Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Intermittent browser redirection to www.buydomains.com


  • This topic is locked This topic is locked
6 replies to this topic

#1 YankeeTech80

YankeeTech80

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 11 June 2014 - 02:51 PM

Hello, all. I have a rather aggravating issue I'm hoping to get some help with. About 10-15 users in my company (myself included) are occasionally getting redirected to www.buydomains.com when visiting some legitimate websites such as google.com. Our helpdesk isn't blowing up quite yet because the issue occurs intermittently, and only with a few sites at random. Here's what I've noticed/found so far:

 

  • Anti-malware and Anti-rootkit software haven't picked up anything. So far, I've tried our corporate Symantec anti-virus, Malwarebytes, Spybot Search and Destroy, Kaspersky TDSSKiller, the MS Safety Scanner and Rootkit revealer.
  • All affected users' local hosts file is clean; no entries.
  •  
  • Nobody has had any shady-looking applications installed on their computers.
  • All affected machines are using the correct company DNS servers.
  •  
  • Some users are able to get the problematic websites to display by using Chrome or Firefox instead of IE; for other users, it doesn't matter which browser they use.
  •  
  • In some cases, users get redirected if they click a link in their email (Outlook 2010), but if they cut/paste the link from Outlook into their web browser, the correct page displays. For other users, the page redirects regardless.
  •  
  • I tried configuring a few of the affected systems with Google's Public DNS servers rather than our company's DNS servers, but got the same results.

Since I'm one of the affected users, here is a copy of my DDS log:

_______________________________________________________________

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16555  BrowserJavaVersion: 10.60.2
Run by <redacted> at 15:16:13 on 2014-06-11
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4053.1632 [GMT -4:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\dwrcs\DWRCS.EXE
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\locator.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.12.7\SLClient.exe
c:\windows\syswow64\slinstall.exe
C:\Windows\ProPatches\Scheduler\STSchedEx.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.12.7\CBM\ScriptLogic.CBM.Agent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRA~2\SCRIPT~1\DESKTO~1\CLIENT~1\812~1.7\SLAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\dwrcs\DWRCST.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\PROGRA~2\SCRIPT~1\DESKTO~1\CLIENT~1\812~1.7\SLAgent.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.12.7\CBM\ScriptLogic.CBM.UserExperience.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Citrix\AuthManager\AuthManSvr.exe
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\ASG-Remote Desktop 2012\ASGRD72.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\VMware\Infrastructure\Virtual Infrastructure Client\Launcher\VpxClient.exe
C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Internet Explorer\vmware-vmrc.exe
C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Internet Explorer\vmware-vmrc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Internet Explorer\vmware-vmrc.exe
C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Internet Explorer\vmware-remotemks.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://insight2/intranet/home/view.cfm
mWinlogon: Userinit = userinit.exe
BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: Symantec Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\IPS\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Client Access Service] C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe
mRun: [DesktopAuthority User Experience] "C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.12.7\CBM\ScriptLogic.CBM.UserExperience.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [CitrixReceiver] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Redirector] "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\rsteele\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CITRIX~1.LNK - C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAGIT~1.LNK - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: DisallowRun = dword:1
uPolicies-DisallowRun: 1 = admgmt.msc
uPolicies-DisallowRun: 2 = advanced ip scanner.exe
uPolicies-DisallowRun: 3 = dsa.msc
uPolicies-DisallowRun: 4 = dxdiag.exe
uPolicies-DisallowRun: 5 = edit.com
uPolicies-DisallowRun: 6 = gpedit.msc
uPolicies-DisallowRun: 7 = lc4.exe
uPolicies-DisallowRun: 8 = mscorcfg.msc
uPolicies-DisallowRun: 9 = regclean.exe
uPolicies-DisallowRun: 10 = regcleaner.exe
uPolicies-DisallowRun: 11 = regcleanr.exe
uPolicies-DisallowRun: 12 = regvac.exe
uPolicies-DisallowRun: 13 = secedit.exe
uPolicies-DisallowRun: 14 = secpol.msc
uPolicies-DisallowRun: 15 = sysedit.exe
uPolicies-DisallowRun: 16 = vac.exe
uPolicies-DisallowRun: 17 = wntipcfg.exe
uPolicies-System: HideLogonScripts = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideLogonScripts = dword:0
mPolicies-System: MaxGPOScriptWait = dword:3600
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.100.210.59 192.100.210.43
TCP: Interfaces\{48DFE089-A0B8-413B-A83A-B62122189A59} : NameServer = 192.100.210.9
TCP: Interfaces\{48DFE089-A0B8-413B-A83A-B62122189A59} : DHCPNameServer = 192.100.210.59 192.100.210.43
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
x64-Run: [DameWare MRC Agent] C:\Windows\dwrcs\DWRCST.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
x64-Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\rsteele\AppData\Roaming\Mozilla\Firefox\Profiles\3qa41kk2.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npURLInterceptorPlugin.dll
FF - plugin: C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll
FF - plugin: C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
FF - ExtSQL: 2014-05-27 08:05; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\IPSFF
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\SymDS64.sys [2014-5-30 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\SymEFA64.sys [2014-5-30 1147480]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20140510.011\BHDrvx64.sys [2014-5-30 1530160]
R1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE};Symantec Endpoint Protection 12.1.4013.4013.105 Settings Manager;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [2014-5-30 169048]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2013-9-24 97768]
R1 dwvkbd;DameWare Virtual Keyboard 64 bit Driver;C:\Windows\System32\drivers\dwvkbd64.sys [2008-3-13 30720]
R1 IDSVia64;IDSVia64;C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20140610.011\IDSviA64.sys [2014-6-10 525016]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.sys [2014-5-30 224856]
R1 SYMNETS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\symnets.sys [2014-5-30 437336]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-1-26 203776]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-5-23 23552]
R2 ScriptLogic CBM Service;ScriptLogic CBM Service;C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.12.7\CBM\ScriptLogic.CBM.Agent.exe [2011-4-1 431616]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-6-11 1738200]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-6-11 2081752]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-6-11 171928]
R2 SepMasterService;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [2014-5-30 144368]
R2 SLClient;ScriptLogic Service;C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.12.7\SLClient.exe [2011-4-1 557920]
R2 SLInstall;Desktop Authority Client Provisioning Service;C:\Windows\SysWOW64\slinstall.exe [2013-4-10 557920]
R2 STSchedEx;ST Remote Scheduler Service;C:\Windows\ProPatches\Scheduler\STSchedEx.exe [2014-6-3 1045784]
R2 UltraMonUtility;UltraMon Utility Driver;C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys [2008-11-14 20512]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2013-8-17 899152]
R3 DwMirror;DwMirror;C:\Windows\System32\drivers\DamewareMini.sys [2008-3-14 5632]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-6-10 142128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2014-6-3 27136]
S3 SyDvCtrl;SyDvCtrl;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [2014-5-30 34800]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-6-10 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-10 1255736]
.
=============== Created Last 30 ================
.
2014-06-11 14:57:38 -------- d-----w- C:\Users\rsteele\AppData\Roaming\Wireshark
2014-06-11 14:56:46 -------- d-----w- C:\Program Files (x86)\WinPcap
2014-06-11 14:56:08 -------- d-----w- C:\Program Files\Wireshark
2014-06-11 13:17:19 21040 ----a-w- C:\Windows\System32\sdnclean64.exe
2014-06-11 13:17:17 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-06-11 13:17:12 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-11 12:53:44 388096 ----a-r- C:\Users\rsteele\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-06-11 12:53:44 -------- d-----w- C:\Program Files (x86)\Trend Micro
2014-06-11 06:42:59 763632 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2014-06-10 12:47:31 -------- d-----w- C:\Windows\pss
2014-06-10 11:50:12 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-06-10 11:50:12 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-06-06 12:05:16 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-06-06 12:05:08 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-06-06 12:05:08 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-06-06 12:05:08 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-06-06 12:05:07 -------- d-----w- C:\ProgramData\Malwarebytes
2014-06-06 12:05:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-05 15:55:46 -------- d-----w- C:\Users\rsteele\AppData\Roaming\UltraVNC
2014-06-03 16:26:04 728576 ----a-w- C:\Windows\SysWow64\gpme.dll
2014-06-03 16:10:15 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-06-03 16:10:15 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-06-03 16:04:46 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-06-03 16:04:46 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-06-03 15:57:48 -------- d-----w- C:\ProgramData\Citrix
2014-06-03 15:57:30 -------- d-----w- C:\Program Files (x86)\Common Files\Citrix
2014-06-03 15:53:34 4357632 ----a-w- C:\Windows\System32\sppsvc.exe
2014-06-03 15:53:34 1098752 ----a-w- C:\Windows\System32\sppobjs.dll
2014-06-03 15:39:58 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-06-03 15:39:58 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-06-03 15:17:57 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2014-06-03 15:14:11 -------- d-----w- C:\Users\rsteele\AppData\Local\Programs
2014-06-03 15:10:27 -------- d-----w- C:\Users\rsteele\AppData\Local\Apple
2014-06-03 15:07:59 -------- d-----w- C:\Users\rsteele\AppData\Roaming\ClassicShell
2014-06-03 15:07:39 -------- d-----w- C:\Users\rsteele\AppData\Local\Google
2014-06-03 15:03:20 -------- d-----w- C:\Windows\System32\appmgmt
2014-06-03 15:02:39 -------- d-----w- C:\ProgramData\ClassicShell
2014-06-03 15:02:30 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-03 15:02:00 -------- d-----w- C:\Program Files (x86)\Pidgin
2014-06-03 15:01:46 -------- d-----w- C:\Windows\CD95F661A5C444F5A6AAECDD91C240DD.TMP
2014-06-03 14:59:50 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2014-06-03 14:57:14 -------- d-----w- C:\Program Files\UltraVNC
2014-06-03 14:56:53 -------- d-----w- C:\ProgramData\Applications
2014-06-03 14:56:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2014-06-03 14:56:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2014-06-03 14:56:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2014-06-03 14:56:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2014-06-03 14:56:46 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2014-06-03 14:48:47 -------- d-----w- C:\Windows\ProPatches
2014-05-30 13:26:36 -------- d-----w- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64
2014-05-30 13:26:36 -------- d-----w- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105
2014-05-30 13:26:36 -------- d-----w- C:\Windows\System32\drivers\SEP\0C010FAD
2014-05-30 13:22:24 493656 ----a-w- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\SymDS64.sys
2014-05-30 13:22:24 437336 ----a-w- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\symnets.sys
2014-05-30 13:22:24 1147480 ----a-w- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\SymEFA64.sys
2014-05-30 13:22:23 797272 ----a-w- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\srtsp64.sys
2014-05-30 13:22:23 36952 ----a-w- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\srtspx64.sys
2014-05-30 13:22:23 224856 ----a-w- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.sys
2014-05-30 13:22:23 169048 ----a-w- C:\Windows\System32\drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys
2014-05-30 12:36:01 -------- d-----w- C:\PSTools
2014-05-29 15:25:15 -------- d-----w- C:\Users\rsteele\AppData\Roaming\Symantec
2014-05-29 15:23:14 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-05-28 20:03:59 -------- d-----w- C:\Program Files (x86)\ASG-Remote Desktop 2012
2014-05-28 17:57:39 -------- d-----w- C:\Users\rsteele\AppData\Roaming\SystemTools
2014-05-28 17:57:05 -------- d-----w- C:\Program Files\Hyena
2014-05-28 11:49:53 -------- d-sh--w- C:\Users\rsteele\AppData\Local\EmieUserList
2014-05-28 11:49:53 -------- d-sh--w- C:\Users\rsteele\AppData\Local\EmieSiteList
2014-05-28 08:07:26 -------- d-s---w- C:\Windows\System32\CompatTel
2014-05-28 07:49:49 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-05-28 07:49:49 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-05-28 07:49:48 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-05-28 07:49:48 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-05-28 07:42:19 -------- d-----w- C:\Windows\Migration
2014-05-27 19:20:50 -------- d-----w- C:\Users\rsteele\.pdfsam
2014-05-27 18:51:10 -------- d-----w- C:\ProgramData\Oracle
2014-05-27 18:33:17 -------- d-----w- C:\Program Files (x86)\TightVNC
2014-05-27 18:09:38 -------- d-----w- C:\Users\rsteele\AppData\Local\Adobe
2014-05-27 17:13:13 5553088 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-05-27 15:12:21 -------- d-----w- C:\AL TOOLS
2014-05-27 15:05:56 -------- d-----w- C:\Windows\System32\de
2014-05-27 15:05:56 -------- d-----w- C:\Windows\System32\cs
2014-05-27 15:05:52 901632 ----a-w- C:\Windows\System32\gpprefbr.dll
2014-05-27 15:05:52 3789824 ----a-w- C:\Windows\System32\propshts.dll
2014-05-27 15:05:52 302080 ----a-w- C:\Windows\System32\gpregistrybrowser.dll
2014-05-27 15:05:51 4887040 ----a-w- C:\Windows\System32\gppref.dll
2014-05-27 15:05:51 236032 ----a-w- C:\Windows\System32\gpprefcn.dll
2014-05-27 13:43:15 40960 ----a-w- C:\Windows\System32\dsrm.exe
2014-05-27 13:43:15 35840 ----a-w- C:\Windows\SysWow64\dsrm.exe
2014-05-27 13:43:15 35328 ----a-w- C:\Windows\System32\dsmove.exe
2014-05-27 13:43:15 31744 ----a-w- C:\Windows\SysWow64\dsmove.exe
2014-05-27 13:43:05 191488 ----a-w- C:\Windows\System32\domadmin.dll
2014-05-27 13:43:05 158720 ----a-w- C:\Windows\SysWow64\domadmin.dll
2014-05-27 13:43:05 11776 ----a-w- C:\Windows\SysWow64\redirusr.exe
2014-05-27 13:43:05 11776 ----a-w- C:\Windows\SysWow64\redircmp.exe
2014-05-27 13:41:54 843776 ----a-w- C:\Windows\System32\adsiedit.dll
2014-05-27 13:32:32 -------- d-----w- C:\Users\rsteele\AppData\Roaming\visionapp
2014-05-27 13:28:00 -------- d-----w- C:\Users\rsteele\AppData\Local\Macromedia
2014-05-27 13:21:19 57 ----a-w- C:\Windows\System32\GroupPolicy\User\Scripts\Logoff\SLlogoffScript.cmd
2014-05-27 13:20:27 -------- d-----w- C:\ScriptLogic
2014-05-27 13:09:38 -------- d-----w- C:\Users\rsteele\AppData\Local\Mozilla
2014-05-27 13:08:48 -------- d-----w- C:\Users\rsteele\AppData\Local\VMware
2014-05-27 13:08:34 -------- d-----w- C:\Users\rsteele\AppData\Roaming\DameWare Development
2014-05-27 12:48:42 -------- d-----w- C:\Users\rsteele\AppData\Local\Microsoft Corporation
2014-05-27 12:40:32 -------- d-----w- C:\Users\rsteele\AppData\Local\CutePDF Writer
2014-05-27 12:32:49 -------- d-----w- C:\Program Files (x86)\GPLGS
2014-05-27 12:32:41 87600 ----a-w- C:\Windows\System32\cpwmon64.dll
2014-05-27 12:32:41 -------- d-----w- C:\Program Files (x86)\Acro Software
2014-05-27 12:15:04 335360 ----a-w- C:\Windows\System32\msieftp.dll
2014-05-27 12:15:04 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2014-05-27 12:11:00 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-05-27 12:09:03 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2014-05-27 12:09:03 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2014-05-27 12:09:01 484864 ----a-w- C:\Windows\System32\wer.dll
2014-05-27 12:09:01 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-05-27 12:08:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2014-05-27 12:08:57 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2014-05-27 12:08:36 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2014-05-27 12:08:36 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2014-05-27 12:08:33 3159552 ----a-w- C:\Windows\System32\win32k.sys
2014-05-27 12:08:24 1931264 ----a-w- C:\Windows\System32\authui.dll
2014-05-27 12:08:24 1796608 ----a-w- C:\Windows\SysWow64\authui.dll
2014-05-27 12:08:23 197120 ----a-w- C:\Windows\System32\credui.dll
2014-05-27 12:08:23 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2014-05-27 12:08:23 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2014-05-27 12:08:23 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2014-05-27 12:08:07 -------- d-----w- C:\Program Files (x86)\Remote Desktop Connection Manager
2014-05-27 12:07:01 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-05-27 12:07:01 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-05-27 12:07:00 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-05-27 12:07:00 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-05-27 12:07:00 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-05-27 12:07:00 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-05-27 12:07:00 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-05-27 11:56:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-05-27 11:56:00 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-05-27 11:54:58 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-05-27 11:53:11 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-05-27 11:53:11 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-05-27 11:53:10 89088 ----a-w- C:\Windows\SysWow64\davclnt.dll
2014-05-27 11:53:10 264704 ----a-w- C:\Windows\System32\WebClnt.dll
2014-05-27 11:53:10 209408 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2014-05-27 11:53:10 141824 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-05-27 11:53:10 110592 ----a-w- C:\Windows\System32\davclnt.dll
2014-05-22 20:15:24 1737688 ----a-w- C:\Windows\System32\ntdll.dll
2014-05-22 20:15:23 878080 ----a-w- C:\Windows\System32\advapi32.dll
2014-05-22 20:15:22 859648 ----a-w- C:\Windows\System32\tdh.dll
2014-05-22 20:15:22 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2014-05-22 20:15:21 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2014-05-22 20:15:21 1296312 ----a-w- C:\Windows\SysWow64\ntdll.dll
2014-05-22 20:15:17 327168 ----a-w- C:\Windows\System32\mswsock.dll
2014-05-22 20:15:17 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2014-05-22 20:13:26 861184 ----a-w- C:\Windows\System32\IKEEXT.DLL
2014-05-22 20:13:26 832000 ----a-w- C:\Windows\System32\nshwfp.dll
2014-05-22 20:13:26 706560 ----a-w- C:\Windows\System32\BFE.DLL
2014-05-22 20:13:26 657920 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2014-05-22 20:13:26 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2014-05-22 20:13:26 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2014-05-22 20:09:16 176128 ----a-w- C:\Windows\System32\DLXZIZIL.DLL
2014-05-22 20:08:36 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2014-05-22 20:08:32 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2014-05-22 20:08:32 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2014-05-22 20:08:32 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2014-05-22 20:00:27 633856 ----a-w- C:\Windows\System32\comctl32.dll
2014-05-22 20:00:27 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2014-05-22 19:59:30 76800 ----a-w- C:\Windows\System32\drivers\hidclass.sys
2014-05-22 19:59:30 32896 ----a-w- C:\Windows\System32\drivers\hidparse.sys
2014-05-22 19:58:46 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-05-14 01:32:04 649504 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\USP10.DLL
.
==================== Find3M  ====================
.
2014-06-08 09:13:05 506368 ----a-w- C:\Windows\System32\aepdu.dll
2014-06-08 09:08:04 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-06-03 16:27:09 627712 ----a-w- C:\Windows\SysWow64\gpprefbr.dll
2014-06-03 16:27:09 4341248 ----a-w- C:\Windows\SysWow64\gppref.dll
2014-06-03 16:27:09 2550272 ----a-w- C:\Windows\SysWow64\propshts.dll
2014-06-03 16:27:09 166400 ----a-w- C:\Windows\SysWow64\gpprefcn.dll
2014-06-03 15:39:00 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-03 15:39:00 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-03 14:58:15 505416 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2014-06-02 11:35:20 576912 ----a-w- C:\Windows\System32\SymVPN.dll
2014-06-02 11:35:20 56720 ----a-w- C:\Windows\System32\snacnp.dll
2014-06-02 11:35:20 50576 ----a-w- C:\Windows\SysWow64\snacnp.dll
2014-06-02 11:35:20 459152 ----a-w- C:\Windows\System32\sysfer.dll
2014-06-02 11:35:20 44448 ----a-w- C:\Windows\System32\drivers\WGX64.SYS
2014-06-02 11:35:20 420752 ----a-w- C:\Windows\SysWow64\SymVPN.dll
2014-06-02 11:35:20 361360 ----a-w- C:\Windows\SysWow64\sysfer.dll
2014-06-02 11:35:20 158096 ----a-w- C:\Windows\System32\FwsVpn.dll
2014-06-02 11:35:20 155352 ----a-w- C:\Windows\System32\drivers\SysPlant.sys
2014-06-02 11:35:20 136080 ----a-w- C:\Windows\SysWow64\FwsVpn.dll
2014-06-02 11:35:20 12176 ----a-w- C:\Windows\System32\sysferThunk.dll
2014-06-02 11:35:20 11152 ----a-w- C:\Windows\SysWow64\sysferThunk.dll
2014-05-30 13:28:24 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-05-28 18:37:06 2338816 ----a-w- C:\Windows\System32\jscript9.dll
2014-05-28 18:31:31 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-05-28 18:30:24 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-05-28 18:29:28 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-05-28 18:29:19 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-05-28 18:28:10 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-28 18:28:02 12800 ----a-w- C:\Windows\System32\mshta.exe
2014-05-28 16:39:36 1810432 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-05-28 16:32:59 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-05-28 16:32:25 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-05-28 16:30:53 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-05-28 16:30:53 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-05-28 16:29:31 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-28 16:29:27 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
2014-05-27 15:05:41 225280 ----a-w- C:\Windows\SysWow64\gpregistrybrowser.dll
2014-04-25 02:34:59 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-04-25 02:06:17 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-04-15 06:34:10 1070232 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2014-04-12 02:31:57 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2014-04-12 02:31:55 58368 ----a-w- C:\Windows\System32\appidapi.dll
2014-04-12 02:31:55 34304 ----a-w- C:\Windows\System32\appidsvc.dll
2014-04-12 02:31:44 112640 ----a-w- C:\Windows\System32\smss.exe
2014-04-12 02:31:21 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-04-12 02:31:21 148480 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-04-12 02:28:22 6656 ----a-w- C:\Windows\System32\apisetschema.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-04-12 02:06:34 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-04-12 02:03:37 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2014-04-12 01:34:45 61952 ----a-w- C:\Windows\System32\drivers\appid.sys
2014-04-05 02:37:43 1897408 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-04-05 02:37:41 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-04-05 02:37:37 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-03-26 14:44:48 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-03-26 14:44:48 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-03-26 14:41:39 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-03-26 14:27:50 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-03-26 14:27:50 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-03-26 14:25:14 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
.
============= FINISH: 15:16:43.47 ===============
 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:05:17 AM

