - 2011-03-11 23:58 - 00735440 ____C C:\WINDOWS\system32\dllcache\msimain.sdb
2014-01-17 10:40 - 2011-03-11 23:57 - 00421376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aclayers.dll
2014-01-17 10:40 - 2011-01-27 11:11 - 00136192 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aaclient.dll
2014-01-17 10:40 - 2011-01-27 11:11 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tsgqec.dll
2014-01-17 10:40 - 2010-12-22 04:53 - 00677888 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstsc.exe
2014-01-17 10:04 - 2014-01-17 10:06 - 02095678 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 4 Setup_20140117_095936614-MSI_netfx_Extended_x86.msi.txt
2014-01-17 10:04 - 2014-01-17 10:04 - 00003752 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_160436_255.txt
2014-01-17 09:59 - 2014-01-17 10:06 - 00680390 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 4 Setup_20140117_095936614.html
2014-01-17 09:59 - 2014-01-17 10:04 - 05029466 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 4 Setup_20140117_095936614-MSI_netfx_Core_x86.msi.txt
2014-01-17 09:59 - 2014-01-17 09:59 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 4 Setup_4.0.30319
2014-01-17 09:36 - 2014-01-17 09:37 - 00017392 _____ C:\WINDOWS\KB925876.log
2014-01-17 09:36 - 2014-01-17 09:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB925876$
2014-01-17 09:34 - 2014-01-17 09:34 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL21E.mft
2014-01-17 08:11 - 2014-01-17 08:11 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL65.mft
2014-01-17 08:04 - 2014-01-17 08:04 - 00000000 __SHD C:\Documents and Settings\Administrator.DOMAIN\IECompatCache
2014-01-17 07:34 - 2014-01-17 07:34 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\2
2014-01-16 08:55 - 2014-01-16 08:55 - 00000705 _____ C:\Documents and Settings\Administrator.DOMAIN\Desktop\Shortcut to scripts.lnk
2014-01-15 03:05 - 2014-01-15 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 03:04 - 2014-01-15 03:06 - 00005891 _____ C:\WINDOWS\KB2914368.log
2014-01-09 07:23 - 2014-01-09 07:23 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL129.mft
2014-01-08 15:32 - 2014-01-08 15:32 - 00000451 ____T C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\CCI24.tmp
2014-01-08 15:32 - 2014-01-08 15:32 - 00000451 ____T C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\CCI23.tmp
2014-01-08 15:32 - 2014-01-08 15:32 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\PJBPFSPW
2014-01-08 15:14 - 2014-01-08 15:15 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\WERcac1.dir00
2014-01-08 12:21 - 2014-01-08 12:21 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL16.mft
2014-01-08 11:27 - 2014-01-08 11:23 - 01233962 _____ C:\Documents and Settings\Administrator.DOMAIN\Desktop\adwcleaner.exe
2014-01-08 09:37 - 2014-01-08 09:37 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL78.mft
2014-01-08 08:21 - 2014-01-08 08:21 - 00000004 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\AST_INSTALL.TMP
2014-01-08 08:15 - 2014-01-08 08:32 - 00000000 ____D C:\Program Files\Anvisoft
2014-01-08 08:15 - 2014-01-08 08:15 - 00000004 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\AUD_INSTALL.TMP
2014-01-08 07:49 - 2014-01-08 07:49 - 00000848 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MSI570a9.LOG
2014-01-08 07:48 - 2014-01-08 07:49 - 00000876 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MSI570a8.LOG
2014-01-08 07:48 - 2014-01-08 07:48 - 00000866 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MSI570a7.LOG
2014-01-08 07:36 - 2014-01-08 07:36 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQLF9.mft
2014-01-08 07:18 - 2014-01-08 07:18 - 00000036 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\UMI_ERRORS.TXT
2014-01-08 05:55 - 2014-01-08 05:59 - 00000178 ___SH C:\Documents and Settings\mjc\ntuser.ini
2014-01-08 05:55 - 2014-01-08 05:59 - 00000000 ____D C:\Documents and Settings\mjc
2014-01-08 05:55 - 2014-01-08 05:55 - 00000803 _____ C:\Documents and Settings\mjc\Start Menu\Programs\Internet Explorer.lnk
2014-01-08 05:55 - 2014-01-08 05:55 - 00000738 _____ C:\Documents and Settings\mjc\Start Menu\Programs\Outlook Express.lnk
2014-01-08 05:55 - 2014-01-08 05:55 - 00000000 __SHD C:\Documents and Settings\mjc\IETldCache
2014-01-08 05:55 - 2014-01-08 05:55 - 00000000 ___RD C:\Documents and Settings\mjc\Start Menu\Programs\Accessories
2014-01-08 05:55 - 2010-06-03 14:29 - 00000000 ____D C:\Documents and Settings\mjc\Application Data\Sharp
2014-01-08 05:55 - 2008-04-02 12:09 - 00001503 _____ C:\Documents and Settings\mjc\Start Menu\Programs\Remote Assistance.lnk
2014-01-08 05:55 - 2008-04-02 04:44 - 00000000 _____ C:\Documents and Settings\mjc\Sti_Trace.log
2014-01-06 15:39 - 2014-01-06 15:39 - 00002014 _____ C:\Documents and Settings\Administrator.DOMAIN\Desktop\HiJackThis.lnk
2014-01-06 15:39 - 2014-01-06 15:39 - 00000000 ____D C:\Program Files\Trend Micro
2014-01-06 15:39 - 2014-01-06 15:39 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Start Menu\Programs\HiJackThis
2014-01-06 12:43 - 2014-01-06 12:43 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL36.mft
2014-01-06 08:23 - 2014-01-06 09:08 - 00001623 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\jusched.log
2014-01-06 08:23 - 2014-01-06 08:23 - 00004162 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\java_install_sp.log
2014-01-06 08:23 - 2014-01-06 08:23 - 00001178 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\jinstall.cfg
2014-01-06 08:13 - 2014-01-06 08:12 - 00700783 _____ (Swearware) C:\Documents and Settings\Administrator.DOMAIN\Desktop\dds+.exe
2014-01-06 07:50 - 2014-01-06 07:50 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL5D.mft
2014-01-05 22:46 - 2014-01-16 05:33 - 02316684 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MLDCN01.DR.TMP
2014-01-05 22:46 - 2014-01-16 05:33 - 00052456 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\asrpnp.sif
2014-01-05 22:46 - 2014-01-16 05:33 - 00003800 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\asr.sif
2014-01-05 18:31 - 2008-04-09 10:57 - 00038248 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\WGX.SYS
2014-01-03 16:11 - 2014-01-03 16:15 - 00492000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdf01000.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\update.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00247360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip6.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wlbs.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00152200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpwd.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00136496 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WimFltr.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00122624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scsiport.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\videoprt.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sacdrv.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\redbook.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00049664 _____ (LSI Logic) C:\WINDOWS\system32\Drivers\symmpi.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00043696 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\srtspx.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00041608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\termdd.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00039984 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\VirtFile.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00032688 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\tpfilter.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00032224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdfldr.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00032128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciidex.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00024200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdtcp.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vgapnp.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vga.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdi.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00020480 _____ (Parallel Technologies, Inc.) C:\WINDOWS\system32\Drivers\ptilink.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\WINDOWS\system32\Drivers\secdrv.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00020272 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SCSICHNG.SYS.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspti.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023x.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00012936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdpipe.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\watchdog.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmilib.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpcdd.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00005760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciide.sys.bak
2014-01-03 16:11 - 2014-01-03 16:15 - 00004736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swenum.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00214016 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\cpqteam.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmio.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ftdisk.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltmgr.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00117248 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\hpqilo2.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00100864 _____ (LSI Logic) C:\WINDOWS\system32\Drivers\lsi_scsi.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipsec.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxg.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00071184 _____ (Raxco Software, Inc.) C:\WINDOWS\system32\Drivers\DefragFS.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00065072 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\HpCISSs2.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00045848 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\LMIRfsDriver.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fips.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\imapi.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00039472 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\halfinch.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpc.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ip6fw.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00035592 _____ (Hewlett-Packard) C:\WINDOWS\system32\Drivers\hptapefltr.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfs.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipfltdrv.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00025472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fdc.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00023552 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\hpcisss.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbatt.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssmbios.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crcdisk.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00016384 _____ (Hewlett-Packard) C:\WINDOWS\system32\Drivers\hplto.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irenum.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxapi.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00010144 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\lmimirr.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmload.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mnmdd.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgthk.sys.bak
2014-01-03 16:10 - 2014-01-03 16:15 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys.bak
2014-01-03 16:10 - 2014-01-03 16:14 - 01431040 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati2mtag.sys.bak
2014-01-03 16:10 - 2014-01-03 16:14 - 00385536 _____ (Broadcom Corporation) C:\WINDOWS\system32\Drivers\bxvbdx.sys.bak
2014-01-03 16:10 - 2014-01-03 16:14 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys.bak
2014-01-03 16:10 - 2014-01-03 16:14 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys.bak
2014-01-03 16:10 - 2014-01-03 16:14 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys.bak
2014-01-03 16:10 - 2014-01-03 16:14 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmarpc.sys.bak
2014-01-03 16:10 - 2014-01-03 16:14 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\classpnp.sys.bak
2014-01-03 16:10 - 2014-01-03 16:14 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys.bak
2014-01-03 16:10 - 2014-01-03 16:14 - 00050176 _____ (Broadcom Corporation) C:\WINDOWS\system32\Drivers\bxnd52x.sys.bak
2014-01-03 16:10 - 2014-01-03 16:14 - 00035888 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\cpqcidrv.sys.bak
2014-01-03 16:10 - 2014-01-03 16:14 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\asyncmac.sys.bak
2014-01-03 16:10 - 2014-01-03 16:14 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\battc.sys.bak
2014-01-03 16:10 - 2014-01-03 16:14 - 00010624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\compbatt.sys.bak
2014-01-03 16:10 - 2014-01-03 16:14 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys.bak
2014-01-03 16:10 - 2014-01-03 16:14 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\audstub.sys.bak
2014-01-03 16:09 - 2011-11-22 10:29 - 00777216 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ntdll_dump.dll
2014-01-03 16:07 - 2014-01-03 16:16 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Desktop\RK_Quarantine
2014-01-03 11:35 - 2014-01-03 11:35 - 00000586 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\srtUnin.log
2014-01-03 11:34 - 2014-01-03 11:35 - 00136496 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2014-01-03 11:34 - 2014-01-03 11:35 - 00060808 _____ (Symantec Corporation) C:\WINDOWS\system32\S32EVNT1.DLL
2014-01-03 11:34 - 2014-01-03 11:35 - 00018748 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SYMEVENT.LOG
2014-01-03 11:34 - 2014-01-03 11:35 - 00010652 _____ C:\WINDOWS\system32\Drivers\SYMEVENT.CAT
2014-01-03 11:33 - 2014-01-03 11:36 - 05347820 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SEP_INST.LOG
2014-01-03 11:31 - 2014-01-03 11:31 - 00000000 __SHD C:\Documents and Settings\Administrator.DOMAIN\PrivacIE
2014-01-03 11:30 - 2014-01-17 08:19 - 00000238 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\JavaDeployReg.log
2014-01-03 11:29 - 2014-01-03 16:16 - 00016221 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\scm-ui.log
2014-01-03 11:29 - 2014-01-03 16:16 - 00002162 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\scm-ui.err
2014-01-03 11:29 - 2014-01-03 11:29 - 00000097 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\sesm.xml
2014-01-03 11:28 - 2014-01-03 11:28 - 00000276 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MSIfcc4f.LOG
2014-01-03 11:25 - 2014-01-03 11:25 - 00376832 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\~DFB56D.tmp
2014-01-03 11:00 - 2014-01-03 11:00 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL5B.mft
2014-01-03 09:08 - 2006-03-22 06:00 - 00000734 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20140103-090803.backup
2014-01-03 07:39 - 2014-01-03 07:40 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-03 07:30 - 2014-01-20 08:03 - 00000971 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dw.log
2014-01-02 08:19 - 2014-01-20 07:58 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-01-02 08:19 - 2014-01-18 03:09 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2014-01-02 08:19 - 2014-01-15 00:30 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-01-02 08:19 - 2014-01-02 08:19 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-01-02 08:18 - 2014-01-02 08:22 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2014-01-02 08:18 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2013-12-29 03:00 - 2013-12-29 03:00 - 00008365 _____ C:\WINDOWS\KB2510531-IE8.log
2013-12-27 16:23 - 2013-12-27 16:23 - 00000000 __SHD C:\Documents and Settings\Administrator.DOMAIN\IETldCache
2013-12-27 15:56 - 2013-12-27 15:57 - 00085072 _____ C:\WINDOWS\KB2834886.log
2013-12-27 15:56 - 2013-12-27 15:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-12-27 15:53 - 2013-12-27 15:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-12-27 15:52 - 2013-12-27 15:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-12-27 15:46 - 2013-12-27 15:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-12-27 15:45 - 2013-12-27 15:45 - 00083601 _____ C:\WINDOWS\KB2900986.log
2013-12-27 15:45 - 2013-12-27 15:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-12-27 15:45 - 2013-12-27 15:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$
2013-12-27 15:44 - 2013-12-27 15:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2013-12-27 15:43 - 2013-12-27 15:43 - 00086506 _____ C:\WINDOWS\KB2698365.log
2013-12-27 15:43 - 2013-12-27 15:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$
2013-12-27 15:42 - 2013-12-27 15:42 - 00001105 _____ C:\WINDOWS\KB2779562.log
2013-12-27 15:42 - 2013-12-27 15:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2772930$
2013-12-27 15:37 - 2013-12-27 15:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892076$
2013-12-27 15:36 - 2013-12-27 15:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$
2013-12-27 15:36 - 2013-12-27 15:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-12-27 15:35 - 2013-12-27 15:35 - 00556862 _____ C:\WINDOWS\msxml6-KB2758696-enu-x86.LOG
2013-12-27 15:35 - 2013-12-27 15:35 - 00085261 _____ C:\WINDOWS\KB2748349.log
2013-12-27 15:35 - 2013-12-27 15:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2748349$
2013-12-27 15:35 - 2013-12-27 15:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$
2013-12-27 15:32 - 2013-12-27 15:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$
2013-12-27 15:30 - 2013-12-27 15:31 - 00082140 _____ C:\WINDOWS\KB2868038.log
2013-12-27 15:30 - 2013-12-27 15:30 - 00084474 _____ C:\WINDOWS\KB2685939.log
2013-12-27 15:30 - 2013-12-27 15:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-12-27 15:30 - 2013-12-27 15:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2685939$
2013-12-27 15:29 - 2013-12-27 15:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2803821-v2$
2013-12-27 15:29 - 2013-12-27 15:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$
2013-12-27 15:28 - 2013-12-27 15:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-12-27 15:27 - 2013-12-27 15:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-27 15:27 - 2013-12-27 15:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2705219-v2$
2013-12-27 15:26 - 2013-12-27 15:27 - 00080809 _____ C:\WINDOWS\KB2862335.log
2013-12-27 15:26 - 2013-12-27 15:26 - 00083330 _____ C:\WINDOWS\KB2807986.log
2013-12-27 15:26 - 2013-12-27 15:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-12-27 15:26 - 2013-12-27 15:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2013-12-27 15:21 - 2013-12-27 15:22 - 00088738 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-27 15:21 - 2013-10-29 01:23 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-12-27 15:21 - 2013-10-29 01:23 - 06020608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2013-12-27 15:21 - 2013-10-29 01:23 - 06020608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-12-27 15:21 - 2013-10-29 01:23 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-12-27 15:21 - 2013-10-29 01:23 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2013-12-27 15:21 - 2013-10-29 01:23 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-12-27 15:21 - 2013-10-29 01:23 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2013-12-27 15:21 - 2013-10-29 01:23 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-12-27 15:21 - 2013-10-29 01:23 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-12-27 15:21 - 2013-10-29 01:23 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2013-12-27 15:21 - 2013-10-29 01:23 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2013-12-27 15:21 - 2013-10-29 01:23 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2013-12-27 15:20 - 2013-12-27 15:21 - 00090003 _____ C:\WINDOWS\KB2862772-IE8.log
2013-12-27 15:19 - 2013-12-27 15:20 - 00093671 _____ C:\WINDOWS\KB2744842-IE8.log
2013-12-27 15:19 - 2013-10-29 01:23 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2013-12-27 15:18 - 2013-12-27 15:19 - 00097310 _____ C:\WINDOWS\KB2618444-IE8.log
2013-12-27 15:18 - 2013-12-27 15:18 - 00087471 _____ C:\WINDOWS\KB2467659.log
2013-12-27 15:18 - 2013-12-27 15:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2467659$
 