Posted 14 June 2014 - 09:28 PM

Hello YankeeTech80,

My name is Cody and I'll be helping you clean up your computer. :)

I will reply to your posts as soon as possible -- typically within 24 hours. In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.

Please do note any time differences between us. If I do not respond within 48 hours, feel free to send me a private message.

==========================================================================

Some points for you to keep in mind:
  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.
==========================================================================

Farbar Recovery Scan Tool (FRST)
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop.
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should.
  • Double click the icon.
  • Click Yes to the disclaimer.
  • Make sure the Addition.txt box is checked.
  • Click Scan and allow the program to run.
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen.
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
==========================================================================

Lastly, in your case, it seems we are dealing with a company computer.

Are you part of the IT staff for this company? If not, we will need you to verify with IT before being able to proceed here. :)

==========================================================================

In your next post I would like to see the following: :thumbsup2:
  • Confirmation that you have read my introductory information.
  • FRST logs.
  • Confirmation from IT staff.

Edited by TheShooter93, 14 June 2014 - 09:32 PM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 YankeeTech80

YankeeTech80
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:17 AM

Posted 16 June 2014 - 07:25 AM

Hi Cody - thanks for your quick reply. :)

 

I read your post, and yes, I am a member of the IT staff at my company. Here are my logs as requested:

 

____________

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014
Ran by <redacted> (administrator) on USAGAGRIT-RS1 on 16-06-2014 08:18:09
Running from C:\TEMP
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(SolarWinds) C:\Windows\dwrcs\DWRCS.EXE
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(ScriptLogic Software Corporation) C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.12.7\SLClient.exe
(ScriptLogic Software Corporation) C:\Windows\SysWOW64\slinstall.exe
(LANDESK Software, Inc.) C:\Windows\ProPatches\Scheduler\STSchedEx.exe
(ScriptLogic Software Corporation) C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.12.7\CBM\ScriptLogic.CBM.Agent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe
(ScriptLogic Software Corporation) C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.12.7\SLAgent.exe
(SolarWinds) C:\Windows\dwrcs\DWRCST.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe
(ScriptLogic Software Corporation) C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.12.7\SLAgent.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
(ScriptLogic Software Corporation) C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.12.7\CBM\ScriptLogic.CBM.UserExperience.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonTaskbar.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 10\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\AuthManager\AuthManSvr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(ASG GmbH & Co. KG) C:\Program Files (x86)\ASG-Remote Desktop 2012\ASGRD72.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(SystemTools Software Inc.) C:\Program Files\Hyena\Hyena_x64.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft) C:\AL TOOLS\LockoutStatus.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [DameWare MRC Agent] => C:\Windows\dwrcs\DWRCST.exe [425832 2012-11-02] (SolarWinds)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Client Access Service] => C:\Program Files (x86)\IBM\Client Access\cwbsvstr.exe [14848 2007-12-11] (IBM Corporation)
HKLM-x32\...\Run: [DesktopAuthority User Experience] => C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.12.7\CBM\ScriptLogic.CBM.UserExperience.exe [137216 2011-04-01] (ScriptLogic Software Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395656 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153992 2013-10-01] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101584 2014-04-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\system: [HideLogoffScripts] 0
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\system: [HideLogonScripts] 0
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\Explorer\DisallowRun: [1] admgmt.msc
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\Explorer\DisallowRun: [2] advanced ip scanner.exe
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\Explorer\DisallowRun: [3] dsa.msc
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\Explorer\DisallowRun: [4] dxdiag.exe
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\Explorer\DisallowRun: [5] edit.com
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\Explorer\DisallowRun: [6] gpedit.msc
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\Explorer\DisallowRun: [7] lc4.exe
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\Explorer\DisallowRun: [8] mscorcfg.msc
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\Explorer\DisallowRun: [9] regclean.exe
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\Explorer\DisallowRun: [10] regcleaner.exe
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\Explorer\DisallowRun: [11] regcleanr.exe
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\Explorer\DisallowRun: [12] regvac.exe
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\Explorer\DisallowRun: [13] secedit.exe
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\Explorer\DisallowRun: [14] secpol.msc
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\Explorer\DisallowRun: [15] sysedit.exe
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\Explorer\DisallowRun: [16] vac.exe
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\Explorer\DisallowRun: [17] wntipcfg.exe
HKU\S-1-5-21-3370268705-1164361316-2878145972-67295\...\Policies\Explorer: [DisallowRun] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk
ShortcutTarget: Snagit 10.lnk -> C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe (TechSmith Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico ()
Startup: C:\Users\rsteele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Citrix Receiver.lnk
ShortcutTarget: Citrix Receiver.lnk -> C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://insight2/intranet/home/view.cfm
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1E0E6897A379CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll (TechSmith Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
BHO-x32: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\bin\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll (TechSmith Corporation)
Toolbar: HKLM-x32 - Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
Toolbar: HKCU - No Name - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} -  No File
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} -  No File
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} -  No File
Handler-x32: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Handler-x32: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.100.210.59 192.100.210.43
Tcpip\..\Interfaces\{48DFE089-A0B8-413B-A83A-B62122189A59}: [NameServer]192.100.210.9