Link to post
Share on other sites

Part 2 of the above(it would not fit in one single post. it was too long

 

2013-12-27 15:17 - 2014-01-17 11:23 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-27 15:17 - 2013-12-27 15:18 - 00110337 _____ C:\WINDOWS\KB982381-IE8.log
2013-12-27 15:17 - 2013-10-29 01:23 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2013-12-27 15:17 - 2013-10-29 01:23 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2013-12-27 15:17 - 2013-10-29 01:23 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2013-12-27 15:16 - 2013-12-27 15:17 - 00101093 _____ C:\WINDOWS\KB982632-IE8.log
2013-12-27 15:16 - 2010-04-16 06:06 - 00041984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll
2013-12-27 15:13 - 2013-12-27 15:16 - 00099011 _____ C:\WINDOWS\ie8.log
2013-12-27 15:13 - 2013-12-27 15:16 - 00000000 __HDC C:\WINDOWS\ie8
2013-12-27 14:04 - 2013-12-27 14:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-27 14:04 - 2013-12-27 14:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$
2013-12-27 14:03 - 2013-12-27 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-12-27 13:56 - 2014-01-15 03:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-27 13:53 - 2013-12-27 13:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2742604$
2013-12-27 13:52 - 2013-12-27 13:56 - 00018509 _____ C:\WINDOWS\KB2742604.log
2013-12-27 13:45 - 2013-12-27 13:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2655992$
2013-12-27 13:44 - 2013-12-27 13:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-12-27 13:42 - 2013-12-27 13:43 - 00011209 _____ C:\WINDOWS\KB2864058.log
2013-12-27 13:42 - 2013-12-27 13:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864058$
2013-12-27 13:41 - 2013-12-27 13:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-27 13:39 - 2013-12-27 13:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-12-27 13:36 - 2013-12-27 13:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2833949$
2013-12-27 13:34 - 2013-12-27 13:38 - 00013724 _____ C:\WINDOWS\KB2833949.log
2013-12-27 13:33 - 2013-12-27 13:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-12-27 13:28 - 2013-12-27 13:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-12-27 13:01 - 2013-12-27 13:02 - 00008363 _____ C:\WINDOWS\KB2904266.log
2013-12-27 13:01 - 2013-12-27 13:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-27 12:59 - 2013-12-27 12:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$
2013-12-27 12:41 - 2013-12-27 12:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
2013-12-27 11:55 - 2013-07-20 13:18 - 00146432 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-12-27 11:55 - 2013-07-20 13:18 - 00032128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2013-12-27 11:55 - 2013-07-20 13:18 - 00030720 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys
2013-12-27 11:55 - 2013-07-20 13:18 - 00020992 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbuhci.sys
2013-12-27 11:55 - 2013-07-20 13:18 - 00017664 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbohci.sys
2013-12-27 11:55 - 2013-07-20 13:18 - 00005760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-12-27 11:54 - 2013-12-27 15:53 - 00092793 _____ C:\WINDOWS\KB2847311.log
2013-12-27 11:54 - 2013-12-27 15:46 - 00092858 _____ C:\WINDOWS\KB2868626.log
2013-12-27 11:53 - 2013-12-27 15:45 - 00094076 _____ C:\WINDOWS\KB2820917.log
2013-12-27 11:53 - 2013-12-27 15:44 - 00171193 _____ C:\WINDOWS\KB2898785-IE7.log
2013-12-27 11:53 - 2013-12-27 15:37 - 00092355 _____ C:\WINDOWS\KB2712808.log
2013-12-27 11:53 - 2013-12-27 15:37 - 00090632 _____ C:\WINDOWS\KB2892076.log
2013-12-27 11:53 - 2013-12-27 15:36 - 00091841 _____ C:\WINDOWS\KB2727528.log
2013-12-27 11:53 - 2013-12-27 15:36 - 00089518 _____ C:\WINDOWS\KB2845187.log
2013-12-27 11:53 - 2013-12-27 15:32 - 00092211 _____ C:\WINDOWS\KB2749655.log
2013-12-27 11:53 - 2013-12-27 15:30 - 00089064 _____ C:\WINDOWS\KB2803821-v2.log
2013-12-27 11:53 - 2013-07-17 05:06 - 00060544 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-12-27 11:53 - 2013-07-17 05:06 - 00020480 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-12-27 11:53 - 2012-08-21 06:56 - 00153600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\volsnap.sys
2013-12-27 11:52 - 2013-12-27 15:29 - 00091672 _____ C:\WINDOWS\KB2691442.log
2013-12-27 11:52 - 2013-12-27 15:28 - 00091439 _____ C:\WINDOWS\KB2705219-v2.log
2013-12-27 11:52 - 2013-12-27 15:28 - 00088080 _____ C:\WINDOWS\KB2850869.log
2013-12-27 11:52 - 2013-12-27 15:27 - 00087597 _____ C:\WINDOWS\KB2893294.log
2013-12-27 11:52 - 2013-07-02 19:01 - 00025472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-12-27 11:52 - 2013-07-02 18:52 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2013-12-27 11:51 - 2013-12-27 14:05 - 00025055 _____ C:\WINDOWS\KB2758857.log
2013-12-27 11:51 - 2013-12-27 14:04 - 00022194 _____ C:\WINDOWS\KB2893984.log
2013-12-27 11:51 - 2013-12-27 14:04 - 00021710 _____ C:\WINDOWS\KB2876217.log
2013-12-27 11:50 - 2013-12-27 13:46 - 00023869 _____ C:\WINDOWS\KB2655992.log
2013-12-27 11:50 - 2013-12-27 13:45 - 00023130 _____ C:\WINDOWS\KB2859537.log
2013-12-27 11:49 - 2013-12-27 13:42 - 00017934 _____ C:\WINDOWS\KB2898715.log
2013-12-27 11:49 - 2013-12-27 13:40 - 00016929 _____ C:\WINDOWS\KB2862152.log
2013-12-27 11:49 - 2013-12-27 13:34 - 00016314 _____ C:\WINDOWS\KB2864063.log
2013-12-27 11:49 - 2013-12-27 13:29 - 00015916 _____ C:\WINDOWS\KB2876331.log
2013-12-27 11:48 - 2013-12-27 13:00 - 00017683 _____ C:\WINDOWS\KB2719985.log
2013-12-27 11:47 - 2013-12-27 12:43 - 00016772 _____ C:\WINDOWS\KB2780091.log
2013-12-27 08:12 - 2012-06-02 15:19 - 00015384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll.mui

==================== One Month Modified Files and Folders =======

2014-01-21 15:01 - 2014-01-21 12:26 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1
2014-01-21 15:00 - 2014-01-21 14:59 - 00017367 _____ C:\Documents and Settings\Administrator.DOMAIN\Desktop\FRST.txt
2014-01-21 14:58 - 2014-01-21 14:58 - 00000000 ____D C:\FRST
2014-01-21 14:56 - 2008-04-02 04:32 - 00000000 ____D C:\WINDOWS\system32\dhcp
2014-01-21 14:55 - 2014-01-21 14:58 - 01222144 _____ (Farbar) C:\Documents and Settings\Administrator.DOMAIN\Desktop\FRST.exe
2014-01-21 12:29 - 2008-04-02 05:03 - 00000478 ____C C:\WINDOWS\system32\cpl.cfg
2014-01-21 12:00 - 2008-04-05 18:29 - 00000492 _____ C:\WINDOWS\Tasks\ShadowCopyVolume{d628b6fb-00f1-11dd-88ee-001cc4ef78fc}.job
2014-01-21 11:36 - 2008-04-02 12:07 - 01143480 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-21 11:33 - 2012-02-18 00:43 - 00880360 _____ C:\WINDOWS\setupapi.log
2014-01-21 03:01 - 2008-04-02 12:06 - 00000000 ____D C:\WINDOWS\Registration
2014-01-21 03:00 - 2008-04-04 13:27 - 49341684 _____ C:\WINDOWS\system32\besnmp.TRC
2014-01-21 00:04 - 2008-04-02 04:32 - 00000000 ____D C:\WINDOWS\security
2014-01-20 08:03 - 2014-01-03 07:30 - 00000971 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dw.log
2014-01-20 07:58 - 2014-01-02 08:19 - 00000644 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-01-20 07:57 - 2008-04-11 13:08 - 00000000 ____D C:\WINDOWS\system32\CertLog
2014-01-20 07:57 - 2008-04-02 04:32 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2014-01-20 07:55 - 2008-04-02 04:32 - 00000000 ____D C:\WINDOWS\system32\wins
2014-01-20 07:54 - 2013-11-20 15:41 - 00004342 _____ C:\WINDOWS\system32\TEST.log
2014-01-20 07:54 - 2008-04-07 11:31 - 00000000 ____D C:\WINDOWS\system32\LServer
2014-01-20 07:54 - 2008-04-04 14:17 - 00002472 ____C C:\WINDOWS\system32\config\netlogon.dnb
2014-01-20 07:54 - 2008-04-04 14:17 - 00002347 ____C C:\WINDOWS\system32\config\netlogon.dns
2014-01-20 07:54 - 2008-04-02 04:29 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2014-01-20 07:52 - 2008-04-04 13:59 - 00000000 ____D C:\WINDOWS\NTDS
2014-01-20 07:52 - 2008-04-02 12:14 - 00000006 ___HC C:\WINDOWS\Tasks\SA.DAT
2014-01-19 03:01 - 2008-04-03 10:49 - 00000178 __SHC C:\Documents and Settings\Administrator.DOMAIN\ntuser.ini
2014-01-18 03:13 - 2014-01-17 11:46 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2014-01-18 03:13 - 2008-04-02 12:14 - 00109400 ____C C:\WINDOWS\PFRO.log
2014-01-18 03:10 - 2008-04-02 12:14 - 00032634 _____ C:\WINDOWS\Tasks\SchedLgU.Txt
2014-01-18 03:09 - 2014-01-02 08:19 - 00065536 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2014-01-18 03:09 - 2008-04-04 14:38 - 00524288 _____ C:\WINDOWS\system32\config\DnsEvent.Evt
2014-01-18 03:09 - 2008-04-04 14:00 - 00524288 _____ C:\WINDOWS\system32\config\NTDS.Evt
2014-01-18 03:09 - 2008-04-04 14:00 - 00065536 _____ C:\WINDOWS\system32\config\NtFrs.Evt
2014-01-18 03:03 - 2014-01-18 03:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB963093$
2014-01-18 03:03 - 2014-01-18 03:02 - 00125954 _____ C:\WINDOWS\KB963093.log
2014-01-18 03:03 - 2014-01-17 10:44 - 00000000 ____D C:\Program Files\Windows Desktop Search
2014-01-18 03:03 - 2008-04-02 15:04 - 00219811 ____C C:\WINDOWS\updspapi.log
2014-01-18 03:03 - 2008-04-02 13:37 - 00820810 ____C C:\WINDOWS\nfsocm.log
2014-01-18 03:03 - 2008-04-02 13:37 - 00307444 ____C C:\WINDOWS\sfuocgen.log
2014-01-18 03:03 - 2008-04-02 13:37 - 00083322 ____C C:\WINDOWS\ocwss.log
2014-01-18 03:03 - 2008-04-02 13:37 - 00081342 ____C C:\WINDOWS\AdfsOcm.log
2014-01-18 03:03 - 2008-04-02 04:41 - 03085335 ____C C:\WINDOWS\iis6.log
2014-01-18 03:03 - 2008-04-02 04:41 - 02419474 ____C C:\WINDOWS\ocgen.log
2014-01-18 03:03 - 2008-04-02 04:41 - 02124250 ____C C:\WINDOWS\FaxSetup.log
2014-01-18 03:03 - 2008-04-02 04:41 - 01518312 ____C C:\WINDOWS\uddisetup.log
2014-01-18 03:03 - 2008-04-02 04:41 - 00995874 ____C C:\WINDOWS\msmqinst.log
2014-01-18 03:03 - 2008-04-02 04:41 - 00917715 ____C C:\WINDOWS\tsoc.log
2014-01-18 03:03 - 2008-04-02 04:41 - 00648564 ____C C:\WINDOWS\comsetup.log
2014-01-18 03:03 - 2008-04-02 04:41 - 00492177 ____C C:\WINDOWS\certocm.log
2014-01-18 03:03 - 2008-04-02 04:41 - 00440873 ____C C:\WINDOWS\ntdtcsetup.log
2014-01-18 03:03 - 2008-04-02 04:41 - 00355418 ____C C:\WINDOWS\netfxocm.log
2014-01-18 03:03 - 2008-04-02 04:41 - 00306514 ____C C:\WINDOWS\aspnetocm.log
2014-01-18 03:03 - 2008-04-02 04:41 - 00219173 ____C C:\WINDOWS\LicenOc.log
2014-01-18 03:03 - 2008-04-02 04:41 - 00107336 ____C C:\WINDOWS\pop3oc.log
2014-01-18 03:03 - 2008-04-02 04:41 - 00003423 _____ C:\WINDOWS\imsins.log
2014-01-18 03:01 - 2014-01-18 03:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2813345$
2014-01-18 03:01 - 2014-01-17 18:42 - 00014475 _____ C:\WINDOWS\KB2813345.log
2014-01-18 03:01 - 2008-04-02 04:41 - 00003423 _____ C:\WINDOWS\imsins.BAK
2014-01-17 18:42 - 2008-04-02 12:09 - 00000000 ___HD C:\WINDOWS\$hf_mig$
2014-01-17 16:12 - 2008-04-02 15:16 - 00052441 ____C C:\WINDOWS\spupdsvc.log
2014-01-17 16:06 - 2014-01-17 10:48 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-01-17 16:06 - 2014-01-17 10:48 - 00065536 _____ C:\WINDOWS\system32\config\FwdEvents.Evt
2014-01-17 16:06 - 2014-01-17 10:48 - 00065536 _____ C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-01-17 16:06 - 2014-01-17 10:48 - 00065536 _____ C:\WINDOWS\system32\config\EventCollector-Operational.Evt
2014-01-17 13:24 - 2008-04-02 04:32 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2014-01-17 13:08 - 2014-01-17 10:42 - 00014682 _____ C:\WINDOWS\KB2808679.log
2014-01-17 13:07 - 2014-01-17 13:07 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2808679$
2014-01-17 13:06 - 2014-01-17 13:03 - 03366632 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939v3_20140117_125914558-Microsoft .NET Framework 4 Extended-MSP1.txt
2014-01-17 13:06 - 2014-01-17 12:59 - 00068410 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939v3_20140117_125914558.html
2014-01-17 13:05 - 2008-04-02 04:41 - 00947444 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-17 13:04 - 2014-01-17 13:04 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_190451_703.txt
2014-01-17 13:03 - 2014-01-17 12:59 - 10854738 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939v3_20140117_125914558-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 12:59 - 2014-01-17 12:59 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939v3_10.0.30319
2014-01-17 12:59 - 2014-01-17 10:52 - 00069339 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_clwireg.txt
2014-01-17 12:58 - 2014-01-17 12:55 - 03182994 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2858302v2_20140117_125038090-Microsoft .NET Framework 4 Extended-MSP1.txt
2014-01-17 12:58 - 2014-01-17 12:50 - 00068536 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2858302v2_20140117_125038090.html
2014-01-17 12:57 - 2014-01-17 12:57 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00009.log
2014-01-17 12:56 - 2014-01-17 12:56 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_185650_905.txt
2014-01-17 12:55 - 2014-01-17 12:50 - 10431726 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2858302v2_20140117_125038090-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 12:50 - 2014-01-17 12:50 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2858302v2_10.0.30319
2014-01-17 12:50 - 2014-01-17 12:45 - 09971648 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2861188_20140117_124507791-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 12:50 - 2014-01-17 12:45 - 00065446 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2861188_20140117_124507791.html
2014-01-17 12:45 - 2014-01-17 12:45 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2861188_10.0.30319
2014-01-17 12:44 - 2014-01-17 12:43 - 00013701 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00008.log
2014-01-17 12:44 - 2014-01-17 12:39 - 14785174 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2836941_20140117_183951873-Msi0.txt
2014-01-17 12:44 - 2014-01-17 12:39 - 00500794 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 2.0-KB2836941_20140117_183951873.html
2014-01-17 12:39 - 2014-01-17 12:33 - 09655324 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2840628v2_20140117_123339027-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 12:39 - 2014-01-17 12:33 - 00065638 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2840628v2_20140117_123339027.html
2014-01-17 12:33 - 2014-01-17 12:33 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2840628v2_10.0.30319
2014-01-17 12:33 - 2014-01-17 12:26 - 09205346 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2835393_20140117_122653306-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 12:33 - 2014-01-17 12:26 - 00065622 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2835393_20140117_122653306.html
2014-01-17 12:26 - 2014-01-17 12:26 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2835393_10.0.30319
2014-01-17 12:26 - 2014-01-17 12:23 - 02955992 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939_20140117_121931496-Microsoft .NET Framework 4 Extended-MSP1.txt
2014-01-17 12:26 - 2014-01-17 12:19 - 00068992 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939_20140117_121931496.html
2014-01-17 12:25 - 2014-01-17 12:25 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00007.log
2014-01-17 12:24 - 2014-01-17 12:24 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_182442_113.txt
2014-01-17 12:23 - 2014-01-17 12:19 - 08713432 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939_20140117_121931496-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 12:19 - 2014-01-17 12:19 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2836939_10.0.30319
2014-01-17 12:19 - 2014-01-17 12:14 - 08293086 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2789642_20140117_121438244-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 12:19 - 2014-01-17 12:14 - 00065284 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2789642_20140117_121438244.html
2014-01-17 12:14 - 2014-01-17 12:14 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2789642_10.0.30319
2014-01-17 12:14 - 2014-01-17 12:11 - 02721352 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2736428_20140117_120729091-Microsoft .NET Framework 4 Extended-MSP1.txt
2014-01-17 12:14 - 2014-01-17 12:07 - 00062058 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2736428_20140117_120729091.html
2014-01-17 12:13 - 2014-01-17 12:13 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00006.log
2014-01-17 12:12 - 2014-01-17 12:12 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_181239_775.txt
2014-01-17 12:11 - 2014-01-17 12:07 - 07861306 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2736428_20140117_120729091-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 12:07 - 2014-01-17 12:07 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2736428_10.0.30319
2014-01-17 12:07 - 2014-01-17 12:04 - 02527842 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2742595_20140117_115831122-Microsoft .NET Framework 4 Extended-MSP1.txt
2014-01-17 12:07 - 2014-01-17 11:58 - 00061978 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2742595_20140117_115831122.html
2014-01-17 12:06 - 2014-01-17 12:05 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00005.log
2014-01-17 12:05 - 2014-01-17 12:05 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_180520_890.txt
2014-01-17 12:04 - 2014-01-17 11:58 - 07573974 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2742595_20140117_115831122-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 11:58 - 2014-01-17 11:58 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2742595_10.0.30319
2014-01-17 11:58 - 2014-01-17 11:52 - 07169322 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2729449_20140117_115244104-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 11:58 - 2014-01-17 11:52 - 00059476 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2729449_20140117_115244104.html
2014-01-17 11:52 - 2014-01-17 11:52 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2729449_10.0.30319
2014-01-17 11:52 - 2014-01-17 11:47 - 06771040 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2737019_20140117_114717408-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 11:52 - 2014-01-17 11:47 - 00059140 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2737019_20140117_114717408.html
2014-01-17 11:47 - 2014-01-17 11:47 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2737019_10.0.30319
2014-01-17 11:46 - 2014-01-17 11:46 - 01043234 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SilverlightMSI.log
2014-01-17 11:45 - 2014-01-17 11:38 - 06452408 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2604121_20140117_113841343-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 11:45 - 2014-01-17 11:38 - 00059914 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2604121_20140117_113841343.html
2014-01-17 11:38 - 2014-01-17 11:38 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2604121_10.0.30319
2014-01-17 11:37 - 2014-01-17 11:37 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQLBF9.mft
2014-01-17 11:35 - 2014-01-17 11:30 - 02348240 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2600217_20140117_112425337-Microsoft .NET Framework 4 Extended-MSP1.txt
2014-01-17 11:35 - 2014-01-17 11:24 - 00062488 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2600217_20140117_112425337.html
2014-01-17 11:34 - 2014-01-17 11:33 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00004.log
2014-01-17 11:33 - 2014-01-17 11:33 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_173322_569.txt
2014-01-17 11:30 - 2014-01-17 11:24 - 06005988 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2600217_20140117_112425337-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 11:24 - 2014-01-17 11:24 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2600217_10.0.30319
2014-01-17 11:24 - 2014-01-17 11:22 - 00011290 _____ C:\WINDOWS\KB2632503-IE8.log
2014-01-17 11:23 - 2013-12-27 15:17 - 00000000 ____D C:\WINDOWS\ie8updates
2014-01-17 11:22 - 2014-01-17 11:18 - 02128980 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2468871v2_20140117_110959222-Microsoft .NET Framework 4 Extended-MSP1.txt
2014-01-17 11:22 - 2014-01-17 11:09 - 00058512 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2468871v2_20140117_110959222.html
2014-01-17 11:20 - 2014-01-17 11:20 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00003.log
2014-01-17 11:19 - 2014-01-17 11:19 - 00003448 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_171956_835.txt
2014-01-17 11:18 - 2014-01-17 11:10 - 05647328 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2468871v2_20140117_110959222-Microsoft .NET Framework 4 Client Profile-MSP0.txt
2014-01-17 11:09 - 2014-01-17 11:09 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2468871v2_10.0.30319
2014-01-17 11:09 - 2014-01-17 11:03 - 05211426 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2533523_20140117_105636110-Microsoft .NET Framework 4 Client Profile-MSP1.txt
2014-01-17 11:09 - 2014-01-17 10:56 - 00058482 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2533523_20140117_105636110.html
2014-01-17 11:03 - 2014-01-17 10:56 - 02008886 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2533523_20140117_105636110-Microsoft .NET Framework 4 Extended-MSP0.txt
2014-01-17 10:58 - 2014-01-17 10:58 - 00013380 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00002.log
2014-01-17 10:57 - 2014-01-17 10:57 - 00003752 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_165732_063.txt
2014-01-17 10:56 - 2014-01-17 10:56 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2533523_10.0.30319
2014-01-17 10:56 - 2014-01-17 10:52 - 01729794 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2487367_20140117_105231032-Microsoft .NET Framework 4 Extended-MSP0.txt
2014-01-17 10:56 - 2014-01-17 10:52 - 00055262 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2487367_20140117_105231032.html
2014-01-17 10:54 - 2014-01-17 10:53 - 00014110 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\ASPNETSetup_00001.log