FireFox:
========
FF ProfilePath: C:\Users\rsteele\AppData\Roaming\Mozilla\Firefox\Profiles\3qa41kk2.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @vmware.com/vmrc,version=2.5.0.00000 - C:\Program Files (x86)\Common Files\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin-x32: @vmware.com/vmrc,version=5.5.0.00000 - C:\Program Files (x86)\Common Files\VMware\VMware Remote Console Plug-in 5.5\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF
FF Extension: Symantec Vulnerability Protection - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\IPSFF [2014-06-02]

==================== Services (Whitelisted) =================

S3 Cwbrxd; C:\Windows\cwbrxd.exe [94208 2007-12-11] (IBM Corporation) [File not signed]
R2 dwmrcs; C:\Windows\dwrcs\DWRCS.EXE [869736 2012-11-02] (SolarWinds)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [23552 2014-05-23] () [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 ScriptLogic CBM Service; C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.12.7\CBM\ScriptLogic.CBM.Agent.exe [431616 2011-04-01] (ScriptLogic Software Corporation) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin\ccSvcHst.exe [144368 2014-05-30] (Symantec Corporation)
R2 SLClient; C:\Program Files (x86)\ScriptLogic\Desktop Authority\Client Files\8.12.7\SLClient.exe [557920 2011-04-01] (ScriptLogic Software Corporation)
R2 SLInstall; c:\windows\syswow64\slinstall.exe [557920 2011-04-01] (ScriptLogic Software Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\Smc.exe [2377984 2014-05-30] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\snac64.exe [334736 2014-05-30] (Symantec Corporation)
R2 STSchedEx; C:\Windows\ProPatches\Scheduler\STSchedEx.exe [1045784 2014-04-04] (LANDESK Software, Inc.)

==================== Drivers (Whitelisted) ====================

R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\BASHDefs\20140611.011\BHDrvx64.sys [1530160 2014-05-28] (Symantec Corporation)
R1 ccSettings_{2FF4FBED-F03A-4EE2-AC58-C985811A4FBE}; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\ccSetx64.sys [169048 2014-05-30] (Symantec Corporation)
R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [5632 2008-03-14] (DameWare Development, LLC)
R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd64.sys [30720 2008-03-13] (DameWare)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-10] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\IPSDefs\20140613.011\IDSvia64.sys [525016 2014-05-27] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20140615.025\ENG64.SYS [126040 2014-05-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Data\Definitions\VirusDefs\20140615.025\EX64.SYS [2099288 2014-05-27] (Symantec Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSP64.SYS [797272 2014-05-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SRTSPX64.SYS [36952 2014-05-30] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.4013.4013.105\Bin64\SyDvCtrl64.sys [34800 2014-05-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMDS64.SYS [493656 2014-05-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMEFA64.SYS [1147480 2014-05-30] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-30] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\Ironx64.SYS [224856 2014-05-30] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C010FAD\0FAD.105\x64\SYMNETS.SYS [437336 2014-05-30] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [155352 2014-06-02] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-16 08:17 - 2014-06-16 08:18 - 00000000 ____D () C:\FRST
2014-06-13 17:07 - 2014-06-13 17:08 - 00000000 ____D () C:\temp2
2014-06-12 12:18 - 2014-06-12 12:29 - 00000000 ____D () C:\Users\rsteele\AppData\Local\CrashDumps
2014-06-12 12:18 - 2014-06-12 12:18 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\LibreOffice
2014-06-12 11:55 - 2014-06-12 12:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.1
2014-06-11 16:50 - 2014-06-11 16:51 - 00000000 ____D () C:\Users\rsteele\AppData\Local\NPE
2014-06-11 16:50 - 2014-06-11 16:50 - 00000000 ____D () C:\ProgramData\Norton
2014-06-11 16:39 - 2014-06-11 16:40 - 00016824 _____ () C:\Users\rsteele\Desktop\Result.txt
2014-06-11 15:16 - 2014-06-11 15:16 - 00038069 _____ () C:\Users\rsteele\Desktop\dds.txt
2014-06-11 15:16 - 2014-06-11 15:16 - 00007503 _____ () C:\Users\rsteele\Desktop\attach.txt
2014-06-11 10:57 - 2014-06-11 10:57 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Wireshark
2014-06-11 10:56 - 2014-06-11 12:55 - 00001829 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-06-11 10:56 - 2014-06-11 10:56 - 00001535 _____ () C:\Users\Public\Desktop\Wireshark.lnk
2014-06-11 10:56 - 2014-06-11 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-06-11 10:56 - 2014-06-11 10:56 - 00000000 ____D () C:\Program Files\Wireshark
2014-06-11 10:56 - 2014-06-11 10:56 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-06-11 09:17 - 2014-06-11 09:56 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-11 09:17 - 2014-06-11 09:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-11 09:17 - 2014-06-11 09:17 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-11 09:17 - 2014-06-11 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-11 09:17 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-06-11 08:53 - 2014-06-11 08:53 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-06-11 08:53 - 2014-06-11 08:53 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-06-11 08:52 - 2014-06-11 08:52 - 01402880 _____ () C:\Users\rsteele\Downloads\HijackThis.msi
2014-06-11 02:43 - 2014-06-08 05:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 02:43 - 2014-06-08 05:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 02:43 - 2014-05-28 14:53 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 02:43 - 2014-05-28 14:37 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 02:43 - 2014-05-28 14:31 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 02:43 - 2014-05-28 14:29 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 02:43 - 2014-05-28 14:29 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 02:43 - 2014-05-28 14:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 02:43 - 2014-05-28 14:28 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 02:43 - 2014-05-28 14:28 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 02:43 - 2014-05-28 14:28 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 02:43 - 2014-05-28 14:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 02:43 - 2014-05-28 14:27 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 02:43 - 2014-05-28 12:48 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 02:43 - 2014-05-28 12:39 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 02:43 - 2014-05-28 12:32 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 02:43 - 2014-05-28 12:30 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-11 02:43 - 2014-05-28 12:30 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 02:43 - 2014-05-28 12:30 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 02:43 - 2014-05-28 12:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 02:43 - 2014-05-28 12:29 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 02:43 - 2014-05-28 12:29 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 02:43 - 2014-05-28 12:28 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 02:43 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 02:43 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 02:43 - 2014-04-04 22:37 - 01897408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 02:43 - 2014-04-04 22:37 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-11 02:43 - 2014-04-04 22:37 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 02:43 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 02:43 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 02:43 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 02:43 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 02:43 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 02:43 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 02:43 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 02:43 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 02:42 - 2014-05-28 14:35 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 02:42 - 2014-05-28 14:31 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 02:42 - 2014-05-28 14:30 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 02:42 - 2014-05-28 14:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-06-11 02:42 - 2014-05-28 14:29 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 02:42 - 2014-05-28 14:29 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 02:42 - 2014-05-28 14:29 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 02:42 - 2014-05-28 14:28 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-06-11 02:42 - 2014-05-28 14:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-06-11 02:42 - 2014-05-28 14:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-06-11 02:42 - 2014-05-28 12:38 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 02:42 - 2014-05-28 12:33 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 02:42 - 2014-05-28 12:32 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 02:42 - 2014-05-28 12:31 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-06-11 02:42 - 2014-05-28 12:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 02:42 - 2014-05-28 12:30 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 02:42 - 2014-05-28 12:30 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 02:42 - 2014-05-28 12:30 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 02:42 - 2014-05-28 12:30 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-06-11 02:42 - 2014-05-28 12:29 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-06-11 02:42 - 2014-05-28 12:29 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-06-10 13:29 - 2014-06-10 13:29 - 00000000 ____D () C:\Users\rsteele\Documents\Outlook Files
2014-06-10 08:47 - 2014-06-10 08:47 - 00000000 ____D () C:\Windows\pss
2014-06-10 07:50 - 2014-01-08 22:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-06-10 07:50 - 2014-01-03 18:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-06-10 00:06 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-06-10 00:06 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-06-10 00:06 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-06-10 00:06 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-06-10 00:06 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-06-10 00:06 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-06-10 00:06 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-06-10 00:06 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-06-10 00:06 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-06-10 00:06 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-06-10 00:06 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-06-10 00:06 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-06-10 00:06 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-06-10 00:06 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-06-10 00:06 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-06-10 00:06 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-06-06 08:26 - 2014-06-06 08:26 - 00000401 _____ () C:\Users\rsteele\Desktop\leases.txt
2014-06-06 08:25 - 2014-06-06 08:25 - 00000063 _____ () C:\Users\rsteele\Desktop\lansweeper info.txt
2014-06-06 08:05 - 2014-06-11 09:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-06 08:05 - 2014-06-06 08:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-06 08:05 - 2014-06-06 08:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-06 08:05 - 2014-06-06 08:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-06 08:05 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-06 08:05 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-06 08:05 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-05 11:55 - 2014-06-05 11:55 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\UltraVNC
2014-06-03 12:26 - 2014-02-18 06:18 - 00728576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpme.dll
2014-06-03 12:10 - 2014-02-21 22:31 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-06-03 12:10 - 2014-02-21 22:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-06-03 12:04 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-06-03 12:04 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-06-03 11:58 - 2014-06-03 11:58 - 00001508 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
2014-06-03 11:57 - 2014-06-03 11:58 - 00000000 ____D () C:\ProgramData\Citrix
2014-06-03 11:55 - 2014-06-03 11:55 - 00000093 _____ () C:\Users\rsteele\AppData\Roaming\ARCompanion.log
2014-06-03 11:53 - 2013-09-11 22:26 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2014-06-03 11:53 - 2013-09-11 22:15 - 04357632 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-06-03 11:42 - 2013-02-13 08:25 - 00789504 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2014-06-03 11:42 - 2013-02-13 07:25 - 00589824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2014-06-03 11:42 - 2013-01-04 22:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2014-06-03 11:42 - 2012-11-01 00:33 - 00559616 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-06-03 11:42 - 2012-10-18 18:00 - 00296808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-06-03 11:42 - 2012-10-18 18:00 - 00213848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2014-06-03 11:42 - 2012-10-18 16:34 - 01742848 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2014-06-03 11:42 - 2012-10-18 16:34 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-06-03 11:42 - 2012-10-18 16:34 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\umrdp.dll
2014-06-03 11:42 - 2012-10-18 16:34 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2014-06-03 11:42 - 2012-10-18 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\tcpmonui.dll
2014-06-03 11:42 - 2012-10-18 16:34 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\tcpmib.dll
2014-06-03 11:42 - 2012-10-18 16:33 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-06-03 11:42 - 2012-10-18 16:33 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2014-06-03 11:42 - 2012-10-18 16:32 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-06-03 11:42 - 2012-10-18 16:31 - 00698880 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2014-06-03 11:42 - 2012-10-18 16:31 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-06-03 11:42 - 2012-10-18 16:31 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-06-03 11:42 - 2012-10-18 16:31 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-06-03 11:42 - 2012-10-18 16:30 - 00965120 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-06-03 11:42 - 2012-10-18 16:30 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2014-06-03 11:42 - 2012-10-18 16:29 - 01065984 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2014-06-03 11:42 - 2012-10-18 16:29 - 00777216 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2014-06-03 11:42 - 2012-10-18 16:29 - 00317952 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-06-03 11:42 - 2012-10-18 16:29 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\dot3svc.dll
2014-06-03 11:42 - 2012-10-18 16:29 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-06-03 11:42 - 2012-10-18 16:29 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\dot3msm.dll
2014-06-03 11:42 - 2012-10-18 16:29 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\dot3gpclnt.dll
2014-06-03 11:42 - 2012-10-18 16:29 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-06-03 11:42 - 2012-10-18 16:29 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\gpprnext.dll
2014-06-03 11:42 - 2012-10-18 16:28 - 00695808 _____ (Microsoft Corporation) C:\Windows\system32\cscsvc.dll
2014-06-03 11:42 - 2012-10-18 16:28 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\cscobj.dll
2014-06-03 11:42 - 2012-10-18 16:28 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\CscMig.dll
2014-06-03 11:42 - 2012-10-18 16:28 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\cscapi.dll
2014-06-03 11:42 - 2012-10-18 16:28 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\cscdll.dll
2014-06-03 11:42 - 2012-10-18 16:27 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\appmgmts.dll
2014-06-03 11:42 - 2012-10-18 15:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpmib.dll
2014-06-03 11:42 - 2012-10-18 15:38 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2014-06-03 11:42 - 2012-10-18 15:37 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2014-06-03 11:42 - 2012-10-18 15:37 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2014-06-03 11:42 - 2012-10-18 15:37 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-06-03 11:42 - 2012-10-18 15:35 - 01039872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2014-06-03 11:42 - 2012-10-18 15:35 - 00256000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-06-03 11:42 - 2012-10-18 15:35 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-06-03 11:42 - 2012-10-18 15:35 - 00115200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3msm.dll
2014-06-03 11:42 - 2012-10-18 15:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3api.dll
2014-06-03 11:42 - 2012-10-18 15:35 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2014-06-03 11:42 - 2012-10-18 15:35 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3gpclnt.dll
2014-06-03 11:42 - 2012-10-18 15:35 - 00043520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-06-03 11:42 - 2012-10-18 15:34 - 00149504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgmts.dll
2014-06-03 11:42 - 2012-10-18 15:34 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscobj.dll
2014-06-03 11:42 - 2012-10-18 15:34 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscdll.dll
2014-06-03 11:42 - 2012-10-18 15:30 - 00071680 _____ () C:\Windows\system32\PrintBrmUi.exe
2014-06-03 11:42 - 2012-10-18 15:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2014-06-03 11:42 - 2012-10-18 15:02 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\rdpdd.dll
2014-06-03 11:42 - 2012-10-18 14:52 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndisuio.sys
2014-06-03 11:42 - 2012-10-18 14:50 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2014-06-03 11:42 - 2012-10-18 14:50 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2014-06-03 11:42 - 2012-10-18 14:49 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-06-03 11:42 - 2012-10-18 14:41 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tcpmonui.dll
2014-06-03 11:42 - 2012-10-18 14:41 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprnext.dll
2014-06-03 11:42 - 2012-10-18 14:11 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dot3dlg.dll
2014-06-03 11:42 - 2012-10-18 14:02 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\svchost.exe
2014-06-03 11:42 - 2012-10-18 13:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sscore.dll
2014-06-03 11:42 - 2012-10-18 13:55 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-06-03 11:42 - 2012-10-18 13:55 - 00408576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-06-03 11:42 - 2012-10-18 13:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-06-03 11:42 - 2012-10-18 13:54 - 00516096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\csc.sys
2014-06-03 11:42 - 2012-10-18 13:54 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-06-03 11:42 - 2012-10-18 13:54 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-06-03 11:42 - 2012-10-18 13:54 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-06-03 11:42 - 2012-10-18 13:40 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
2014-06-03 11:42 - 2012-10-18 13:34 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscapi.dll
2014-06-03 11:39 - 2012-05-04 07:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-06-03 11:39 - 2012-05-04 05:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-06-03 11:10 - 2014-06-03 11:10 - 00000000 ____D () C:\Users\rsteele\AppData\Local\Apple
2014-06-03 11:07 - 2014-06-03 11:14 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Real
2014-06-03 11:07 - 2014-06-03 11:08 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\ClassicShell
2014-06-03 11:07 - 2014-06-03 11:07 - 00000000 ____D () C:\Users\rsteele\Documents\My Google Gadgets
2014-06-03 11:07 - 2014-06-03 11:07 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Apple Computer
2014-06-03 11:07 - 2014-06-03 11:07 - 00000000 ____D () C:\Users\rsteele\AppData\Local\Google
2014-06-03 11:03 - 2014-06-03 11:09 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-03 11:02 - 2014-06-03 11:14 - 00000000 ____D () C:\Program Files (x86)\Pidgin
2014-06-03 11:02 - 2014-06-03 11:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-03 11:02 - 2014-06-03 11:02 - 00000000 ____D () C:\ProgramData\ClassicShell
2014-06-03 11:01 - 2014-06-03 11:17 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-03 11:01 - 2014-06-03 11:01 - 00000000 ____D () C:\Windows\CD95F661A5C444F5A6AAECDD91C240DD.TMP
2014-06-03 11:01 - 2014-06-03 11:01 - 00000000 ____D () C:\Users\Default\AppData\Local\WinZip
2014-06-03 11:01 - 2014-06-03 11:01 - 00000000 ____D () C:\Users\Default User\AppData\Local\WinZip