2014-01-17 10:53 - 2014-01-17 10:53 - 00003752 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_165325_923.txt
2014-01-17 10:52 - 2014-01-17 10:52 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\KB2487367_10.0.30319
2014-01-17 10:52 - 2014-01-17 10:51 - 00011111 _____ C:\WINDOWS\KB2492386.log
2014-01-17 10:51 - 2014-01-17 10:51 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2492386$
2014-01-17 10:51 - 2014-01-17 10:50 - 00011646 _____ C:\WINDOWS\KB2481109.log
2014-01-17 10:51 - 2014-01-17 10:50 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2481109$
2014-01-17 10:48 - 2014-01-17 10:48 - 00000000 __HDC C:\WINDOWS\$950099Uinstall_KB968930$
2014-01-17 10:48 - 2014-01-17 10:48 - 00000000 ____D C:\WINDOWS\system32\winrm
2014-01-17 10:48 - 2014-01-17 10:48 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell
2014-01-17 10:48 - 2014-01-17 10:48 - 00000000 ____D C:\WINDOWS\$NtUninstallKB968930$
2014-01-17 10:48 - 2008-04-02 04:32 - 00000000 ____D C:\WINDOWS\Help
2014-01-17 10:47 - 2014-01-17 10:47 - 00006058 _____ C:\WINDOWS\KB943729.log
2014-01-17 10:47 - 2014-01-17 10:47 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB943729$
2014-01-17 10:47 - 2014-01-17 10:46 - 00009443 _____ C:\WINDOWS\KB956744.log
2014-01-17 10:46 - 2014-01-17 10:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB956744$
2014-01-17 10:46 - 2014-01-17 10:46 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Application Data\Windows Desktop Search
2014-01-17 10:46 - 2014-01-17 10:43 - 00026311 _____ C:\WINDOWS\KB940157.log
2014-01-17 10:44 - 2014-01-17 10:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB940157$
2014-01-17 10:44 - 2014-01-17 10:43 - 00005910 _____ C:\WINDOWS\KB915800-v9.log
2014-01-17 10:43 - 2014-01-17 10:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB915800-v9$
2014-01-17 10:06 - 2014-01-17 10:04 - 02095678 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 4 Setup_20140117_095936614-MSI_netfx_Extended_x86.msi.txt
2014-01-17 10:06 - 2014-01-17 09:59 - 00680390 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 4 Setup_20140117_095936614.html
2014-01-17 10:04 - 2014-01-17 10:04 - 00003752 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\dd_wcf_CA_smci_20140117_160436_255.txt
2014-01-17 10:04 - 2014-01-17 09:59 - 05029466 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 4 Setup_20140117_095936614-MSI_netfx_Core_x86.msi.txt
2014-01-17 10:00 - 2008-04-04 13:19 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-17 09:59 - 2014-01-17 09:59 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\Microsoft .NET Framework 4 Setup_4.0.30319
2014-01-17 09:37 - 2014-01-17 09:36 - 00017392 _____ C:\WINDOWS\KB925876.log
2014-01-17 09:36 - 2014-01-17 09:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB925876$
2014-01-17 09:34 - 2014-01-17 09:34 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL21E.mft
2014-01-17 08:23 - 2008-04-04 13:18 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2014-01-17 08:22 - 2008-04-04 14:14 - 00065536 _____ C:\WINDOWS\NETLOGON.CHG
2014-01-17 08:19 - 2014-01-03 11:30 - 00000238 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\JavaDeployReg.log
2014-01-17 08:11 - 2014-01-17 08:11 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL65.mft
2014-01-17 08:04 - 2014-01-17 08:04 - 00000000 __SHD C:\Documents and Settings\Administrator.DOMAIN\IECompatCache
2014-01-17 08:04 - 2008-04-03 10:49 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN
2014-01-17 07:48 - 2008-04-07 15:30 - 26223566 _____ C:\WINDOWS\system32\Dashboard.log
2014-01-17 07:34 - 2014-01-17 07:34 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\2
2014-01-16 15:02 - 2008-04-08 08:56 - 00002267 _____ C:\Documents and Settings\Administrator.DOMAIN\Desktop\Active Directory Users and Computers.lnk
2014-01-16 08:55 - 2014-01-16 08:55 - 00000705 _____ C:\Documents and Settings\Administrator.DOMAIN\Desktop\Shortcut to scripts.lnk
2014-01-16 05:33 - 2014-01-05 22:46 - 02316684 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MLDCN01.DR.TMP
2014-01-16 05:33 - 2014-01-05 22:46 - 00052456 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\asrpnp.sif
2014-01-16 05:33 - 2014-01-05 22:46 - 00003800 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\asr.sif
2014-01-16 05:29 - 2010-09-01 16:01 - 00000000 ___HD C:\Backup Exec AOFO Store
2014-01-16 05:29 - 2008-04-02 04:32 - 00000000 ____D C:\WINDOWS\repair
2014-01-15 03:06 - 2014-01-15 03:04 - 00005891 _____ C:\WINDOWS\KB2914368.log
2014-01-15 03:05 - 2014-01-15 03:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
2014-01-15 03:04 - 2013-12-27 13:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-15 03:00 - 2008-04-03 10:42 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 00:30 - 2014-01-02 08:19 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-01-13 16:47 - 2008-04-03 10:50 - 00000738 _____ C:\Documents and Settings\Administrator.DOMAIN\Start Menu\Programs\Outlook Express.lnk
2014-01-09 07:23 - 2014-01-09 07:23 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL129.mft
2014-01-08 15:32 - 2014-01-08 15:32 - 00000451 ____T C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\CCI24.tmp
2014-01-08 15:32 - 2014-01-08 15:32 - 00000451 ____T C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\CCI23.tmp
2014-01-08 15:32 - 2014-01-08 15:32 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\PJBPFSPW
2014-01-08 15:15 - 2014-01-08 15:14 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\WERcac1.dir00
2014-01-08 12:21 - 2014-01-08 12:21 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL16.mft
2014-01-08 11:23 - 2014-01-08 11:27 - 01233962 _____ C:\Documents and Settings\Administrator.DOMAIN\Desktop\adwcleaner.exe
2014-01-08 09:39 - 2008-04-02 04:41 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-08 09:37 - 2014-01-08 09:37 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL78.mft
2014-01-08 08:32 - 2014-01-08 08:15 - 00000000 ____D C:\Program Files\Anvisoft
2014-01-08 08:29 - 2013-11-15 10:14 - 00000000 ____D C:\Program Files\PowerDataRecovery
2014-01-08 08:21 - 2014-01-08 08:21 - 00000004 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\AST_INSTALL.TMP
2014-01-08 08:15 - 2014-01-08 08:15 - 00000004 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\AUD_INSTALL.TMP
2014-01-08 07:49 - 2014-01-08 07:49 - 00000848 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MSI570a9.LOG
2014-01-08 07:49 - 2014-01-08 07:48 - 00000876 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MSI570a8.LOG
2014-01-08 07:48 - 2014-01-08 07:48 - 00000866 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MSI570a7.LOG
2014-01-08 07:36 - 2014-01-08 07:36 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQLF9.mft
2014-01-08 07:33 - 2008-04-04 11:30 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\{CA648C72-66AB-4652-A825-9994AB5F6D15}
2014-01-08 07:31 - 2008-04-04 13:28 - 00035586 ____C C:\WINDOWS\system32\BEPerfDll.ini
2014-01-08 07:31 - 2008-04-04 13:28 - 00005382 ____C C:\WINDOWS\system32\BEPerfDll.h
2014-01-08 07:18 - 2014-01-08 07:18 - 00000036 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\UMI_ERRORS.TXT
2014-01-08 05:59 - 2014-01-08 05:55 - 00000178 ___SH C:\Documents and Settings\mjc\ntuser.ini
2014-01-08 05:59 - 2014-01-08 05:55 - 00000000 ____D C:\Documents and Settings\mjc
2014-01-08 05:55 - 2014-01-08 05:55 - 00000803 _____ C:\Documents and Settings\mjc\Start Menu\Programs\Internet Explorer.lnk
2014-01-08 05:55 - 2014-01-08 05:55 - 00000738 _____ C:\Documents and Settings\mjc\Start Menu\Programs\Outlook Express.lnk
2014-01-08 05:55 - 2014-01-08 05:55 - 00000000 __SHD C:\Documents and Settings\mjc\IETldCache
2014-01-08 05:55 - 2014-01-08 05:55 - 00000000 ___RD C:\Documents and Settings\mjc\Start Menu\Programs\Accessories
2014-01-08 05:55 - 2008-04-02 12:09 - 00005670 ____C C:\WINDOWS\wmsetup.log
2014-01-06 15:39 - 2014-01-06 15:39 - 00002014 _____ C:\Documents and Settings\Administrator.DOMAIN\Desktop\HiJackThis.lnk
2014-01-06 15:39 - 2014-01-06 15:39 - 00000000 ____D C:\Program Files\Trend Micro
2014-01-06 15:39 - 2014-01-06 15:39 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Start Menu\Programs\HiJackThis
2014-01-06 12:43 - 2014-01-06 12:43 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL36.mft
2014-01-06 11:40 - 2008-04-04 13:28 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2014-01-06 11:39 - 2008-04-02 13:39 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2014-01-06 11:33 - 2008-04-04 13:27 - 00000000 ____D C:\WINDOWS\FltMgr
2014-01-06 09:08 - 2014-01-06 08:23 - 00001623 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\jusched.log
2014-01-06 08:23 - 2014-01-06 08:23 - 00004162 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\java_install_sp.log
2014-01-06 08:23 - 2014-01-06 08:23 - 00001178 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\jinstall.cfg
2014-01-06 08:12 - 2014-01-06 08:13 - 00700783 _____ (Swearware) C:\Documents and Settings\Administrator.DOMAIN\Desktop\dds+.exe
2014-01-06 07:58 - 2008-04-11 13:17 - 00001126 ____C C:\WINDOWS\certmmc.log
2014-01-06 07:50 - 2014-01-06 07:50 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL5D.mft
2014-01-04 03:01 - 2012-10-02 09:57 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2014-01-03 16:16 - 2014-01-03 16:07 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Desktop\RK_Quarantine
2014-01-03 16:16 - 2014-01-03 11:29 - 00016221 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\scm-ui.log
2014-01-03 16:16 - 2014-01-03 11:29 - 00002162 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\scm-ui.err
2014-01-03 16:16 - 2010-08-09 12:11 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\hsperfdata_administrator
2014-01-03 16:15 - 2014-01-03 16:11 - 00492000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdf01000.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\update.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00247360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip6.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wlbs.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00152200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpwd.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00136496 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WimFltr.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00122624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scsiport.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\videoprt.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\parport.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sacdrv.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\redbook.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00049664 _____ (LSI Logic) C:\WINDOWS\system32\Drivers\symmpi.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00043696 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\srtspx.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00041608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\termdd.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00039984 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\VirtFile.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00032688 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\tpfilter.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00032224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdfldr.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00032128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciidex.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00024200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdtcp.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vgapnp.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vga.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdi.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00020480 _____ (Parallel Technologies, Inc.) C:\WINDOWS\system32\Drivers\ptilink.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00020480 _____ (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) C:\WINDOWS\system32\Drivers\secdrv.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00020272 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SCSICHNG.SYS.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspti.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023x.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00012936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdpipe.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\watchdog.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmilib.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpcdd.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00005760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciide.sys.bak
2014-01-03 16:15 - 2014-01-03 16:11 - 00004736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\swenum.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00214016 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\cpqteam.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmio.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ftdisk.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltmgr.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00117248 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\hpqilo2.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00100864 _____ (LSI Logic) C:\WINDOWS\system32\Drivers\lsi_scsi.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipsec.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxg.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00071184 _____ (Raxco Software, Inc.) C:\WINDOWS\system32\Drivers\DefragFS.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00065072 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\HpCISSs2.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00045848 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\LMIRfsDriver.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fips.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\imapi.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00039472 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\halfinch.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpc.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ip6fw.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00035592 _____ (Hewlett-Packard) C:\WINDOWS\system32\Drivers\hptapefltr.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfs.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipfltdrv.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdclass.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00025472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fdc.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00023552 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\hpcisss.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouclass.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbatt.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mssmbios.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crcdisk.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00016384 _____ (Hewlett-Packard) C:\WINDOWS\system32\Drivers\hplto.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irenum.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxapi.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00010144 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\lmimirr.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmload.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mnmdd.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgthk.sys.bak
2014-01-03 16:15 - 2014-01-03 16:10 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys.bak
2014-01-03 16:14 - 2014-01-03 16:10 - 01431040 _____ (ATI Technologies Inc.) C:\WINDOWS\system32\Drivers\ati2mtag.sys.bak
2014-01-03 16:14 - 2014-01-03 16:10 - 00385536 _____ (Broadcom Corporation) C:\WINDOWS\system32\Drivers\bxvbdx.sys.bak
2014-01-03 16:14 - 2014-01-03 16:10 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys.bak
2014-01-03 16:14 - 2014-01-03 16:10 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys.bak
2014-01-03 16:14 - 2014-01-03 16:10 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys.bak
2014-01-03 16:14 - 2014-01-03 16:10 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atmarpc.sys.bak
2014-01-03 16:14 - 2014-01-03 16:10 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\classpnp.sys.bak
2014-01-03 16:14 - 2014-01-03 16:10 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys.bak
2014-01-03 16:14 - 2014-01-03 16:10 - 00050176 _____ (Broadcom Corporation) C:\WINDOWS\system32\Drivers\bxnd52x.sys.bak
2014-01-03 16:14 - 2014-01-03 16:10 - 00035888 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\Drivers\cpqcidrv.sys.bak
2014-01-03 16:14 - 2014-01-03 16:10 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\asyncmac.sys.bak
2014-01-03 16:14 - 2014-01-03 16:10 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\battc.sys.bak
2014-01-03 16:14 - 2014-01-03 16:10 - 00010624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\compbatt.sys.bak
2014-01-03 16:14 - 2014-01-03 16:10 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys.bak
2014-01-03 16:14 - 2014-01-03 16:10 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\audstub.sys.bak
2014-01-03 11:40 - 2008-04-03 10:50 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2014-01-03 11:36 - 2014-01-03 11:33 - 05347820 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SEP_INST.LOG
2014-01-03 11:35 - 2014-01-03 11:35 - 00000586 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\srtUnin.log
2014-01-03 11:35 - 2014-01-03 11:34 - 00136496 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2014-01-03 11:35 - 2014-01-03 11:34 - 00060808 _____ (Symantec Corporation) C:\WINDOWS\system32\S32EVNT1.DLL
2014-01-03 11:35 - 2014-01-03 11:34 - 00018748 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SYMEVENT.LOG
2014-01-03 11:35 - 2014-01-03 11:34 - 00010652 _____ C:\WINDOWS\system32\Drivers\SYMEVENT.CAT
2014-01-03 11:35 - 2008-04-03 10:50 - 00000000 ____D C:\Program Files\Symantec
2014-01-03 11:31 - 2014-01-03 11:31 - 00000000 __SHD C:\Documents and Settings\Administrator.DOMAIN\PrivacIE
2014-01-03 11:29 - 2014-01-03 11:29 - 00000097 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\sesm.xml
2014-01-03 11:28 - 2014-01-03 11:28 - 00000276 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\MSIfcc4f.LOG
2014-01-03 11:25 - 2014-01-03 11:25 - 00376832 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\~DFB56D.tmp
2014-01-03 11:00 - 2014-01-03 11:00 - 00001694 _____ C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\SQL5B.mft
2014-01-03 07:40 - 2014-01-03 07:39 - 00000000 ____D C:\Program Files\Mozilla Firefox
2014-01-03 07:27 - 2013-12-16 06:55 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1813487859
2014-01-03 07:27 - 2013-12-16 06:50 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1813187828
2014-01-03 07:27 - 2013-12-16 06:45 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1812887781
2014-01-03 07:27 - 2013-12-16 06:40 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1812587750
2014-01-03 07:27 - 2013-12-16 06:35 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1812287718
2014-01-03 07:27 - 2013-12-16 06:30 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1811987687
2014-01-03 07:27 - 2013-12-16 06:25 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1811687656
2014-01-03 07:27 - 2013-12-16 06:20 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1811387625
2014-01-03 07:27 - 2013-12-16 06:15 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1811087593
2014-01-03 07:27 - 2013-12-16 06:10 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1810787562
2014-01-03 07:27 - 2013-12-16 06:05 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1810487531
2014-01-03 07:27 - 2013-12-16 06:00 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1810187500
2014-01-03 07:27 - 2013-12-16 05:55 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1809885781
2014-01-03 07:27 - 2013-12-16 05:50 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1809585750
2014-01-03 07:27 - 2013-12-16 05:45 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\1809285718
2014-01-03 07:27 - 2013-07-09 10:04 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\is-VE1IA.tmp
2014-01-03 07:27 - 2013-07-09 10:04 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\is-AD5T3.tmp
2014-01-03 07:27 - 2011-11-09 06:36 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1685103292
2014-01-03 07:27 - 2011-08-03 01:53 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1579094263
2014-01-03 07:27 - 2011-08-03 01:48 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1579394309
2014-01-03 07:27 - 2011-08-03 01:43 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1579694356
2014-01-03 07:27 - 2011-08-03 00:58 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1582395184
2014-01-03 07:27 - 2011-08-03 00:53 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1582695231
2014-01-03 07:27 - 2011-08-03 00:48 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1582995278
2014-01-03 07:27 - 2011-02-09 05:15 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\493272000
2014-01-03 07:27 - 2011-02-09 05:10 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\492971984
2014-01-03 07:27 - 2011-02-09 05:05 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\492671968
2014-01-03 07:27 - 2011-02-09 05:00 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\492371937
2014-01-03 07:27 - 2011-02-09 04:55 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\492071921
2014-01-03 07:27 - 2011-02-09 04:50 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\491771906
2014-01-03 07:27 - 2011-02-09 04:45 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\491471890
2014-01-03 07:27 - 2011-02-09 04:40 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\491171875
2014-01-03 07:27 - 2010-11-16 07:01 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-321698905
2014-01-03 07:27 - 2010-11-16 06:56 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-321999046
2014-01-03 07:27 - 2010-11-16 06:51 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-322299077
2014-01-03 07:27 - 2010-11-16 06:45 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-322600796
2014-01-03 07:27 - 2010-11-01 14:50 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1589475358
2014-01-03 07:27 - 2010-11-01 14:45 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1589775389
2014-01-03 07:27 - 2010-11-01 14:40 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1590075421
2014-01-03 07:27 - 2010-11-01 14:35 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\-1590375452
2014-01-03 07:27 - 2010-08-11 06:29 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\WERc152.dir00
2014-01-03 07:27 - 2010-08-11 06:13 - 00000000 ____D C:\Documents and Settings\Administrator.DOMAIN\Local Settings\Temp\WERb158.dir00
2014-01-02 08:22 - 2014-01-02 08:18 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2014-01-02 08:19 - 2014-01-02 08:19 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-12-29 03:00 - 2013-12-29 03:00 - 00008365 _____ C:\WINDOWS\KB2510531-IE8.log
2013-12-27 16:24 - 2008-04-03 10:50 - 00000803 _____ C:\Documents and Settings\Administrator.DOMAIN\Start Menu\Programs\Internet Explorer.lnk
2013-12-27 16:24 - 2008-04-02 12:09 - 00316640 ____C C:\WINDOWS\WMSysPr9.prx
2013-12-27 16:23 - 2013-12-27 16:23 - 00000000 __SHD C:\Documents and Settings\Administrator.DOMAIN\IETldCache
2013-12-27 16:22 - 2008-04-02 12:06 - 00003122 ____C C:\WINDOWS\DtcInstall.log
2013-12-27 16:19 - 2009-01-09 16:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB949014$
2013-12-27 16:19 - 2008-04-02 04:40 - 00099848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-27 16:19 - 2008-04-02 04:32 - 00000000 ____D C:\WINDOWS\Media
2013-12-27 15:57 - 2013-12-27 15:56 - 00085072 _____ C:\WINDOWS\KB2834886.log
2013-12-27 15:56 - 2013-12-27 15:56 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-12-27 15:53 - 2013-12-27 15:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-12-27 15:53 - 2013-12-27 11:54 - 00092793 _____ C:\WINDOWS\KB2847311.log
2013-12-27 15:52 - 2013-12-27 15:52 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-12-27 15:46 - 2013-12-27 15:46 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-12-27 15:46 - 2013-12-27 11:54 - 00092858 _____ C:\WINDOWS\KB2868626.log
2013-12-27 15:45 - 2013-12-27 15:45 - 00083601 _____ C:\WINDOWS\KB2900986.log
2013-12-27 15:45 - 2013-12-27 15:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-12-27 15:45 - 2013-12-27 15:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2770660$
2013-12-27 15:45 - 2013-12-27 11:53 - 00094076 _____ C:\WINDOWS\KB2820917.log
2013-12-27 15:44 - 2013-12-27 15:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2820917$
2013-12-27 15:44 - 2013-12-27 11:53 - 00171193 _____ C:\WINDOWS\KB2898785-IE7.log
2013-12-27 15:44 - 2008-04-03 16:57 - 00000000 ____D C:\WINDOWS\ie7updates
2013-12-27 15:43 - 2013-12-27 15:43 - 00086506 _____ C:\WINDOWS\KB2698365.log
2013-12-27 15:43 - 2013-12-27 15:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2698365$
2013-12-27 15:42 - 2013-12-27 15:42 - 00001105 _____ C:\WINDOWS\KB2779562.log
2013-12-27 15:42 - 2013-12-27 15:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2772930$
2013-12-27 15:42 - 2008-04-03 10:42 - 00380792 ____C C:\WINDOWS\system32\TZLog.log
2013-12-27 15:37 - 2013-12-27 15:37 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892076$
2013-12-27 15:37 - 2013-12-27 15:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2712808$
2013-12-27 15:37 - 2013-12-27 11:53 - 00092355 _____ C:\WINDOWS\KB2712808.log
2013-12-27 15:37 - 2013-12-27 11:53 - 00090632 _____ C:\WINDOWS\KB2892076.log
2013-12-27 15:36 - 2013-12-27 15:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-12-27 15:36 - 2013-12-27 11:53 - 00091841 _____ C:\WINDOWS\KB2727528.log
2013-12-27 15:36 - 2013-12-27 11:53 - 00089518 _____ C:\WINDOWS\KB2845187.log
2013-12-27 15:35 - 2013-12-27 15:35 - 00556862 _____ C:\WINDOWS\msxml6-KB2758696-enu-x86.LOG
2013-12-27 15:35 - 2013-12-27 15:35 - 00085261 _____ C:\WINDOWS\KB2748349.log
2013-12-27 15:35 - 2013-12-27 15:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2748349$
2013-12-27 15:35 - 2013-12-27 15:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2727528$
2013-12-27 15:32 - 2013-12-27 15:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2749655$
2013-12-27 15:32 - 2013-12-27 11:53 - 00092211 _____ C:\WINDOWS\KB2749655.log
2013-12-27 15:31 - 2013-12-27 15:30 - 00082140 _____ C:\WINDOWS\KB2868038.log
2013-12-27 15:30 - 2013-12-27 15:30 - 00084474 _____ C:\WINDOWS\KB2685939.log
2013-12-27 15:30 - 2013-12-27 15:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-12-27 15:30 - 2013-12-27 15:30 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2685939$
2013-12-27 15:30 - 2013-12-27 11:53 - 00089064 _____ C:\WINDOWS\KB2803821-v2.log
2013-12-27 15:29 - 2013-12-27 15:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2803821-v2$
2013-12-27 15:29 - 2013-12-27 15:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2691442$
2013-12-27 15:29 - 2013-12-27 11:52 - 00091672 _____ C:\WINDOWS\KB2691442.log
2013-12-27 15:28 - 2013-12-27 15:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-12-27 15:28 - 2013-12-27 11:52 - 00091439 _____ C:\WINDOWS\KB2705219-v2.log
2013-12-27 15:28 - 2013-12-27 11:52 - 00088080 _____ C:\WINDOWS\KB2850869.log
2013-12-27 15:27 - 2013-12-27 15:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-27 15:27 - 2013-12-27 15:27 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2705219-v2$
2013-12-27 15:27 - 2013-12-27 15:26 - 00080809 _____ C:\WINDOWS\KB2862335.log
2013-12-27 15:27 - 2013-12-27 11:52 - 00087597 _____ C:\WINDOWS\KB2893294.log
2013-12-27 15:26 - 2013-12-27 15:26 - 00083330 _____ C:\WINDOWS\KB2807986.log
2013-12-27 15:26 - 2013-12-27 15:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-12-27 15:26 - 2013-12-27 15:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2807986$
2013-12-27 15:22 - 2013-12-27 15:21 - 00088738 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-27 15:22 - 2010-03-04 07:59 - 00075923 ____C C:\WINDOWS\ie8_main.log
2013-12-27 15:21 - 2013-12-27 15:20 - 00090003 _____ C:\WINDOWS\KB2862772-IE8.log
2013-12-27 15:20 - 2013-12-27 15:19 - 00093671 _____ C:\WINDOWS\KB2744842-IE8.log
2013-12-27 15:19 - 2013-12-27 15:18 - 00097310 _____ C:\WINDOWS\KB2618444-IE8.log
2013-12-27 15:18 - 2013-12-27 15:18 - 00087471 _____ C:\WINDOWS\KB2467659.log
2013-12-27 15:18 - 2013-12-27 15:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2467659$
2013-12-27 15:18 - 2013-12-27 15:17 - 00110337 _____ C:\WINDOWS\KB982381-IE8.log
2013-12-27 15:17 - 2013-12-27 15:16 - 00101093 _____ C:\WINDOWS\KB982632-IE8.log
2013-12-27 15:16 - 2013-12-27 15:13 - 00099011 _____ C:\WINDOWS\ie8.log
2013-12-27 15:16 - 2013-12-27 15:13 - 00000000 __HDC C:\WINDOWS\ie8
2013-12-27 14:05 - 2013-12-27 11:51 - 00025055 _____ C:\WINDOWS\KB2758857.log
2013-12-27 14:04 - 2013-12-27 14:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-27 14:04 - 2013-12-27 14:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2758857$
2013-12-27 14:04 - 2013-12-27 11:51 - 00022194 _____ C:\WINDOWS\KB2893984.log
2013-12-27 14:04 - 2013-12-27 11:51 - 00021710 _____ C:\WINDOWS\KB2876217.log
2013-12-27 14:03 - 2013-12-27 14:03 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-12-27 13:56 - 2013-12-27 13:52 - 00018509 _____ C:\WINDOWS\KB2742604.log
2013-12-27 13:53 - 2013-12-27 13:53 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2742604$
2013-12-27 13:46 - 2013-12-27 11:50 - 00023869 _____ C:\WINDOWS\KB2655992.log
2013-12-27 13:45 - 2013-12-27 13:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2655992$
2013-12-27 13:45 - 2013-12-27 11:50 - 00023130 _____ C:\WINDOWS\KB2859537.log
2013-12-27 13:44 - 2013-12-27 13:44 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-12-27 13:43 - 2013-12-27 13:42 - 00011209 _____ C:\WINDOWS\KB2864058.log
2013-12-27 13:42 - 2013-12-27 13:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864058$
2013-12-27 13:42 - 2013-12-27 11:49 - 00017934 _____ C:\WINDOWS\KB2898715.log
2013-12-27 13:41 - 2013-12-27 13:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-27 13:40 - 2013-12-27 11:49 - 00016929 _____ C:\WINDOWS\KB2862152.log
2013-12-27 13:39 - 2013-12-27 13:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-12-27 13:38 - 2013-12-27 13:34 - 00013724 _____ C:\WINDOWS\KB2833949.log
2013-12-27 13:36 - 2013-12-27 13:36 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2833949$
2013-12-27 13:34 - 2013-12-27 11:49 - 00016314 _____ C:\WINDOWS\KB2864063.log
2013-12-27 13:33 - 2013-12-27 13:33 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-12-27 13:29 - 2013-12-27 11:49 - 00015916 _____ C:\WINDOWS\KB2876331.log
2013-12-27 13:28 - 2013-12-27 13:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-12-27 13:09 - 2010-10-29 15:34 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-12-27 13:02 - 2013-12-27 13:01 - 00008363 _____ C:\WINDOWS\KB2904266.log
2013-12-27 13:01 - 2013-12-27 13:01 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-27 13:00 - 2013-12-27 11:48 - 00017683 _____ C:\WINDOWS\KB2719985.log
2013-12-27 12:59 - 2013-12-27 12:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2719985$
2013-12-27 12:43 - 2013-12-27 11:47 - 00016772 _____ C:\WINDOWS\KB2780091.log
2013-12-27 12:41 - 2013-12-27 12:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2780091$
2013-12-27 11:24 - 2008-04-02 15:01 - 00580379 ____C C:\WINDOWS\svcpack.log
2013-12-27 11:18 - 2008-04-02 12:04 - 00000546 ____C C:\WINDOWS\cmsetacl.log
2013-12-27 11:17 - 2008-04-02 15:08 - 00000000 ____D C:\Program Files\cmak
2013-12-27 11:17 - 2008-04-02 15:02 - 24485888 ____C C:\WINDOWS\system32\config\software.sp
2013-12-27 11:17 - 2008-04-02 12:05 - 00000000 ____D C:\WINDOWS\Cluster
2013-12-27 11:16 - 2008-04-02 15:02 - 05009408 ____C C:\WINDOWS\system32\config\system.sp
2013-12-27 11:16 - 2008-04-02 15:02 - 00000000 ____D C:\WINDOWS\PolicyBackup