2014-06-03 10:59 - 2014-06-16 07:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-03 10:59 - 2014-06-03 11:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-03 10:59 - 2014-06-03 10:59 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-06-03 10:58 - 2014-06-03 11:15 - 00000000 ____D () C:\ProgramData\Real
2014-06-03 10:58 - 2014-06-03 10:58 - 00000000 ____D () C:\Program Files (x86)\Real
2014-06-03 10:57 - 2014-06-03 11:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
2014-06-03 10:57 - 2014-06-03 11:38 - 00000000 ____D () C:\Program Files\UltraVNC
2014-06-03 10:57 - 2014-06-03 11:20 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-03 10:57 - 2014-06-03 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-03 10:57 - 2014-06-03 10:57 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-03 10:56 - 2014-06-03 11:17 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-03 10:56 - 2014-06-03 10:56 - 00000000 ____D () C:\ProgramData\Applications
2014-06-03 10:55 - 2014-06-03 11:09 - 00000000 ____D () C:\ProgramData\Apple
2014-06-03 10:55 - 2014-06-03 10:55 - 00000000 ____D () C:\Users\Default\AppData\Local\Apple
2014-06-03 10:55 - 2014-06-03 10:55 - 00000000 ____D () C:\Users\Default User\AppData\Local\Apple
2014-06-03 10:48 - 2014-06-13 01:39 - 00000000 ____D () C:\Windows\ProPatches
2014-05-30 13:25 - 2014-06-03 10:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-30 08:36 - 2014-05-30 08:36 - 00000000 ____D () C:\PSTools
2014-05-29 13:28 - 2014-05-29 13:28 - 00001317 _____ () C:\Users\rsteele\Desktop\User Equipment Inventory - Shortcut.lnk
2014-05-29 11:25 - 2014-05-29 11:25 - 00002213 _____ () C:\Users\rsteele\Desktop\Symantec Endpoint Protection Manager Remote Console.lnk
2014-05-29 11:25 - 2014-05-29 11:25 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Symantec
2014-05-29 11:25 - 2014-05-29 11:25 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection Manager
2014-05-29 11:23 - 2014-05-29 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-29 11:23 - 2014-05-07 15:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-29 11:23 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-29 11:23 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-29 11:23 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-29 11:22 - 2014-05-29 11:23 - 00004416 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-05-29 11:20 - 2014-05-29 11:20 - 00000000 ____D () C:\Windows\Sun
2014-05-29 03:02 - 2014-05-29 03:02 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-29 03:02 - 2014-05-29 03:02 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-29 03:02 - 2014-05-29 03:02 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-29 03:02 - 2014-05-29 03:02 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-29 03:02 - 2014-05-29 03:02 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-29 03:02 - 2014-05-29 03:02 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-29 03:02 - 2014-05-29 03:02 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-29 03:01 - 2014-05-29 03:03 - 00003397 _____ () C:\Windows\IE9_main.log
2014-05-28 16:04 - 2014-05-28 16:04 - 00001109 _____ () C:\Users\Public\Desktop\ASG-Remote Desktop 2012.lnk
2014-05-28 16:04 - 2014-05-28 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASG-Remote Desktop 2012
2014-05-28 16:03 - 2014-05-28 16:04 - 00000000 ____D () C:\Program Files (x86)\ASG-Remote Desktop 2012
2014-05-28 14:34 - 2014-06-13 15:07 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\VMware
2014-05-28 14:03 - 2014-05-28 14:03 - 00000549 _____ () C:\Users\rsteele\Desktop\Hyena.lnk
2014-05-28 13:57 - 2014-05-28 13:57 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\SystemTools
2014-05-28 13:57 - 2014-05-28 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyena
2014-05-28 13:57 - 2014-05-28 13:57 - 00000000 ____D () C:\Program Files\Hyena
2014-05-28 07:57 - 2014-05-29 07:44 - 00001413 _____ () C:\Users\rsteele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-28 07:49 - 2014-05-28 07:49 - 00000000 __SHD () C:\Users\rsteele\AppData\Local\EmieUserList
2014-05-28 07:49 - 2014-05-28 07:49 - 00000000 __SHD () C:\Users\rsteele\AppData\Local\EmieSiteList
2014-05-28 04:07 - 2014-06-11 03:04 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-28 03:49 - 2013-05-10 01:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-05-28 03:49 - 2013-05-10 01:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-05-28 03:49 - 2013-05-10 00:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-05-28 03:49 - 2013-05-10 00:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-05-28 03:39 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-05-28 03:33 - 2014-05-28 03:40 - 00008691 _____ () C:\Windows\IE11_main.log
2014-05-28 03:08 - 2014-05-28 03:08 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-05-28 03:08 - 2014-05-28 03:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-05-27 15:20 - 2014-05-27 15:20 - 00000000 ____D () C:\Users\rsteele\.pdfsam
2014-05-27 14:51 - 2014-05-29 11:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-27 14:51 - 2014-05-27 14:51 - 00000000 ____D () C:\ProgramData\Sun
2014-05-27 14:50 - 2014-05-29 11:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-27 14:34 - 2014-05-27 14:34 - 00001090 _____ () C:\Users\rsteele\Desktop\TightVNC Viewer (Best Compression).lnk
2014-05-27 14:34 - 2014-05-27 14:34 - 00001050 _____ () C:\Users\rsteele\Desktop\TightVNC Viewer (Listen Mode).lnk
2014-05-27 14:33 - 2014-05-27 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2014-05-27 14:33 - 2014-05-27 14:33 - 00000000 ____D () C:\Program Files (x86)\TightVNC
2014-05-27 14:09 - 2014-05-27 14:09 - 00000000 ____D () C:\Users\rsteele\AppData\Local\Adobe
2014-05-27 13:14 - 2013-12-03 22:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-05-27 13:14 - 2013-12-03 22:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-05-27 13:14 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-05-27 13:14 - 2013-12-03 22:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-05-27 13:14 - 2013-12-03 22:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-05-27 13:14 - 2013-12-03 22:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-05-27 13:14 - 2013-12-03 22:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-05-27 13:14 - 2013-12-03 22:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-05-27 13:14 - 2013-12-03 22:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-05-27 13:14 - 2013-12-03 22:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-05-27 13:14 - 2013-12-03 22:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-05-27 13:14 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-05-27 13:14 - 2013-12-03 22:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-05-27 13:14 - 2013-12-03 22:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-05-27 13:14 - 2013-12-03 21:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-05-27 13:14 - 2013-12-03 21:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-05-27 13:14 - 2013-12-03 21:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-05-27 13:14 - 2013-12-03 21:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-05-27 13:14 - 2013-10-05 16:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-05-27 13:14 - 2013-10-05 15:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-05-27 13:14 - 2013-09-27 21:14 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-05-27 13:13 - 2014-04-11 22:31 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-05-27 13:13 - 2014-04-11 22:31 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-05-27 13:13 - 2014-04-11 22:31 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-05-27 13:13 - 2014-04-11 22:31 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-05-27 13:13 - 2014-04-11 22:31 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-05-27 13:13 - 2014-04-11 22:31 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-05-27 13:13 - 2014-04-11 22:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-05-27 13:13 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-27 13:13 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-27 13:13 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-27 13:13 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-27 13:13 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-27 13:13 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-27 13:13 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-27 13:13 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-27 13:13 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-27 13:13 - 2014-04-11 22:06 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-05-27 13:13 - 2014-04-11 22:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-05-27 13:13 - 2014-04-11 21:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-05-27 13:13 - 2014-03-04 07:11 - 05553088 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-27 13:13 - 2014-03-04 06:42 - 03974080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-27 13:13 - 2014-03-04 06:42 - 03918784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-27 13:13 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-27 13:13 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-27 13:13 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-27 13:13 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-27 13:13 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-27 13:13 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-27 13:13 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-27 13:13 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-27 13:13 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-27 13:13 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-27 13:13 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-27 13:13 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-27 13:13 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-27 13:13 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-27 13:13 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-27 13:13 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-27 13:13 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-27 13:13 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-27 13:13 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-27 13:13 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-27 13:13 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-27 13:13 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-27 13:13 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-27 13:13 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-27 13:13 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-27 13:13 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-27 13:13 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-27 13:13 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-27 13:13 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-27 13:13 - 2013-09-24 22:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-05-27 13:13 - 2013-09-24 21:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-05-27 13:13 - 2013-07-04 08:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-05-27 11:13 - 2014-05-27 11:13 - 00000966 _____ () C:\Users\rsteele\Desktop\LockoutStatus - Shortcut.lnk
2014-05-27 11:13 - 2014-05-27 11:13 - 00000948 _____ () C:\Users\rsteele\Desktop\eventcombMT - Shortcut.lnk
2014-05-27 11:12 - 2014-05-27 11:12 - 00000000 ____D () C:\AL TOOLS
2014-05-27 11:06 - 2014-06-03 12:27 - 04341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gppref.dll
2014-05-27 11:06 - 2014-06-03 12:27 - 02550272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propshts.dll
2014-05-27 11:06 - 2014-06-03 12:27 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefbr.dll
2014-05-27 11:06 - 2014-06-03 12:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcn.dll
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\zh-CHT
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\zh-CHS
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\tr
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\sv
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\ru
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\pt
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\pl
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\nl
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\ko
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\ja
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\it
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\hu
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\fr
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\es
2014-05-27 11:06 - 2014-05-27 11:05 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpregistrybrowser.dll
2014-05-27 11:05 - 2014-06-03 12:27 - 04887040 _____ (Microsoft Corporation) C:\Windows\system32\gppref.dll
2014-05-27 11:05 - 2014-06-03 12:27 - 03789824 _____ (Microsoft Corporation) C:\Windows\system32\propshts.dll
2014-05-27 11:05 - 2014-06-03 12:27 - 00901632 _____ (Microsoft Corporation) C:\Windows\system32\gpprefbr.dll
2014-05-27 11:05 - 2014-06-03 12:27 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcn.dll
2014-05-27 11:05 - 2014-05-27 11:05 - 00302080 _____ (Microsoft Corporation) C:\Windows\system32\gpregistrybrowser.dll
2014-05-27 11:05 - 2014-05-27 11:05 - 00000000 ____D () C:\Windows\system32\de
2014-05-27 11:05 - 2014-05-27 11:05 - 00000000 ____D () C:\Windows\system32\cs
2014-05-27 09:43 - 2010-11-20 08:26 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\domadmin.dll
2014-05-27 09:43 - 2010-11-20 08:24 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\dsrm.exe
2014-05-27 09:43 - 2010-11-20 08:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\dsmove.exe
2014-05-27 09:43 - 2010-11-20 07:18 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\domadmin.dll
2014-05-27 09:43 - 2010-11-20 07:17 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsrm.exe
2014-05-27 09:43 - 2010-11-20 07:17 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsmove.exe
2014-05-27 09:43 - 2010-11-04 20:55 - 00144380 _____ () C:\Windows\SysWOW64\adsiedit.msc
2014-05-27 09:43 - 2010-11-04 20:55 - 00144380 _____ () C:\Windows\system32\adsiedit.msc
2014-05-27 09:43 - 2009-07-13 21:14 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\redirusr.exe
2014-05-27 09:43 - 2009-07-13 21:14 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\redircmp.exe
2014-05-27 09:42 - 2010-11-20 08:27 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\schmmgmt.dll
2014-05-27 09:42 - 2010-11-20 08:26 - 01242112 _____ (Microsoft Corporation) C:\Windows\system32\dsadmin.dll
2014-05-27 09:42 - 2010-11-20 08:26 - 01076736 _____ (Microsoft Corporation) C:\Windows\system32\GPOAdminCustom.dll
2014-05-27 09:42 - 2010-11-20 08:26 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\GPRSoP.dll
2014-05-27 09:42 - 2010-11-20 08:26 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\dsuiwiz.dll
2014-05-27 09:42 - 2010-11-20 08:26 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\GPOAdminCommon.dll
2014-05-27 09:42 - 2010-11-20 08:24 - 00392704 _____ (Microsoft Corporation) C:\Windows\system32\ldp.exe
2014-05-27 09:42 - 2010-11-20 08:24 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\dnscmd.exe
2014-05-27 09:42 - 2010-11-20 08:24 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\dsquery.exe
2014-05-27 09:42 - 2010-11-20 08:24 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\dsget.exe
2014-05-27 09:42 - 2010-11-20 08:24 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\ldifde.exe
2014-05-27 09:42 - 2010-11-20 08:24 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\dsadd.exe
2014-05-27 09:42 - 2010-11-20 08:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\dsmod.exe
2014-05-27 09:42 - 2010-11-20 08:24 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\dsacls.exe
2014-05-27 09:42 - 2010-11-20 08:24 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\csvde.exe
2014-05-27 09:42 - 2010-11-20 07:21 - 00276992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schmmgmt.dll
2014-05-27 09:42 - 2010-11-20 07:19 - 00743424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GPOAdminCustom.dll
2014-05-27 09:42 - 2010-11-20 07:19 - 00453120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GPRSoP.dll
2014-05-27 09:42 - 2010-11-20 07:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GPOAdminCommon.dll
2014-05-27 09:42 - 2010-11-20 07:18 - 00859648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsadmin.dll
2014-05-27 09:42 - 2010-11-20 07:18 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsuiwiz.dll
2014-05-27 09:42 - 2010-11-20 07:17 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ldp.exe
2014-05-27 09:42 - 2010-11-20 07:17 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsget.exe
2014-05-27 09:42 - 2010-11-20 07:17 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsquery.exe
2014-05-27 09:42 - 2010-11-20 07:17 - 00068608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ldifde.exe
2014-05-27 09:42 - 2010-11-20 07:17 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsadd.exe
2014-05-27 09:42 - 2010-11-20 07:17 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsmod.exe
2014-05-27 09:42 - 2010-11-20 07:17 - 00038912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsacls.exe
2014-05-27 09:42 - 2010-11-20 07:17 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\csvde.exe
2014-05-27 09:42 - 2010-11-04 20:55 - 00146694 _____ () C:\Windows\system32\dhcpmgmt.msc
2014-05-27 09:42 - 2010-11-04 20:55 - 00145867 _____ () C:\Windows\system32\dnsmgmt.msc
2014-05-27 09:42 - 2010-11-04 20:55 - 00144951 _____ () C:\Windows\SysWOW64\domain.msc
2014-05-27 09:42 - 2010-11-04 20:55 - 00144951 _____ () C:\Windows\system32\domain.msc
2014-05-27 09:42 - 2010-11-04 20:55 - 00144646 _____ () C:\Windows\SysWOW64\dssite.msc
2014-05-27 09:42 - 2010-11-04 20:55 - 00144646 _____ () C:\Windows\system32\dssite.msc
2014-05-27 09:42 - 2009-07-13 21:52 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\mtedit.exe
2014-05-27 09:42 - 2009-07-13 21:51 - 03235840 _____ (Microsoft Corporation) C:\Windows\system32\dsac.exe
2014-05-27 09:42 - 2009-07-13 21:47 - 01204224 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft.ActiveDirectory.Management.UI.dll
2014-05-27 09:42 - 2009-07-13 21:41 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\rsatclient.dll
2014-05-27 09:42 - 2009-07-13 21:40 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\dsacn.dll
2014-05-27 09:42 - 2009-07-13 21:40 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dhcpmon.dll
2014-05-27 09:42 - 2009-07-13 21:39 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\dcpromo.exe
2014-05-27 09:42 - 2009-07-13 21:39 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rendom.exe
2014-05-27 09:42 - 2009-07-13 21:39 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\netdom.exe
2014-05-27 09:42 - 2009-07-13 21:39 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\gpfixup.exe
2014-05-27 09:42 - 2009-07-13 21:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\redirusr.exe
2014-05-27 09:42 - 2009-07-13 21:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\redircmp.exe
2014-05-27 09:42 - 2009-07-13 21:15 - 00238592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpmon.dll
2014-05-27 09:42 - 2009-07-13 21:14 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcpromo.exe
2014-05-27 09:42 - 2009-07-13 21:14 - 00113152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rendom.exe