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2008-04-02 15:05] - [2007-02-17 02:58] - 1053184 ____A (Microsoft Corporation) A26C39540F8BE3729846E360E2C57344

C:\Windows\System32\winlogon.exe
[2008-04-02 15:05] - [2007-02-17 04:09] - 0528384 ____A (Microsoft Corporation) B4AA8AE0F18E5DFCF99A671A181D3EDC

C:\Windows\System32\svchost.exe
[2008-04-02 15:05] - [2007-02-17 04:04] - 0014848 ____A (Microsoft Corporation) C09CCFE81DEC9B162533D7184D705682

C:\Windows\System32\services.exe
[2008-04-02 04:28] - [2009-02-03 05:07] - 0113152 ____A (Microsoft Corporation) CF500580CDD83B145646A4DCFCE1CF3C

C:\Windows\System32\User32.dll
[2008-04-03 09:53] - [2007-03-02 00:38] - 0583680 ____A (Microsoft Corporation) 1959150096B010BA953A78B0D6B0B4E4

C:\Windows\System32\userinit.exe
[2008-04-02 04:29] - [2007-02-17 04:07] - 0026112 ____A (Microsoft Corporation) B5FEB3B971A8B8C81CE9DE65031A87E5

C:\Windows\System32\rpcss.dll
[2009-04-16 22:35] - [2009-02-09 05:02] - 0486912 ____A (Microsoft Corporation) 305A8757D66B5D416B47C497C27A01FE

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2008-04-02 04:29] - [2012-08-21 06:56] - 0153600 ____A (Microsoft Corporation) 701D86EC9D221F68C8528CC47D3958E6

C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== End Of Log ============================

Link to post
Share on other sites

and here is the ADDITION.txt

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-01-2014
Ran by administrator at 2014-01-21 15:01:35
Running from C:\Documents and Settings\Administrator.DOMAIN\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 3.1.1 - Hewlett-Packard) Hidden
ASDM on 192.168.96.254 (HKCU Version:  - Cisco Systems, Inc.)
ATI Display Driver (Version: 8.24.3-060405a-042344C-HP - )
Cisco ASDM Launcher (Version: 1.5.24 - Cisco Systems, Inc.)
HiJackThis (Version: 1.0.0 - Trend Micro)
HP LTT Service (Version: 1.1.0.13 - Hewlett-Packard)
HP LTT Service (Version: 1.1.0.13 - Hewlett-Packard) Hidden
HP StorageWorks Library and Tape Tools (Version: 4.11.0.0 - Hewlett-Packard)
HP StorageWorks Library and Tape Tools (Version: 4.11.0.0 - Hewlett-Packard) Hidden
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LiveUpdate (Symantec Corporation) (Version: 3.4.1.234 - Symantec Corporation)
LiveUpdate (Symantec Corporation) (Version: 3.4.1.234 - Symantec Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 11.0.5228.1 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 11.0.5614.0 - Microsoft Corporation) Hidden
Microsoft Baseline Security Analyzer 2.1 (Version: 2.1.2111 - Microsoft Corporation)
Microsoft Exchange (Version:  - Microsoft Corporation)
Microsoft Group Policy Management Console with SP1 (Version: 1.0.2.0 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 (Version:  - Microsoft Corporation) Hidden
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Report Viewer Redistributable 2005 (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (Version: 8.0.56405 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 (Version:  - Microsoft Corporation)
Microsoft SQL Server 2005 Express Edition (BKUPEXEC) (Version: 9.2.3042.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00 - Microsoft Corporation) Hidden
Microsoft SQL Server Native Client (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB2758696) (Version: 6.20.2016.0 - Microsoft Corporation)
PerfectDisk 2008 Server (Version: 9.0.76 - Raxco Software Inc.)
Printer DCA (Version: 4.0.2.12437 - Printer DCA)
Printer DCA (Version: 4.0.3.14248 - Printer DCA)
SHARP MX-B,M283/M363/M453/M503 Series PCL/PS Printer Driver (Version: 1.00.000 - SHARP)
Spybot - Search & Destroy (Version: 2.2.25 - Safer-Networking Ltd.)
Symantec Backup Exec 12 for Windows Servers (Version: 12.0.1364 - Symantec Corporation)
Symantec Backup Exec for Windows Servers (Hotfix 141388) (Version:  - Symantec Corporation)
Symantec Backup Exec for Windows Servers (Hotfix 155482) (Version:  - Symantec Corporation)
Symantec Backup Exec for Windows Servers (Hotfix 17) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 300287) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 300289) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 300290) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 300699) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 302418) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 302980) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 302982) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 303865) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 304179) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 304389) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 304392) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 304586) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 304662) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 304922) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 304964) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 306240) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 306945) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 306950) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 307617) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 307711) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 308870) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 309178) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 311546) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 311551) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 311937) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 314323) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 314497) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 315656) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 315724) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Hotfix 358179) (Version:  - Symantec Corporation)
Symantec Backup Exec for Windows Servers (Service Pack 1) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Service Pack 2) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Service Pack 3) (Version:  - Symantec Corporation) Hidden
Symantec Backup Exec for Windows Servers (Service Pack 5) (Version:  - Symantec Corporation)
Symantec Backup Exec for Windows Servers (Version: 12.0.1364 - Symantec Corporation) Hidden
Symantec Backup Exec License Assessment Tool (Version: 2.0.0 - Symantec Corporation) Hidden
Symantec Endpoint Protection (Version: 11.0.1000.1375 - Symantec Corporation)
Symantec Endpoint Protection Manager (Version: 11.0.1006.103 - Symantec Corporation)
Update for Exchange Server 2003 (KB926666) (Version: 2 - Microsoft Corporation)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB2748349) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB925876) (Version: 2 - Microsoft Corporation)
Update for Windows Server 2003 (KB927891) (Version: 5 - Microsoft Corporation)
Update for Windows Server 2003 (KB936357) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB942763) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB942840) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows Server 2003 (KB943729) (Version:  - Microsoft Corporation)
Update for Windows Server 2003 (KB948496) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB955839) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB973815) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB973825) (Version: 1 - Microsoft Corporation)
Update for Windows Server 2003 (KB973917-v2) (Version: 2 - Microsoft Corporation)
Windows Imaging (Version: 1.0.0.0 - Microsoft Corporation)
Windows Imaging Component (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 7 (Version: 20070813.185237 - Microsoft Corporation) Hidden
Windows Internet Explorer 8 (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (Version:  - Microsoft Corporation)
Windows Search 4.0 (Version: 04.00.6001.503 - Microsoft Corporation)
Windows Server 2003 Service Pack 1 Administration Tools Pack (Version: 5.2.3790.1830 - Microsoft Corporation)
Windows Server 2003 Service Pack 2 (Version: 20070217.021455 - Microsoft Corporation)
Windows Support Tools (Version: 5.2.3790.3959 - Microsoft Corporation)
WinRAR archiver (Version:  - )

==================== Restore Points  =========================

Could not list Restore Points. Check WMI.


==================== Hosts content: ==========================

2008-04-02 04:26 - 2014-01-03 16:12 - 00000741 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1    localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\WINDOWS\Tasks\ShadowCopyVolume{d628b6fb-00f1-11dd-88ee-001cc4ef78fc}.job => C:\WINDOWS\system32\vssadmin.exe

==================== Loaded Modules (whitelisted) =============

2013-03-28 18:49 - 2013-03-28 18:49 - 00774229 ____N () C:\Program Files\Hewlett-Packard\HP LTT Service\perl58.dll
2010-08-18 19:00 - 2010-08-18 19:00 - 00044032 _____ () C:\Program Files\Printer DCA\PrintFleet.Common.SevenZip.dll
2014-01-02 08:18 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-02 08:18 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-02 08:18 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-02 08:18 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-02 08:18 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2006-06-06 11:08 - 2006-06-06 11:08 - 00393216 ____R () C:\Program Files\Symantec\Symantec Endpoint Protection Manager\tomcat\bin\jslic.dll
2009-11-20 14:05 - 2010-06-03 14:21 - 00192512 _____ () C:\WINDOWS\system32\SPAAAL.DLL
2008-04-02 04:29 - 2006-03-22 06:00 - 00016896 _____ () C:\WINDOWS\system32\tsd32.dll
2010-04-30 17:25 - 2010-03-15 10:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2014 08:54:25 AM) (Source: LicenseService) (User: )
Description: The product Windows Server is out of licenses.  Use Licensing from the Administrative Tools folder for more information on which users are out of compliance and how many licenses should be purchased.

Error: (01/21/2014 03:02:07 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft SQL Server 2005 Express Edition -- Error 29528. The setup has encountered an unexpected error while Setting Internal Properties. The error is: Fatal error during installation.

Error: (01/21/2014 02:39:24 AM) (Source: LicenseService) (User: )
Description: The product Windows Server is out of licenses.  Use Licensing from the Administrative Tools folder for more information on which users are out of compliance and how many licenses should be purchased.

Error: (01/20/2014 08:24:24 PM) (Source: LicenseService) (User: )
Description: The product Windows Server is out of licenses.  Use Licensing from the Administrative Tools folder for more information on which users are out of compliance and how many licenses should be purchased.

Error: (01/20/2014 02:09:23 PM) (Source: LicenseService) (User: )
Description: The product Windows Server is out of licenses.  Use Licensing from the Administrative Tools folder for more information on which users are out of compliance and how many licenses should be purchased.

Error: (01/20/2014 08:58:35 AM) (Source: Symantec AntiVirus) (User: )
Description: TruScan has generated an error: code 14: description: CAL Failure

Error: (01/20/2014 08:05:25 AM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context:  Application, SystemIndex Catalog

Error: (01/20/2014 07:59:04 AM) (Source: Application Error) (User: )
Description: Faulting application SmcGui.exe, version 11.0.1000.1091, faulting module ntdll.dll, version 5.2.3790.4937, fault address 0x0004ea0d.
Processing media-specific event for [smcGui.exe!ws!]

Error: (01/20/2014 07:57:53 AM) (Source: Application Error) (User: )
Description: Faulting application GFValidate.exe, version 11.0.1006.106, faulting module msvcr80.dll, version 8.0.50727.3053, fault address 0x000046b4.
Processing media-specific event for [GFValidate.exe!ws!]

Error: (01/20/2014 07:55:59 AM) (Source: Backup Exec) (User: )
Description: An error occurred while processing a B2D command.
 Changer: MoveMedium() Attempt to Lock Slot Failed (a:\VERITAS\B2D\Folder.lck).  Error=3



For more information, click the following link:
http://eventlookup.veritas.com/eventlookup/EventLookup.jhtml


System errors:
=============
Error: (01/21/2014 00:26:32 PM) (Source: TermServDevices) (User: )
Description: Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

Error: (01/21/2014 11:34:05 AM) (Source: TermServDevices) (User: )
Description: Driver Amyuni Document Converter 400 required for printer TS PDF Generator is unknown. Contact the administrator to install the driver before you log in again.

Error: (01/21/2014 11:34:05 AM) (Source: TermServDevices) (User: )
Description: Driver SHARP MX-B401 PS required for printer SHARP MX-B401 PS is unknown. Contact the administrator to install the driver before you log in again.

Error: (01/21/2014 11:34:04 AM) (Source: TermServDevices) (User: )
Description: Driver SHARP MX-4101N PCL6 required for printer SHARP MX-4101N PCL6 is unknown. Contact the administrator to install the driver before you log in again.

Error: (01/21/2014 11:34:04 AM) (Source: TermServDevices) (User: )
Description: Driver Microsoft Shared Fax Driver required for printer Fax is unknown. Contact the administrator to install the driver before you log in again.

Error: (01/21/2014 11:34:04 AM) (Source: TermServDevices) (User: )
Description: Driver SHARP MX-B401 PCL6 required for printer SHARP MX-B401 PCL6 is unknown. Contact the administrator to install the driver before you log in again.

Error: (01/21/2014 11:34:04 AM) (Source: TermServDevices) (User: )
Description: Driver Send To Microsoft OneNote 2010 Driver required for printer Send To OneNote 2010 is unknown. Contact the administrator to install the driver before you log in again.

Error: (01/21/2014 11:34:03 AM) (Source: TermServDevices) (User: )
Description: Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

Error: (01/21/2014 03:02:57 AM) (Source: Windows Update Agent) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332).

Error: (01/20/2014 07:56:23 AM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (01/21/2014 08:54:25 AM) (Source: LicenseService)(User: )
Description: Windows Server

Error: (01/21/2014 03:02:07 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft SQL Server 2005 Express Edition -- Error 29528. The setup has encountered an unexpected error while Setting Internal Properties. The error is: Fatal error during installation.
(NULL)(NULL)(NULL)

Error: (01/21/2014 02:39:24 AM) (Source: LicenseService)(User: )
Description: Windows Server

Error: (01/20/2014 08:24:24 PM) (Source: LicenseService)(User: )
Description: Windows Server

Error: (01/20/2014 02:09:23 PM) (Source: LicenseService)(User: )
Description: Windows Server

Error: (01/20/2014 08:58:35 AM) (Source: Symantec AntiVirus)(User: )
Description: TruScan has generated an error: code 14: description: CAL Failure

Error: (01/20/2014 08:05:25 AM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog

Error: (01/20/2014 07:59:04 AM) (Source: Application Error)(User: )
Description: SmcGui.exe11.0.1000.1091ntdll.dll5.2.3790.49370004ea0d

Error: (01/20/2014 07:57:53 AM) (Source: Application Error)(User: )
Description: GFValidate.exe11.0.1006.106msvcr80.dll8.0.50727.3053000046b4

Error: (01/20/2014 07:55:59 AM) (Source: Backup Exec)(User: )
Description: Changer: MoveMedium() Attempt to Lock Slot Failed (a:\VERITAS\B2D\Folder.lck).  Error=3


==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 3069.86 MB
Available physical RAM: 1467.18 MB
Total Pagefile: 4965.96 MB
Available Pagefile: 3318.11 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.07 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:68.33 GB) (Free:4.81 GB) NTFS
Drive e: (DATA) (Fixed) (Total:273.4 GB) (Free:53.54 GB) NTFS
Drive f: (DATA) (Network) (Total:273.4 GB) (Free:53.54 GB) NTFS
Drive i: (PHOTOS) (Fixed) (Total:931.51 GB) (Free:738.15 GB) NTFS
Drive o: (DATA) (Network) (Total:273.4 GB) (Free:53.54 GB) NTFS
Drive p: (DATA) (Network) (Total:273.4 GB) (Free:53.54 GB) NTFS
Drive q: (DATA) (Network) (Total:273.4 GB) (Free:53.54 GB) NTFS
Drive s: (DATA) (Network) (Total:273.4 GB) (Free:53.54 GB) NTFS
Drive t: (DATA) (Network) (Total:273.4 GB) (Free:53.54 GB) NTFS
Drive x: () (Network) (Total:136.44 GB) (Free:68.6 GB) NTFS
Drive y: () (Network) (Total:136.44 GB) (Free:68.6 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 68 GB) (Disk ID: 94249424)
Partition 1: (Active) - (Size=68 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 273 GB) (Disk ID: 278DB745)
Partition 1: (Not Active) - (Size=273 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: D8621C63)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Link to post
Share on other sites

  • Staff

Hello mikecab

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

ADWCLEANER text

 

# AdwCleaner v3.017 - Report created 22/01/2014 at 07:31:31
# Updated 12/01/2014 by Xplode
# Operating System : Microsoft Windows Server 2003 R2 Service Pack 2 (32 bits)
# Username : administrator - MLDCN01
# Running from : C:\Documents and Settings\Administrator.DOMAIN\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\Software\Description
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Administrator.DOMAIN\Application Data\Mozilla\Firefox\Profiles\9g63unzy.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [5840 octets] - [08/01/2014 11:27:23]
AdwCleaner[R1].txt - [1277 octets] - [08/01/2014 12:08:09]
AdwCleaner[R2].txt - [1400 octets] - [22/01/2014 07:30:19]
AdwCleaner[s0].txt - [6064 octets] - [08/01/2014 11:35:42]
AdwCleaner[s1].txt - [1344 octets] - [08/01/2014 15:32:16]
AdwCleaner[s2].txt - [1327 octets] - [22/01/2014 07:31:31]

########## EOF - P:\AdwCleaner\AdwCleaner[s2].txt - [1387 octets] ##########
 

Link to post
Share on other sites

The JRT Log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Microsoft Windows Server 2003 R2 x86
Ran by administrator on Wed 01/22/2014 at  7:59:02.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/22/2014 at  8:02:49.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

okay now i will monitor the system a while and report what I encounter

 

thank you so much for your help

Link to post
Share on other sites

so far here is what is happening

 

the above mentioned scan was completed at 8:02am

 

the protection log shows the following

 

2014/01/22 08:07:07 -0600    MLDCN01    administrator    IP-BLOCK    61.156.242.138 (Type: incoming)
2014/01/22 08:07:11 -0600    MLDCN01    administrator    IP-BLOCK    61.156.242.138 (Type: incoming)
2014/01/22 08:07:16 -0600    MLDCN01    administrator    IP-BLOCK    61.156.242.138 (Type: incoming)
2014/01/22 08:08:29 -0600    MLDCN01    administrator    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/22 08:08:48 -0600    MLDCN01    administrator    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/22 08:08:52 -0600    MLDCN01    administrator    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/22 08:08:56 -0600    MLDCN01    administrator    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/22 08:09:00 -0600    MLDCN01    administrator    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/22 08:09:04 -0600    MLDCN01    administrator    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/22 08:09:08 -0600    MLDCN01    administrator    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/22 08:09:12 -0600    MLDCN01    administrator    IP-BLOCK    211.95.78.82 (Type: incoming)
 

 

where is the point of entry? is there a program or something these ip addresses are trying to go through? how can I find out?

Link to post
Share on other sites

  • Staff

Hello mikecab

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

  • Staff

Hello mikecab

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit

2.Unzip the contents to a folder in a convenient location.

3.Open the folder where the contents were unzipped and run mbar.exe

4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6.Wait while the system shuts down and the cleanup process is performed.

7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

  • •Internet access

    •Windows Update

    •Windows Firewall

9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

10.Verify that your system is now functioning normally.

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+
send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo

When you are complete please send me both reports

Gringo

Link to post
Share on other sites

After running the Malware Anti RootKit I got the following :

 

"Scan Finished, No Malware Found!"

 

Then i ran RogueKiller

 

I hit CLEAN then REPORT and got the following

 

RogueKiller V8.8.2 [Jan 17 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP 64 / Windows Home Server / Windows Server 2003 (5.2.3790 Service Pack 2) 32 bits version
Started in : Normal mode
User : administrator [Admin rights]
Mode : Remove -- Date : 01/23/2014 08:55:10
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x809A87BA -> HOOKED (Unknown @ 0x89628370)
[Address] SSDT[14] : NtAlertThread @ 0x8091F1EF -> HOOKED (Unknown @ 0x89628430)
[Address] SSDT[18] : NtAllocateVirtualMemory @ 0x8084642E -> HOOKED (Unknown @ 0x897511C8)
[Address] SSDT[45] : NtCreateMutant @ 0x8091998E -> HOOKED (Unknown @ 0x8989D398)
[Address] SSDT[55] : NtCreateThread @ 0x8093DAFF -> HOOKED (Unknown @ 0x893FD918)
[Address] SSDT[87] : NtFreeVirtualMemory @ 0x80850CAC -> HOOKED (Unknown @ 0x88AE51E8)
[Address] SSDT[93] : NtImpersonateAnonymousToken @ 0x8091AF57 -> HOOKED (Unknown @ 0x896281F0)
[Address] SSDT[95] : NtImpersonateThread @ 0x80927BB1 -> HOOKED (Unknown @ 0x896282B0)
[Address] SSDT[113] : NtMapViewOfSection @ 0x80937205 -> HOOKED (Unknown @ 0x88AFC160)
[Address] SSDT[120] : NtOpenEvent @ 0x80916340 -> HOOKED (Unknown @ 0x8989D2D8)
[Address] SSDT[128] : LdrShutdownThread @ 0x80926473 -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB96D1184)
[Address] SSDT[129] : NtOpenProcessToken @ 0x8093C609 -> HOOKED (Unknown @ 0x898A11E8)
[Address] SSDT[134] : NtOpenThread @ 0x80919E7A -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB96D12D0)
[Address] SSDT[135] : NtOpenThreadToken @ 0x80941260 -> HOOKED (Unknown @ 0x89CDDF30)
[Address] SSDT[214] : NtResumeThread @ 0x8093D8B8 -> HOOKED (Unknown @ 0x88B061F8)
[Address] SSDT[221] : NtSetContextThread @ 0x808C239C -> HOOKED (Unknown @ 0x88AC4108)
[Address] SSDT[237] : NtSetInformationProcess @ 0x8093E565 -> HOOKED (Unknown @ 0x89CDDFC0)
[Address] SSDT[238] : NtSetInformationThread @ 0x80940BB1 -> HOOKED (Unknown @ 0x89D55FC0)
[Address] SSDT[262] : NtSuspendProcess @ 0x809A86FF -> HOOKED (Unknown @ 0x8989D218)
[Address] SSDT[263] : NtSuspendThread @ 0x80906E25 -> HOOKED (Unknown @ 0x8973F2B0)
[Address] SSDT[266] : NtTerminateProcess @ 0x809100CA -> HOOKED (Unknown @ 0x89D12D68)
[Address] SSDT[267] : NtTerminateThread @ 0x80921686 -> HOOKED (Unknown @ 0x88AC4048)
[Address] SSDT[277] : NtUnmapViewOfSection @ 0x80937490 -> HOOKED (Unknown @ 0x898912D8)
[Address] SSDT[287] : NtWriteVirtualMemory @ 0x8093E49B -> HOOKED (Unknown @ 0x897431D8)
[inline] EAT @explorer.exe (pfnUnmarshallRoutines) : RPCRT4.dll -> HOOKED (Unknown @ 0x78466E87)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) HP LOGICAL VOLUME SCSI Disk Device +++++
--- User ---
[MBR] a8c4a3eeb4ec778f70d7320feccf1444
[bSP] 84c0f9575d9d12685717272325f18b93 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32 | Size: 69965 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) HP LOGICAL VOLUME SCSI Disk Device +++++
--- User ---
[MBR] b798812e0b2eb52d05c8184a8f196588
[bSP] b1200636645a6e4589aa7d6a50bbd75d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 279960 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_D_01232014_085510.txt >>
RKreport[0]_S_01232014_085347.txt



I did NOT see a report titles RKReport (2).txt on my desktop. However there was a RKreport[0]_D_01232014_085510.txt and a RKreport[0]_S_01232014_085347.txt

 

this is the one ending in 5510

 