2014-05-27 09:42 - 2009-07-13 21:14 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netdom.exe
2014-05-27 09:42 - 2009-07-13 21:14 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpfixup.exe
2014-05-27 09:42 - 2009-06-10 17:28 - 00146712 _____ () C:\Windows\SysWOW64\gpme.msc
2014-05-27 09:42 - 2009-06-10 17:28 - 00146080 _____ () C:\Windows\SysWOW64\gptedit.msc
2014-05-27 09:42 - 2009-06-10 17:21 - 00145017 _____ () C:\Windows\SysWOW64\dsa.msc
2014-05-27 09:42 - 2009-06-10 16:46 - 00146712 _____ () C:\Windows\system32\gpme.msc
2014-05-27 09:42 - 2009-06-10 16:46 - 00146080 _____ () C:\Windows\system32\gptedit.msc
2014-05-27 09:42 - 2009-06-10 16:38 - 00145017 _____ () C:\Windows\system32\dsa.msc
2014-05-27 09:41 - 2010-11-20 08:26 - 03582464 _____ (Microsoft Corporation) C:\Windows\system32\dhcpsnap.dll
2014-05-27 09:41 - 2010-11-20 08:26 - 02300416 _____ (Microsoft Corporation) C:\Windows\system32\gpmgmt.dll
2014-05-27 09:41 - 2010-11-20 08:26 - 01862656 _____ (Microsoft Corporation) C:\Windows\system32\dcpromoui.dll
2014-05-27 09:41 - 2010-11-20 08:26 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\GPOAdmin.dll
2014-05-27 09:41 - 2010-11-20 08:26 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\dnsmgr.dll
2014-05-27 09:41 - 2010-11-20 08:26 - 01283584 _____ (Microsoft Corporation) C:\Windows\system32\dcpromocmd.dll
2014-05-27 09:41 - 2010-11-20 08:26 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\gpme.dll
2014-05-27 09:41 - 2010-11-20 08:25 - 01135104 _____ (Microsoft Corporation) C:\Windows\system32\adprop.dll
2014-05-27 09:41 - 2010-11-20 08:25 - 00843776 _____ (Microsoft Corporation) C:\Windows\system32\adsiedit.dll
2014-05-27 09:41 - 2010-11-20 08:25 - 00469504 _____ (Microsoft Corporation) C:\Windows\system32\ntdsutil.exe
2014-05-27 09:41 - 2010-11-20 08:25 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\repadmin.exe
2014-05-27 09:41 - 2010-11-20 08:24 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\dcdiag.exe
2014-05-27 09:41 - 2010-11-20 08:24 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\dsmgmt.exe
2014-05-27 09:41 - 2010-11-20 08:24 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\dsdbutil.exe
2014-05-27 09:41 - 2010-11-20 07:19 - 01664512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpmgmt.dll
2014-05-27 09:41 - 2010-11-20 07:19 - 01292800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GPOAdmin.dll
2014-05-27 09:41 - 2010-11-20 07:18 - 01189376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcpromoui.dll
2014-05-27 09:41 - 2010-11-20 07:18 - 00851456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprop.dll
2014-05-27 09:41 - 2010-11-20 07:18 - 00769024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcpromocmd.dll
2014-05-27 09:41 - 2010-11-20 07:18 - 00638976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsiedit.dll
2014-05-27 09:41 - 2010-11-20 07:17 - 00453632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcdiag.exe
2014-05-27 09:41 - 2010-11-20 07:17 - 00375296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdsutil.exe
2014-05-27 09:41 - 2010-11-20 07:17 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\repadmin.exe
2014-05-27 09:41 - 2010-11-20 07:17 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsdbutil.exe
2014-05-27 09:41 - 2010-11-20 07:17 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsmgmt.exe
2014-05-27 09:41 - 2010-11-04 21:02 - 00146446 _____ () C:\Windows\SysWOW64\gpmc.msc
2014-05-27 09:41 - 2010-11-04 21:02 - 00146446 _____ () C:\Windows\system32\gpmc.msc
2014-05-27 09:32 - 2014-05-27 09:32 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\visionapp
2014-05-27 09:28 - 2014-05-27 09:28 - 00000000 ____D () C:\Users\rsteele\AppData\Local\Macromedia
2014-05-27 09:20 - 2014-05-27 09:21 - 00000000 ____D () C:\ScriptLogic
2014-05-27 09:16 - 2014-05-27 09:21 - 00003277 _____ () C:\Windows\SysWOW64\slinstall_USAGAGRIT-RS1.log
2014-05-27 09:09 - 2014-05-30 16:05 - 00000000 ____D () C:\Users\rsteele\AppData\Local\Mozilla
2014-05-27 09:09 - 2014-05-27 09:09 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Mozilla
2014-05-27 09:08 - 2014-06-05 11:56 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\DameWare Development
2014-05-27 09:08 - 2014-05-27 09:08 - 00000000 ____D () C:\Users\rsteele\AppData\Local\VMware
2014-05-27 09:01 - 2014-05-29 17:00 - 00002002 ____H () C:\Users\rsteele\Documents\Default.rdp
2014-05-27 08:48 - 2014-05-27 08:48 - 00000000 ____D () C:\Users\rsteele\AppData\Local\Microsoft Corporation
2014-05-27 08:40 - 2014-06-10 15:25 - 00000000 ____D () C:\Users\rsteele\AppData\Local\CutePDF Writer
2014-05-27 08:32 - 2014-05-27 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-05-27 08:32 - 2014-05-27 08:32 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-05-27 08:32 - 2014-05-27 08:32 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-05-27 08:32 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\system32\cpwmon64.dll
2014-05-27 08:15 - 2013-10-29 22:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-05-27 08:15 - 2013-10-29 22:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-05-27 08:11 - 2014-01-27 22:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-05-27 08:10 - 2014-03-24 22:34 - 14179328 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-27 08:10 - 2014-03-24 22:18 - 12877312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-27 08:09 - 2014-01-28 22:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-05-27 08:09 - 2014-01-28 22:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-05-27 08:09 - 2013-12-31 19:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-05-27 08:09 - 2013-12-31 19:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-05-27 08:09 - 2013-11-23 14:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-05-27 08:09 - 2013-11-23 13:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-05-27 08:08 - 2014-05-27 08:08 - 00002903 _____ () C:\Users\rsteele\Desktop\Remote Desktop Connection Manager.lnk
2014-05-27 08:08 - 2014-05-27 08:08 - 00002903 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Desktop Connection Manager.lnk
2014-05-27 08:08 - 2014-05-27 08:08 - 00000000 ____D () C:\Program Files (x86)\Remote Desktop Connection Manager
2014-05-27 08:08 - 2014-02-06 21:25 - 03159552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-05-27 08:08 - 2013-10-18 22:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-05-27 08:08 - 2013-10-18 21:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-05-27 08:08 - 2013-10-03 22:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-05-27 08:08 - 2013-10-03 22:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-05-27 08:08 - 2013-10-03 22:24 - 01931264 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-05-27 08:08 - 2013-10-03 22:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-05-27 08:08 - 2013-10-03 22:02 - 01796608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-05-27 08:08 - 2013-10-03 21:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-05-27 08:08 - 2013-10-03 21:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-05-27 08:08 - 2013-10-03 21:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-05-27 08:07 - 2013-11-26 21:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-05-27 08:07 - 2013-11-26 21:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-05-27 08:07 - 2013-11-26 21:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-05-27 08:07 - 2013-11-26 21:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-05-27 08:07 - 2013-11-26 21:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-05-27 08:07 - 2013-11-26 21:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-05-27 08:07 - 2013-11-26 21:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-05-27 08:05 - 2014-05-27 08:05 - 00002208 _____ () C:\Users\rsteele\Desktop\DameWare Mini Remote Control.lnk
2014-05-27 08:03 - 2014-05-27 14:09 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Adobe
2014-05-27 08:00 - 2013-04-10 11:16 - 00003041 _____ () C:\Users\rsteele\Desktop\Microsoft Publisher 2010.lnk
2014-05-27 08:00 - 2013-04-10 11:16 - 00003029 _____ () C:\Users\rsteele\Desktop\Microsoft Outlook 2010.lnk
2014-05-27 08:00 - 2013-04-10 11:16 - 00003021 _____ () C:\Users\rsteele\Desktop\Microsoft Word 2010.lnk
2014-05-27 08:00 - 2013-04-10 11:16 - 00002951 _____ () C:\Users\rsteele\Desktop\Microsoft Excel 2010.lnk
2014-05-27 08:00 - 2013-04-10 11:16 - 00002937 _____ () C:\Users\rsteele\Desktop\Microsoft PowerPoint 2010.lnk
2014-05-27 08:00 - 2013-04-10 11:16 - 00002919 _____ () C:\Users\rsteele\Desktop\Microsoft Access 2010.lnk
2014-05-27 07:59 - 2014-05-27 07:59 - 00001771 _____ () C:\Users\rsteele\Desktop\rsteele.lnk
2014-05-27 07:57 - 2014-06-12 12:01 - 00124224 _____ () C:\Users\rsteele\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-27 07:57 - 2014-06-04 07:27 - 00000000 ___RD () C:\Users\rsteele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-27 07:57 - 2014-06-04 07:27 - 00000000 ___RD () C:\Users\rsteele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-27 07:57 - 2014-06-03 12:11 - 00000000 ____D () C:\Users\rsteele\AppData\Local\Citrix
2014-05-27 07:57 - 2014-05-29 07:44 - 00001447 _____ () C:\Users\rsteele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-27 07:57 - 2014-05-27 07:57 - 00000000 ____D () C:\Users\rsteele\Documents\Snagit
2014-05-27 07:57 - 2014-05-27 07:57 - 00000000 ____D () C:\Users\rsteele\Documents\IBM
2014-05-27 07:57 - 2014-05-27 07:57 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Realtime Soft
2014-05-27 07:57 - 2014-05-27 07:57 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\ICAClient
2014-05-27 07:57 - 2014-05-27 07:57 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\IBM
2014-05-27 07:57 - 2014-05-27 07:57 - 00000000 ____D () C:\Users\rsteele\AppData\Local\TechSmith
2014-05-27 07:57 - 2013-06-06 01:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-05-27 07:57 - 2013-06-06 01:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-05-27 07:57 - 2013-06-06 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-05-27 07:57 - 2013-06-06 01:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-05-27 07:57 - 2013-06-06 00:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-05-27 07:57 - 2013-06-06 00:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-05-27 07:57 - 2013-06-06 00:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-05-27 07:57 - 2013-06-05 23:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-05-27 07:57 - 2013-06-05 23:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-05-27 07:57 - 2013-06-05 23:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-05-27 07:56 - 2013-10-02 22:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-05-27 07:56 - 2013-10-02 22:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-05-27 07:55 - 2014-02-03 22:37 - 00191424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-05-27 07:55 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-05-27 07:55 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-05-27 07:55 - 2014-02-03 22:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-05-27 07:55 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-05-27 07:55 - 2014-02-03 22:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-05-27 07:55 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-05-27 07:55 - 2013-12-24 19:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-05-27 07:55 - 2013-12-24 18:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-05-27 07:55 - 2013-11-26 04:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-05-27 07:55 - 2013-11-22 18:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-05-27 07:55 - 2013-10-11 22:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-05-27 07:55 - 2013-10-11 22:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-05-27 07:55 - 2013-10-11 22:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-05-27 07:55 - 2013-10-11 22:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-05-27 07:55 - 2013-10-11 21:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-05-27 07:55 - 2013-10-11 21:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-05-27 07:55 - 2013-10-11 21:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-05-27 07:55 - 2013-10-11 21:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-05-27 07:55 - 2013-06-25 18:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-05-27 07:54 - 2014-06-16 08:18 - 00000000 ____D () C:\Users\rsteele\AppData\Local\Temp
2014-05-27 07:54 - 2014-06-03 11:21 - 00020124 __RSH () C:\Users\rsteele\ntuser.pol
2014-05-27 07:54 - 2014-06-03 11:21 - 00000000 ____D () C:\Users\rsteele
2014-05-27 07:54 - 2014-05-27 07:54 - 00000020 ___SH () C:\Users\rsteele\ntuser.ini
2014-05-27 07:54 - 2014-05-27 07:54 - 00000000 ____D () C:\Users\rsteele\AppData\Local\Symantec
2014-05-27 07:54 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-05-27 07:54 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-05-27 07:54 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-05-27 07:54 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-05-27 07:54 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-05-27 07:54 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-05-27 07:54 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-05-27 07:54 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-05-27 07:54 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-05-27 07:54 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-05-27 07:54 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-05-27 07:54 - 2014-01-23 22:40 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-05-27 07:54 - 2013-08-01 22:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 22:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 21:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-05-27 07:54 - 2013-08-01 20:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 20:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 20:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-05-27 07:54 - 2013-08-01 20:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-05-27 07:54 - 2013-07-12 06:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-05-27 07:54 - 2013-04-10 11:19 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Macromedia
2014-05-27 07:54 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\rsteele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-27 07:54 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\rsteele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-27 07:53 - 2014-02-03 22:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-05-27 07:53 - 2014-02-03 22:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-05-27 07:53 - 2013-07-04 08:16 - 00264704 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-05-27 07:53 - 2013-07-04 08:10 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-05-27 07:53 - 2013-07-04 07:59 - 00209408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-05-27 07:53 - 2013-07-04 07:54 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-05-27 07:53 - 2013-07-04 05:54 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-05-27 07:51 - 2014-05-27 07:51 - 00110624 _____ () C:\Users\rsadmin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-27 07:51 - 2014-05-27 07:51 - 00001447 _____ () C:\Users\rsadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-27 07:51 - 2014-05-27 07:51 - 00001413 _____ () C:\Users\rsadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-27 07:51 - 2014-05-27 07:51 - 00000000 ___RD () C:\Users\rsadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-27 07:51 - 2014-05-27 07:51 - 00000000 ___RD () C:\Users\rsadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-27 07:51 - 2014-05-27 07:51 - 00000000 ____D () C:\Users\rsadmin\Documents\IBM
2014-05-27 07:51 - 2014-05-27 07:51 - 00000000 ____D () C:\Users\rsadmin\AppData\Roaming\Realtime Soft
2014-05-27 07:51 - 2014-05-27 07:51 - 00000000 ____D () C:\Users\rsadmin\AppData\Roaming\ICAClient
2014-05-27 07:51 - 2014-05-27 07:51 - 00000000 ____D () C:\Users\rsadmin\AppData\Roaming\IBM
2014-05-27 07:51 - 2014-05-27 07:51 - 00000000 ____D () C:\Users\rsadmin\AppData\Local\TechSmith
2014-05-27 07:51 - 2014-05-27 07:51 - 00000000 ____D () C:\Users\rsadmin\AppData\Local\Citrix
2014-05-27 07:50 - 2014-06-03 08:42 - 00000000 ____D () C:\Users\rsadmin
2014-05-27 07:50 - 2014-05-27 07:53 - 00000000 ____D () C:\Users\rsadmin\AppData\Local\Temp
2014-05-27 07:50 - 2014-05-27 07:50 - 00000020 ___SH () C:\Users\rsadmin\ntuser.ini
2014-05-27 07:50 - 2014-05-27 07:50 - 00000000 ____D () C:\Users\rsadmin\AppData\Local\Symantec
2014-05-27 07:50 - 2013-04-10 11:19 - 00000000 ____D () C:\Users\rsadmin\AppData\Roaming\Macromedia
2014-05-27 07:50 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\rsadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-27 07:50 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\rsadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-22 16:15 - 2013-09-07 22:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-05-22 16:15 - 2013-09-07 22:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-05-22 16:15 - 2013-08-28 22:21 - 01737688 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-05-22 16:15 - 2013-08-28 22:21 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-05-22 16:15 - 2013-08-28 22:18 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-05-22 16:15 - 2013-08-28 21:57 - 01296312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-05-22 16:15 - 2013-08-28 21:57 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-05-22 16:15 - 2013-08-28 21:54 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-05-22 16:15 - 2013-07-25 22:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-05-22 16:15 - 2013-07-25 21:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-05-22 16:13 - 2013-10-11 22:25 - 00832000 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-05-22 16:13 - 2013-10-11 22:24 - 00861184 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-05-22 16:13 - 2013-10-11 22:24 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-05-22 16:13 - 2013-10-11 22:23 - 00706560 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-05-22 16:13 - 2013-10-11 21:57 - 00657920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-05-22 16:13 - 2013-10-11 21:56 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-05-22 16:09 - 2009-06-30 15:00 - 00176128 _____ (Dell Inc.) C:\Windows\system32\DLXZIZIL.DLL
2014-05-22 16:08 - 2013-08-04 22:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-05-22 16:08 - 2013-08-01 08:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-05-22 16:08 - 2013-07-20 06:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-05-22 16:08 - 2013-07-20 06:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-05-22 16:00 - 2014-05-22 16:00 - 00001413 _____ () C:\Users\jmack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-22 16:00 - 2014-05-22 16:00 - 00000000 ____D () C:\Users\jmack\AppData\Roaming\Realtime Soft
2014-05-22 16:00 - 2013-07-04 08:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-05-22 16:00 - 2013-07-04 07:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-05-22 15:59 - 2014-05-22 15:59 - 00000000 ____D () C:\Users\jmack\AppData\Local\Symantec
2014-05-22 15:59 - 2013-07-01 23:49 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-05-22 15:59 - 2013-07-01 23:49 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-05-22 15:58 - 2013-08-27 21:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll

==================== One Month Modified Files and Folders =======

2014-06-16 08:18 - 2014-06-16 08:17 - 00000000 ____D () C:\FRST
2014-06-16 08:18 - 2014-05-27 07:54 - 00000000 ____D () C:\Users\rsteele\AppData\Local\Temp
2014-06-16 08:18 - 2013-07-08 08:54 - 00000000 ____D () C:\TEMP
2014-06-16 08:00 - 2012-11-12 17:57 - 01897429 _____ () C:\Windows\WindowsUpdate.log
2014-06-16 07:41 - 2014-06-03 10:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-16 06:51 - 2013-04-10 10:50 - 00000848 _____ () C:\Windows\system32\config\netlogon.ftl
2014-06-16 05:33 - 2013-07-08 08:55 - 00000000 ____D () C:\ProgramData\Symantec
2014-06-13 17:08 - 2014-06-13 17:07 - 00000000 ____D () C:\temp2
2014-06-13 15:07 - 2014-05-28 14:34 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\VMware
2014-06-13 01:39 - 2014-06-03 10:48 - 00000000 ____D () C:\Windows\ProPatches
2014-06-12 19:39 - 2009-07-14 00:45 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-12 19:39 - 2009-07-14 00:45 - 00022224 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-12 12:39 - 2014-06-12 11:55 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.1
2014-06-12 12:29 - 2014-06-12 12:18 - 00000000 ____D () C:\Users\rsteele\AppData\Local\CrashDumps
2014-06-12 12:28 - 2013-07-01 07:55 - 00000173 _____ () C:\Users\Public\Desktop\DataStream.url
2014-06-12 12:28 - 2013-04-10 11:04 - 00000229 _____ () C:\Users\Public\Desktop\HelpDesk.url
2014-06-12 12:27 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 12:27 - 2009-07-14 00:51 - 00028260 _____ () C:\Windows\setupact.log
2014-06-12 12:27 - 2009-07-14 00:45 - 00474472 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-12 12:18 - 2014-06-12 12:18 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\LibreOffice
2014-06-12 12:01 - 2014-05-27 07:57 - 00124224 _____ () C:\Users\rsteele\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-11 16:51 - 2014-06-11 16:50 - 00000000 ____D () C:\Users\rsteele\AppData\Local\NPE
2014-06-11 16:50 - 2014-06-11 16:50 - 00000000 ____D () C:\ProgramData\Norton
2014-06-11 16:40 - 2014-06-11 16:39 - 00016824 _____ () C:\Users\rsteele\Desktop\Result.txt
2014-06-11 15:16 - 2014-06-11 15:16 - 00038069 _____ () C:\Users\rsteele\Desktop\dds.txt
2014-06-11 15:16 - 2014-06-11 15:16 - 00007503 _____ () C:\Users\rsteele\Desktop\attach.txt
2014-06-11 12:55 - 2014-06-11 10:56 - 00001829 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
2014-06-11 10:57 - 2014-06-11 10:57 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Wireshark
2014-06-11 10:56 - 2014-06-11 10:56 - 00001535 _____ () C:\Users\Public\Desktop\Wireshark.lnk
2014-06-11 10:56 - 2014-06-11 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-06-11 10:56 - 2014-06-11 10:56 - 00000000 ____D () C:\Program Files\Wireshark
2014-06-11 10:56 - 2014-06-11 10:56 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-06-11 09:56 - 2014-06-11 09:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-11 09:38 - 2014-06-06 08:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-11 09:20 - 2014-06-11 09:17 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-06-11 09:17 - 2014-06-11 09:17 - 00001395 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-06-11 09:17 - 2014-06-11 09:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-06-11 08:53 - 2014-06-11 08:53 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-06-11 08:53 - 2014-06-11 08:53 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-06-11 08:52 - 2014-06-11 08:52 - 01402880 _____ () C:\Users\rsteele\Downloads\HijackThis.msi
2014-06-11 03:04 - 2014-05-28 04:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-11 03:01 - 2013-04-10 11:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-10 17:38 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-06-10 15:25 - 2014-05-27 08:40 - 00000000 ____D () C:\Users\rsteele\AppData\Local\CutePDF Writer
2014-06-10 13:29 - 2014-06-10 13:29 - 00000000 ____D () C:\Users\rsteele\Documents\Outlook Files
2014-06-10 08:47 - 2014-06-10 08:47 - 00000000 ____D () C:\Windows\pss
2014-06-10 07:38 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-06-08 05:13 - 2014-06-11 02:43 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 05:08 - 2014-06-11 02:43 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 08:26 - 2014-06-06 08:26 - 00000401 _____ () C:\Users\rsteele\Desktop\leases.txt
2014-06-06 08:25 - 2014-06-06 08:25 - 00000063 _____ () C:\Users\rsteele\Desktop\lansweeper info.txt
2014-06-06 08:05 - 2014-06-06 08:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-06 08:05 - 2014-06-06 08:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-06 08:05 - 2014-06-06 08:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-05 11:56 - 2014-05-27 09:08 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\DameWare Development
2014-06-05 11:55 - 2014-06-05 11:55 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\UltraVNC
2014-06-04 07:30 - 2009-07-14 01:13 - 00786538 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-04 07:27 - 2014-05-27 07:57 - 00000000 ___RD () C:\Users\rsteele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-04 07:27 - 2014-05-27 07:57 - 00000000 ___RD () C:\Users\rsteele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-06-04 07:24 - 2010-11-20 23:47 - 00739226 _____ () C:\Windows\PFRO.log
2014-06-03 17:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-06-03 17:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-06-03 12:27 - 2014-05-27 11:06 - 04341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gppref.dll
2014-06-03 12:27 - 2014-05-27 11:06 - 02550272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propshts.dll
2014-06-03 12:27 - 2014-05-27 11:06 - 00627712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefbr.dll
2014-06-03 12:27 - 2014-05-27 11:06 - 00166400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcn.dll
2014-06-03 12:27 - 2014-05-27 11:05 - 04887040 _____ (Microsoft Corporation) C:\Windows\system32\gppref.dll
2014-06-03 12:27 - 2014-05-27 11:05 - 03789824 _____ (Microsoft Corporation) C:\Windows\system32\propshts.dll
2014-06-03 12:27 - 2014-05-27 11:05 - 00901632 _____ (Microsoft Corporation) C:\Windows\system32\gpprefbr.dll
2014-06-03 12:27 - 2014-05-27 11:05 - 00236032 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcn.dll
2014-06-03 12:11 - 2014-05-27 07:57 - 00000000 ____D () C:\Users\rsteele\AppData\Local\Citrix
2014-06-03 11:58 - 2014-06-03 11:58 - 00001508 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
2014-06-03 11:58 - 2014-06-03 11:57 - 00000000 ____D () C:\ProgramData\Citrix
2014-06-03 11:58 - 2013-04-10 11:44 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-06-03 11:55 - 2014-06-03 11:55 - 00000093 _____ () C:\Users\rsteele\AppData\Roaming\ARCompanion.log
2014-06-03 11:39 - 2014-06-03 10:59 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-03 11:39 - 2013-04-10 11:22 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-06-03 11:39 - 2013-04-10 11:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-03 11:39 - 2013-04-10 11:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-03 11:38 - 2014-06-03 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraVNC
2014-06-03 11:38 - 2014-06-03 10:57 - 00000000 ____D () C:\Program Files\UltraVNC
2014-06-03 11:21 - 2014-05-27 07:54 - 00020124 __RSH () C:\Users\rsteele\ntuser.pol
2014-06-03 11:21 - 2014-05-27 07:54 - 00000000 ____D () C:\Users\rsteele
2014-06-03 11:20 - 2014-06-03 10:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-03 11:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-03 11:17 - 2014-06-03 11:01 - 00000000 ____D () C:\Program Files\WinRAR
2014-06-03 11:17 - 2014-06-03 10:56 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-03 11:15 - 2014-06-03 10:58 - 00000000 ____D () C:\ProgramData\Real
2014-06-03 11:14 - 2014-06-03 11:07 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Real
2014-06-03 11:14 - 2014-06-03 11:02 - 00000000 ____D () C:\Program Files (x86)\Pidgin
2014-06-03 11:14 - 2009-07-13 23:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-03 11:13 - 2014-06-03 11:02 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-03 11:10 - 2014-06-03 11:10 - 00000000 ____D () C:\Users\rsteele\AppData\Local\Apple
2014-06-03 11:09 - 2014-06-03 11:03 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-03 11:09 - 2014-06-03 10:55 - 00000000 ____D () C:\ProgramData\Apple
2014-06-03 11:08 - 2014-06-03 11:07 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\ClassicShell
2014-06-03 11:07 - 2014-06-03 11:07 - 00000000 ____D () C:\Users\rsteele\Documents\My Google Gadgets
2014-06-03 11:07 - 2014-06-03 11:07 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Apple Computer
2014-06-03 11:07 - 2014-06-03 11:07 - 00000000 ____D () C:\Users\rsteele\AppData\Local\Google
2014-06-03 11:02 - 2014-06-03 11:02 - 00000000 ____D () C:\ProgramData\ClassicShell
2014-06-03 11:01 - 2014-06-03 11:01 - 00000000 ____D () C:\Windows\CD95F661A5C444F5A6AAECDD91C240DD.TMP
2014-06-03 11:01 - 2014-06-03 11:01 - 00000000 ____D () C:\Users\Default\AppData\Local\WinZip
2014-06-03 11:01 - 2014-06-03 11:01 - 00000000 ____D () C:\Users\Default User\AppData\Local\WinZip
2014-06-03 10:59 - 2014-06-03 10:59 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2014-06-03 10:58 - 2014-06-03 10:58 - 00000000 ____D () C:\Program Files (x86)\Real
2014-06-03 10:58 - 2013-04-10 11:34 - 00505416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-06-03 10:57 - 2014-06-03 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-06-03 10:57 - 2014-06-03 10:57 - 00000000 ____D () C:\Program Files\7-Zip
2014-06-03 10:57 - 2014-05-30 13:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-03 10:56 - 2014-06-03 10:56 - 00000000 ____D () C:\ProgramData\Applications
2014-06-03 10:55 - 2014-06-03 10:55 - 00000000 ____D () C:\Users\Default\AppData\Local\Apple
2014-06-03 10:55 - 2014-06-03 10:55 - 00000000 ____D () C:\Users\Default User\AppData\Local\Apple
2014-06-03 08:42 - 2014-05-27 07:50 - 00000000 ____D () C:\Users\rsadmin
2014-06-03 08:29 - 2013-07-01 07:49 - 00001508 __RSH () C:\ProgramData\ntuser.pol
2014-06-02 07:36 - 2013-07-08 08:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
2014-06-02 07:35 - 2013-07-08 08:55 - 00576912 _____ (Symantec Corporation) C:\Windows\system32\SymVPN.dll
2014-06-02 07:35 - 2013-07-08 08:55 - 00459152 _____ (Symantec Corporation) C:\Windows\system32\sysfer.dll
2014-06-02 07:35 - 2013-07-08 08:55 - 00420752 _____ (Symantec Corporation) C:\Windows\SysWOW64\SymVPN.dll
2014-06-02 07:35 - 2013-07-08 08:55 - 00361360 _____ (Symantec Corporation) C:\Windows\SysWOW64\sysfer.dll
2014-06-02 07:35 - 2013-07-08 08:55 - 00158096 _____ (Symantec Corporation) C:\Windows\system32\FwsVpn.dll
2014-06-02 07:35 - 2013-07-08 08:55 - 00155352 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SysPlant.sys
2014-06-02 07:35 - 2013-07-08 08:55 - 00136080 _____ (Symantec Corporation) C:\Windows\SysWOW64\FwsVpn.dll
2014-06-02 07:35 - 2013-07-08 08:55 - 00056720 _____ (Symantec Corporation) C:\Windows\system32\snacnp.dll
2014-06-02 07:35 - 2013-07-08 08:55 - 00050576 _____ (Symantec Corporation) C:\Windows\SysWOW64\snacnp.dll
2014-06-02 07:35 - 2013-07-08 08:55 - 00044448 _____ (Symantec Corporation) C:\Windows\system32\Drivers\WGX64.SYS
2014-06-02 07:35 - 2013-07-08 08:55 - 00012176 _____ (Symantec Corporation) C:\Windows\system32\sysferThunk.dll
2014-06-02 07:35 - 2013-07-08 08:55 - 00011152 _____ (Symantec Corporation) C:\Windows\SysWOW64\sysferThunk.dll
2014-06-02 07:35 - 2013-07-02 16:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-30 16:05 - 2014-05-27 09:09 - 00000000 ____D () C:\Users\rsteele\AppData\Local\Mozilla
2014-05-30 09:28 - 2013-07-08 08:56 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-05-30 09:28 - 2013-07-08 08:56 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-05-30 09:26 - 2013-07-08 08:55 - 00000000 ____D () C:\Windows\system32\Drivers\SEP
2014-05-30 09:26 - 2013-04-10 11:26 - 00000000 ____D () C:\ProgramData\regid.1992-12.com.symantec
2014-05-30 08:36 - 2014-05-30 08:36 - 00000000 ____D () C:\PSTools
2014-05-29 17:00 - 2014-05-27 09:01 - 00002002 ____H () C:\Users\rsteele\Documents\Default.rdp
2014-05-29 13:28 - 2014-05-29 13:28 - 00001317 _____ () C:\Users\rsteele\Desktop\User Equipment Inventory - Shortcut.lnk
2014-05-29 11:25 - 2014-05-29 11:25 - 00002213 _____ () C:\Users\rsteele\Desktop\Symantec Endpoint Protection Manager Remote Console.lnk
2014-05-29 11:25 - 2014-05-29 11:25 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Symantec
2014-05-29 11:25 - 2014-05-29 11:25 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection Manager
2014-05-29 11:23 - 2014-05-29 11:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-29 11:23 - 2014-05-29 11:22 - 00004416 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-05-29 11:23 - 2014-05-27 14:51 - 00000000 ____D () C:\ProgramData\Oracle
2014-05-29 11:23 - 2014-05-27 14:50 - 00000000 ____D () C:\Program Files (x86)\Java
2014-05-29 11:20 - 2014-05-29 11:20 - 00000000 ____D () C:\Windows\Sun
2014-05-29 07:44 - 2014-05-28 07:57 - 00001413 _____ () C:\Users\rsteele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-29 07:44 - 2014-05-27 07:57 - 00001447 _____ () C:\Users\rsteele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-29 03:22 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-29 03:03 - 2014-05-29 03:01 - 00003397 _____ () C:\Windows\IE9_main.log
2014-05-29 03:03 - 2013-04-10 12:47 - 00778660 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-05-29 03:02 - 2014-05-29 03:02 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-05-29 03:02 - 2014-05-29 03:02 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-05-29 03:02 - 2014-05-29 03:02 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-05-29 03:02 - 2014-05-29 03:02 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-05-29 03:02 - 2014-05-29 03:02 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-05-29 03:02 - 2014-05-29 03:02 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-05-29 03:02 - 2014-05-29 03:02 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-05-29 03:02 - 2014-05-29 03:02 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-05-29 03:02 - 2014-05-29 03:02 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-05-28 16:04 - 2014-05-28 16:04 - 00001109 _____ () C:\Users\Public\Desktop\ASG-Remote Desktop 2012.lnk
2014-05-28 16:04 - 2014-05-28 16:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASG-Remote Desktop 2012
2014-05-28 16:04 - 2014-05-28 16:03 - 00000000 ____D () C:\Program Files (x86)\ASG-Remote Desktop 2012
2014-05-28 14:53 - 2014-06-11 02:43 - 17857536 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-28 14:37 - 2014-06-11 02:43 - 02338816 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-28 14:35 - 2014-06-11 02:42 - 10890240 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-28 14:32 - 2013-04-10 11:47 - 00002440 _____ () C:\Users\Public\Desktop\VMware vSphere Client.lnk
2014-05-28 14:32 - 2013-04-10 11:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-05-28 14:31 - 2014-06-11 02:43 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-28 14:31 - 2014-06-11 02:42 - 01348608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-28 14:30 - 2014-06-11 02:42 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-28 14:30 - 2014-06-11 02:42 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-05-28 14:29 - 2014-06-11 02:43 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-28 14:29 - 2014-06-11 02:43 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-28 14:29 - 2014-06-11 02:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-28 14:29 - 2014-06-11 02:42 - 02148352 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-28 14:29 - 2014-06-11 02:42 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-28 14:29 - 2014-06-11 02:42 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-28 14:28 - 2014-06-11 02:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-28 14:28 - 2014-06-11 02:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-28 14:28 - 2014-06-11 02:43 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-28 14:28 - 2014-06-11 02:43 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-28 14:28 - 2014-06-11 02:42 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-05-28 14:28 - 2014-06-11 02:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-05-28 14:28 - 2014-06-11 02:42 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-05-28 14:27 - 2014-06-11 02:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-28 14:03 - 2014-05-28 14:03 - 00000549 _____ () C:\Users\rsteele\Desktop\Hyena.lnk
2014-05-28 13:57 - 2014-05-28 13:57 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\SystemTools
2014-05-28 13:57 - 2014-05-28 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hyena
2014-05-28 13:57 - 2014-05-28 13:57 - 00000000 ____D () C:\Program Files\Hyena
2014-05-28 13:57 - 2013-07-11 08:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-28 12:48 - 2014-06-11 02:43 - 12356608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-28 12:39 - 2014-06-11 02:43 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-28 12:38 - 2014-06-11 02:42 - 09711104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-28 12:33 - 2014-06-11 02:42 - 01106432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-28 12:32 - 2014-06-11 02:43 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-28 12:32 - 2014-06-11 02:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-28 12:31 - 2014-06-11 02:42 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-05-28 12:31 - 2014-06-11 02:42 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-28 12:30 - 2014-06-11 02:43 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-28 12:30 - 2014-06-11 02:43 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-28 12:30 - 2014-06-11 02:43 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-28 12:30 - 2014-06-11 02:42 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-28 12:30 - 2014-06-11 02:42 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-28 12:30 - 2014-06-11 02:42 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-28 12:30 - 2014-06-11 02:42 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-05-28 12:29 - 2014-06-11 02:43 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-28 12:29 - 2014-06-11 02:43 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-28 12:29 - 2014-06-11 02:43 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-28 12:29 - 2014-06-11 02:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-05-28 12:29 - 2014-06-11 02:42 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-05-28 12:28 - 2014-06-11 02:43 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-28 07:49 - 2014-05-28 07:49 - 00000000 __SHD () C:\Users\rsteele\AppData\Local\EmieUserList
2014-05-28 07:49 - 2014-05-28 07:49 - 00000000 __SHD () C:\Users\rsteele\AppData\Local\EmieSiteList
2014-05-28 07:49 - 2009-07-14 00:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-05-28 03:40 - 2014-05-28 03:33 - 00008691 _____ () C:\Windows\IE11_main.log
2014-05-28 03:08 - 2014-05-28 03:08 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-05-28 03:08 - 2014-05-28 03:08 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-05-27 15:20 - 2014-05-27 15:20 - 00000000 ____D () C:\Users\rsteele\.pdfsam
2014-05-27 14:54 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-05-27 14:51 - 2014-05-27 14:51 - 00000000 ____D () C:\ProgramData\Sun
2014-05-27 14:34 - 2014-05-27 14:34 - 00001090 _____ () C:\Users\rsteele\Desktop\TightVNC Viewer (Best Compression).lnk
2014-05-27 14:34 - 2014-05-27 14:34 - 00001050 _____ () C:\Users\rsteele\Desktop\TightVNC Viewer (Listen Mode).lnk
2014-05-27 14:33 - 2014-05-27 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
2014-05-27 14:33 - 2014-05-27 14:33 - 00000000 ____D () C:\Program Files (x86)\TightVNC
2014-05-27 14:09 - 2014-05-27 14:09 - 00000000 ____D () C:\Users\rsteele\AppData\Local\Adobe
2014-05-27 14:09 - 2014-05-27 08:03 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Adobe
2014-05-27 11:13 - 2014-05-27 11:13 - 00000966 _____ () C:\Users\rsteele\Desktop\LockoutStatus - Shortcut.lnk
2014-05-27 11:13 - 2014-05-27 11:13 - 00000948 _____ () C:\Users\rsteele\Desktop\eventcombMT - Shortcut.lnk
2014-05-27 11:12 - 2014-05-27 11:12 - 00000000 ____D () C:\AL TOOLS
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\zh-CHT
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\zh-CHS
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\tr
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\sv
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\ru
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\pt
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\pl
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\nl
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\ko
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\ja
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\it
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\hu
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\fr
2014-05-27 11:06 - 2014-05-27 11:06 - 00000000 ____D () C:\Windows\system32\es
2014-05-27 11:06 - 2009-07-14 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-27 11:05 - 2014-05-27 11:06 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpregistrybrowser.dll
2014-05-27 11:05 - 2014-05-27 11:05 - 00302080 _____ (Microsoft Corporation) C:\Windows\system32\gpregistrybrowser.dll
2014-05-27 11:05 - 2014-05-27 11:05 - 00000000 ____D () C:\Windows\system32\de
2014-05-27 11:05 - 2014-05-27 11:05 - 00000000 ____D () C:\Windows\system32\cs
2014-05-27 09:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-05-27 09:55 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-05-27 09:32 - 2014-05-27 09:32 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\visionapp
2014-05-27 09:28 - 2014-05-27 09:28 - 00000000 ____D () C:\Users\rsteele\AppData\Local\Macromedia
2014-05-27 09:21 - 2014-05-27 09:20 - 00000000 ____D () C:\ScriptLogic
2014-05-27 09:21 - 2014-05-27 09:16 - 00003277 _____ () C:\Windows\SysWOW64\slinstall_USAGAGRIT-RS1.log
2014-05-27 09:21 - 2013-04-10 10:55 - 00000000 ____D () C:\Program Files (x86)\ScriptLogic
2014-05-27 09:21 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-27 09:09 - 2014-05-27 09:09 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Mozilla
2014-05-27 09:08 - 2014-05-27 09:08 - 00000000 ____D () C:\Users\rsteele\AppData\Local\VMware
2014-05-27 08:48 - 2014-05-27 08:48 - 00000000 ____D () C:\Users\rsteele\AppData\Local\Microsoft Corporation
2014-05-27 08:32 - 2014-05-27 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-05-27 08:32 - 2014-05-27 08:32 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-05-27 08:32 - 2014-05-27 08:32 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-05-27 08:08 - 2014-05-27 08:08 - 00002903 _____ () C:\Users\rsteele\Desktop\Remote Desktop Connection Manager.lnk
2014-05-27 08:08 - 2014-05-27 08:08 - 00002903 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Desktop Connection Manager.lnk
2014-05-27 08:08 - 2014-05-27 08:08 - 00000000 ____D () C:\Program Files (x86)\Remote Desktop Connection Manager
2014-05-27 08:05 - 2014-05-27 08:05 - 00002208 _____ () C:\Users\rsteele\Desktop\DameWare Mini Remote Control.lnk
2014-05-27 07:59 - 2014-05-27 07:59 - 00001771 _____ () C:\Users\rsteele\Desktop\rsteele.lnk
2014-05-27 07:57 - 2014-05-27 07:57 - 00000000 ____D () C:\Users\rsteele\Documents\Snagit
2014-05-27 07:57 - 2014-05-27 07:57 - 00000000 ____D () C:\Users\rsteele\Documents\IBM
2014-05-27 07:57 - 2014-05-27 07:57 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\Realtime Soft
2014-05-27 07:57 - 2014-05-27 07:57 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\ICAClient
2014-05-27 07:57 - 2014-05-27 07:57 - 00000000 ____D () C:\Users\rsteele\AppData\Roaming\IBM
2014-05-27 07:57 - 2014-05-27 07:57 - 00000000 ____D () C:\Users\rsteele\AppData\Local\TechSmith
2014-05-27 07:54 - 2014-05-27 07:54 - 00000020 ___SH () C:\Users\rsteele\ntuser.ini
2014-05-27 07:54 - 2014-05-27 07:54 - 00000000 ____D () C:\Users\rsteele\AppData\Local\Symantec
2014-05-27 07:53 - 2014-05-27 07:50 - 00000000 ____D () C:\Users\rsadmin\AppData\Local\Temp
2014-05-27 07:51 - 2014-05-27 07:51 - 00110624 _____ () C:\Users\rsadmin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-27 07:51 - 2014-05-27 07:51 - 00001447 _____ () C:\Users\rsadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-27 07:51 - 2014-05-27 07:51 - 00001413 _____ () C:\Users\rsadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-27 07:51 - 2014-05-27 07:51 - 00000000 ___RD () C:\Users\rsadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-27 07:51 - 2014-05-27 07:51 - 00000000 ___RD () C:\Users\rsadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-27 07:51 - 2014-05-27 07:51 - 00000000 ____D () C:\Users\rsadmin\Documents\IBM
2014-05-27 07:51 - 2014-05-27 07:51 - 00000000 ____D () C:\Users\rsadmin\AppData\Roaming\Realtime Soft
2014-05-27 07:51 - 2014-05-27 07:51 - 00000000 ____D () C:\Users\rsadmin\AppData\Roaming\ICAClient
2014-05-27 07:51 - 2014-05-27 07:51 - 00000000 ____D () C:\Users\rsadmin\AppData\Roaming\IBM
2014-05-27 07:51 - 2014-05-27 07:51 - 00000000 ____D () C:\Users\rsadmin\AppData\Local\TechSmith
2014-05-27 07:51 - 2014-05-27 07:51 - 00000000 ____D () C:\Users\rsadmin\AppData\Local\Citrix
2014-05-27 07:50 - 2014-05-27 07:50 - 00000020 ___SH () C:\Users\rsadmin\ntuser.ini
2014-05-27 07:50 - 2014-05-27 07:50 - 00000000 ____D () C:\Users\rsadmin\AppData\Local\Symantec
2014-05-22 16:11 - 2013-04-10 11:04 - 00000226 _____ () C:\Users\Public\Desktop\Titan America InSight.url
2014-05-22 16:11 - 2013-04-10 10:53 - 00000000 ____D () C:\Users\jmack\AppData\Local\Temp
2014-05-22 16:00 - 2014-05-22 16:00 - 00001413 _____ () C:\Users\jmack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-05-22 16:00 - 2014-05-22 16:00 - 00000000 ____D () C:\Users\jmack\AppData\Roaming\Realtime Soft
2014-05-22 16:00 - 2013-04-10 10:54 - 00001447 _____ () C:\Users\jmack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-22 16:00 - 2013-04-10 10:54 - 00000000 ___RD () C:\Users\jmack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-22 16:00 - 2013-04-10 10:54 - 00000000 ___RD () C:\Users\jmack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-22 15:59 - 2014-05-22 15:59 - 00000000 ____D () C:\Users\jmack\AppData\Local\Symantec
2014-05-22 15:59 - 2013-04-10 10:53 - 00015882 __RSH () C:\Users\jmack\ntuser.pol
2014-05-22 15:59 - 2013-04-10 10:53 - 00000000 ____D () C:\Users\jmack