RogueKiller V8.8.2 [Jan 17 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP 64 / Windows Home Server / Windows Server 2003 (5.2.3790 Service Pack 2) 32 bits version
Started in : Normal mode
User : administrator [Admin rights]
Mode : Remove -- Date : 01/23/2014 08:55:10
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x809A87BA -> HOOKED (Unknown @ 0x89628370)
[Address] SSDT[14] : NtAlertThread @ 0x8091F1EF -> HOOKED (Unknown @ 0x89628430)
[Address] SSDT[18] : NtAllocateVirtualMemory @ 0x8084642E -> HOOKED (Unknown @ 0x897511C8)
[Address] SSDT[45] : NtCreateMutant @ 0x8091998E -> HOOKED (Unknown @ 0x8989D398)
[Address] SSDT[55] : NtCreateThread @ 0x8093DAFF -> HOOKED (Unknown @ 0x893FD918)
[Address] SSDT[87] : NtFreeVirtualMemory @ 0x80850CAC -> HOOKED (Unknown @ 0x88AE51E8)
[Address] SSDT[93] : NtImpersonateAnonymousToken @ 0x8091AF57 -> HOOKED (Unknown @ 0x896281F0)
[Address] SSDT[95] : NtImpersonateThread @ 0x80927BB1 -> HOOKED (Unknown @ 0x896282B0)
[Address] SSDT[113] : NtMapViewOfSection @ 0x80937205 -> HOOKED (Unknown @ 0x88AFC160)
[Address] SSDT[120] : NtOpenEvent @ 0x80916340 -> HOOKED (Unknown @ 0x8989D2D8)
[Address] SSDT[128] : LdrShutdownThread @ 0x80926473 -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB96D1184)
[Address] SSDT[129] : NtOpenProcessToken @ 0x8093C609 -> HOOKED (Unknown @ 0x898A11E8)
[Address] SSDT[134] : NtOpenThread @ 0x80919E7A -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB96D12D0)
[Address] SSDT[135] : NtOpenThreadToken @ 0x80941260 -> HOOKED (Unknown @ 0x89CDDF30)
[Address] SSDT[214] : NtResumeThread @ 0x8093D8B8 -> HOOKED (Unknown @ 0x88B061F8)
[Address] SSDT[221] : NtSetContextThread @ 0x808C239C -> HOOKED (Unknown @ 0x88AC4108)
[Address] SSDT[237] : NtSetInformationProcess @ 0x8093E565 -> HOOKED (Unknown @ 0x89CDDFC0)
[Address] SSDT[238] : NtSetInformationThread @ 0x80940BB1 -> HOOKED (Unknown @ 0x89D55FC0)
[Address] SSDT[262] : NtSuspendProcess @ 0x809A86FF -> HOOKED (Unknown @ 0x8989D218)
[Address] SSDT[263] : NtSuspendThread @ 0x80906E25 -> HOOKED (Unknown @ 0x8973F2B0)
[Address] SSDT[266] : NtTerminateProcess @ 0x809100CA -> HOOKED (Unknown @ 0x89D12D68)
[Address] SSDT[267] : NtTerminateThread @ 0x80921686 -> HOOKED (Unknown @ 0x88AC4048)
[Address] SSDT[277] : NtUnmapViewOfSection @ 0x80937490 -> HOOKED (Unknown @ 0x898912D8)
[Address] SSDT[287] : NtWriteVirtualMemory @ 0x8093E49B -> HOOKED (Unknown @ 0x897431D8)
[inline] EAT @explorer.exe (pfnUnmarshallRoutines) : RPCRT4.dll -> HOOKED (Unknown @ 0x78466E87)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) HP LOGICAL VOLUME SCSI Disk Device +++++
--- User ---
[MBR] a8c4a3eeb4ec778f70d7320feccf1444
[bSP] 84c0f9575d9d12685717272325f18b93 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32 | Size: 69965 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) HP LOGICAL VOLUME SCSI Disk Device +++++
--- User ---
[MBR] b798812e0b2eb52d05c8184a8f196588
[bSP] b1200636645a6e4589aa7d6a50bbd75d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 279960 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_D_01232014_085510.txt >>
RKreport[0]_S_01232014_085347.txt



this is the one ending in 5347

 

RogueKiller V8.8.2 [Jan 17 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP 64 / Windows Home Server / Windows Server 2003 (5.2.3790 Service Pack 2) 32 bits version
Started in : Normal mode
User : administrator [Admin rights]
Mode : Scan -- Date : 01/23/2014 08:53:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] SSDT[13] : NtAlertResumeThread @ 0x809A87BA -> HOOKED (Unknown @ 0x89628370)
[Address] SSDT[14] : NtAlertThread @ 0x8091F1EF -> HOOKED (Unknown @ 0x89628430)
[Address] SSDT[18] : NtAllocateVirtualMemory @ 0x8084642E -> HOOKED (Unknown @ 0x897511C8)
[Address] SSDT[45] : NtCreateMutant @ 0x8091998E -> HOOKED (Unknown @ 0x8989D398)
[Address] SSDT[55] : NtCreateThread @ 0x8093DAFF -> HOOKED (Unknown @ 0x893FD918)
[Address] SSDT[87] : NtFreeVirtualMemory @ 0x80850CAC -> HOOKED (Unknown @ 0x88AE51E8)
[Address] SSDT[93] : NtImpersonateAnonymousToken @ 0x8091AF57 -> HOOKED (Unknown @ 0x896281F0)
[Address] SSDT[95] : NtImpersonateThread @ 0x80927BB1 -> HOOKED (Unknown @ 0x896282B0)
[Address] SSDT[113] : NtMapViewOfSection @ 0x80937205 -> HOOKED (Unknown @ 0x88AFC160)
[Address] SSDT[120] : NtOpenEvent @ 0x80916340 -> HOOKED (Unknown @ 0x8989D2D8)
[Address] SSDT[128] : LdrShutdownThread @ 0x80926473 -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB96D1184)
[Address] SSDT[129] : NtOpenProcessToken @ 0x8093C609 -> HOOKED (Unknown @ 0x898A11E8)
[Address] SSDT[134] : NtOpenThread @ 0x80919E7A -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xB96D12D0)
[Address] SSDT[135] : NtOpenThreadToken @ 0x80941260 -> HOOKED (Unknown @ 0x89CDDF30)
[Address] SSDT[214] : NtResumeThread @ 0x8093D8B8 -> HOOKED (Unknown @ 0x88B061F8)
[Address] SSDT[221] : NtSetContextThread @ 0x808C239C -> HOOKED (Unknown @ 0x88AC4108)
[Address] SSDT[237] : NtSetInformationProcess @ 0x8093E565 -> HOOKED (Unknown @ 0x89CDDFC0)
[Address] SSDT[238] : NtSetInformationThread @ 0x80940BB1 -> HOOKED (Unknown @ 0x89D55FC0)
[Address] SSDT[262] : NtSuspendProcess @ 0x809A86FF -> HOOKED (Unknown @ 0x8989D218)
[Address] SSDT[263] : NtSuspendThread @ 0x80906E25 -> HOOKED (Unknown @ 0x8973F2B0)
[Address] SSDT[266] : NtTerminateProcess @ 0x809100CA -> HOOKED (Unknown @ 0x89D12D68)
[Address] SSDT[267] : NtTerminateThread @ 0x80921686 -> HOOKED (Unknown @ 0x88AC4048)
[Address] SSDT[277] : NtUnmapViewOfSection @ 0x80937490 -> HOOKED (Unknown @ 0x898912D8)
[Address] SSDT[287] : NtWriteVirtualMemory @ 0x8093E49B -> HOOKED (Unknown @ 0x897431D8)
[inline] EAT @explorer.exe (pfnUnmarshallRoutines) : RPCRT4.dll -> HOOKED (Unknown @ 0x78466E87)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1    localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) HP LOGICAL VOLUME SCSI Disk Device +++++
--- User ---
[MBR] a8c4a3eeb4ec778f70d7320feccf1444
[bSP] 84c0f9575d9d12685717272325f18b93 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32 | Size: 69965 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ SCSI) HP LOGICAL VOLUME SCSI Disk Device +++++
--- User ---
[MBR] b798812e0b2eb52d05c8184a8f196588
[bSP] b1200636645a6e4589aa7d6a50bbd75d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 279960 Mo
User = LL1 ... OK!
Error reading LL2 MBR! ([0x1] Incorrect function. )

Finished : << RKreport[0]_S_01232014_085347.txt >>



 

Link to post
Share on other sites

since all the above was done, i checked the protection log and got the following

 

2014/01/23 10:16:33 -0600    MLDCN01    administrator    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/23 10:16:37 -0600    MLDCN01    administrator    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/23 10:16:41 -0600    MLDCN01    administrator    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/23 10:16:45 -0600    MLDCN01    administrator    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/23 10:16:49 -0600    MLDCN01    administrator    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/23 10:16:53 -0600    MLDCN01    administrator    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/23 10:16:57 -0600    MLDCN01    administrator    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/23 10:18:26 -0600    MLDCN01    administrator    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/23 10:18:30 -0600    MLDCN01    administrator    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/23 10:18:34 -0600    MLDCN01    administrator    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/23 11:26:57 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.142 (Type: incoming)
2014/01/23 11:27:01 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.142 (Type: incoming)
2014/01/23 11:27:05 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.142 (Type: incoming)
2014/01/23 11:27:17 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.142 (Type: incoming)
2014/01/23 11:28:25 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/23 11:28:46 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/23 11:28:50 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/23 11:28:54 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/23 11:28:58 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/23 11:29:02 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/23 11:29:06 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/23 11:29:10 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)

Link to post
Share on other sites

  • Staff

Hello mikecab

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.

    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it

    If the forum still complains about it being to long send me everything that is at the end of the report after where it says

    ==================

    Scan finished

    ==================

and I will see if I want to see the whole report

send me the reports made from TDSSKiller

Gringo

Link to post
Share on other sites

it seems stuck at "saving post" as i try to post the whole txt file here....

 

here is the end portion you asked about

 

12:52:03.0069 0x1224  ============================================================
12:52:03.0069 0x1224  Scan finished
12:52:03.0069 0x1224  ============================================================
12:52:03.0272 0x1fbc  Detected object count: 0
12:52:03.0319 0x1fbc  Actual detected object count: 0

Link to post
Share on other sites

here is the protection log since the above posted scan

 

2014/01/24 14:53:52 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.142 (Type: incoming)
2014/01/24 14:53:54 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.150 (Type: incoming)
2014/01/24 14:54:03 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.142 (Type: incoming)
2014/01/24 14:54:07 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.142 (Type: incoming)
2014/01/24 14:54:11 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.142 (Type: incoming)
2014/01/24 14:54:15 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.142 (Type: incoming)
2014/01/24 14:54:17 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.150 (Type: incoming)
2014/01/24 14:54:19 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.142 (Type: incoming)
2014/01/24 14:54:23 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.142 (Type: incoming)
2014/01/24 14:54:25 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.150 (Type: incoming)
2014/01/24 14:54:27 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.142 (Type: incoming)
2014/01/24 14:54:33 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.150 (Type: incoming)
2014/01/24 14:54:37 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.150 (Type: incoming)
2014/01/24 14:54:41 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.150 (Type: incoming)
2014/01/24 14:55:37 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/24 14:55:39 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/24 14:55:53 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/24 14:55:54 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/24 14:55:57 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/24 14:55:58 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/24 14:56:01 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/24 14:56:02 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/24 14:56:05 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/24 14:56:06 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/24 14:56:09 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/24 14:56:10 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/24 14:56:13 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/24 14:56:14 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/24 14:56:17 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/24 14:56:18 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)

Link to post
Share on other sites

  • Staff

Hello mikecab

I want you to run things in selective startup, this will help pinpoint the type of problem it is

1. push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)

2. In the Open box, type msconfig and then click OK. The System Configuration Utility appears.

3. Click the "services" tab.

4. Put a checkmark in "hide all Microsofts services".

5. Uncheck anything that is left.

6. click on the "startup" tab

7. uncheck all under this tab

8. click on the apply button

Restat the computer and see how things are doing, If things are doing better then repeat the process but this time start with the services and start by adding the first half back and apply the changes

If things go bad again then you know the problem is in the services that you restarted and you can keep searching untill you find the one it is

if you restart all the services and things are still ok then go back and do the same thing for the startup programs

Link to post
Share on other sites

the protection log shows the following throughout the day

this is AFTER the diabling of the non microsoft services this morning and the startup programs

 

 

2014/01/27 07:41:18 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 07:41:38 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 07:41:42 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 07:41:46 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 07:41:50 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 07:41:54 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 07:41:58 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 07:42:02 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 07:43:02 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 07:43:25 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 07:43:29 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 07:43:33 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 07:43:37 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 07:43:41 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 07:43:45 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 08:06:15 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.138 (Type: incoming)
2014/01/27 08:06:38 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.138 (Type: incoming)
2014/01/27 08:06:42 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.138 (Type: incoming)
2014/01/27 08:06:50 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.138 (Type: incoming)
2014/01/27 08:06:54 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.138 (Type: incoming)
2014/01/27 08:07:02 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.138 (Type: incoming)
2014/01/27 08:08:00 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 08:08:19 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 08:08:23 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 08:08:27 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 08:08:31 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 08:08:35 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 08:08:39 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 08:08:43 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 10:06:23 -0600    MLDCN01    (null)    MESSAGE    Starting database refresh
2014/01/27 10:06:23 -0600    MLDCN01    (null)    MESSAGE    Stopping IP protection
2014/01/27 10:06:23 -0600    MLDCN01    (null)    MESSAGE    IP Protection stopped successfully
2014/01/27 10:06:33 -0600    MLDCN01    (null)    MESSAGE    Database refreshed successfully
2014/01/27 10:06:33 -0600    MLDCN01    (null)    MESSAGE    Starting IP protection
2014/01/27 10:06:40 -0600    MLDCN01    (null)    MESSAGE    IP Protection started successfully
2014/01/27 10:08:20 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 10:08:33 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 10:08:37 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 10:08:41 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 10:08:45 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 10:08:49 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 10:08:52 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 10:08:53 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 10:08:57 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 10:09:16 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 10:09:20 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 10:09:24 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 10:09:28 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 10:09:32 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 10:09:36 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 10:09:40 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.132 (Type: incoming)
2014/01/27 10:10:05 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 10:10:17 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 10:10:21 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 10:10:25 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 10:10:29 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 10:10:33 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 10:10:37 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 10:10:37 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/27 10:10:41 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.82 (Type: incoming)
2014/01/27 10:10:49 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/27 10:10:53 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/27 10:10:57 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/27 10:11:01 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/27 10:11:05 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/27 10:11:09 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/27 10:11:13 -0600    MLDCN01    (null)    IP-BLOCK    211.95.78.84 (Type: incoming)
2014/01/27 13:38:10 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.138 (Type: incoming)
2014/01/27 13:38:22 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.138 (Type: incoming)
2014/01/27 13:38:26 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.138 (Type: incoming)
2014/01/27 13:38:30 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.138 (Type: incoming)
2014/01/27 13:38:34 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.138 (Type: incoming)
2014/01/27 13:38:38 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.138 (Type: incoming)
2014/01/27 13:38:42 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.138 (Type: incoming)
2014/01/27 13:38:46 -0600    MLDCN01    (null)    IP-BLOCK    61.156.242.138 (Type: incoming)
 

Link to post
Share on other sites

  • Staff

Hello mikecab

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.