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-08 00:10

==================== End Of Log ============================

 

____________________

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2014
Ran by <redacted> at 2014-06-16 08:18:53
Running from C:\TEMP
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.111 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.111 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\{1BBE4C53-634B-44B3-8693-314ED6260557}) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
ASG-Remote Desktop 2012 (HKLM-x32\...\ASG-Remote Desktop 2012) (Version: 7.3.4130.0 - ASG GmbH & Co. KG)
Citrix Authentication Manager (x32 Version: 5.1.0.62606 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash Redirection) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Citrix Receiver Inside (x32 Version: 4.1.0.56471 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 4.1.0.56461 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(DV) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver(USB) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DameWare Remote Support 9.0 (HKLM-x32\...\{078E7C69-E44C-4670-AE4D-891E334A9205}) (Version: 9.0.1.247 - SolarWinds)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version:  - Microsoft)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Hyena v11.0 (HKLM-x32\...\{ADFAAD69-2F06-448C-8C78-B10ABE62952B}) (Version: 11.00.0000 - SystemTools Software Inc)
IBM System i Access for Windows V6R1M0 (HKLM\...\{164EB883-354E-4290-AD76-67CEE65403A3}) (Version: 06.01.0001 - IBM)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 16.5 - Intel)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
M86 MailMarshal SEG (HKLM-x32\...\{DD95DE5D-00D8-4BC4-A6C0-C0394995468C}) (Version: 7.1.2.5326 - M86 Security)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft redistributable runtime DLLs VS2005 SP1(x86) (HKLM-x32\...\{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}) (Version: 8.0.50727.4053 - SAP)
Microsoft redistributable runtime DLLs VS2008 SP1(x86) (HKLM-x32\...\{A47A9101-6EB5-4314-BDA1-297880FBB908}) (Version: 9.0 - SAP AG)
Microsoft redistributable runtime DLLs VS2010 SP1 (x86) (HKLM-x32\...\{2385C070-EC26-4AB9-8718-E605C977C0ED}) (Version: 10.0.40219.1 - SAP)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM-x32\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version: 2.0.50728 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Remote Desktop Connection Manager (HKLM-x32\...\{173A2B7F-535A-4403-A454-B41531EF0D7F}) (Version: 2.2.0423 - Microsoft Corporation)
SAP GUI for Windows 7.30 (HKLM-x32\...\SAPGUI710) (Version: 7.30 Compilation 1 - SAP)
ScriptLogic Desktop Authority: Computer Agent (HKLM-x32\...\{25629F92-DA8C-4726-89C9-C078C9E88E23}) (Version: 8.12.7 - ScriptLogic Corporation)
Self-service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Snagit 10 (HKLM-x32\...\{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}) (Version: 10.0.0 - TechSmith Corporation)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
Symantec Endpoint Protection (HKLM\...\{B53661DC-CD94-4B14-B15F-D9DDCFF72558}) (Version: 12.1.4013.4013 - Symantec Corporation)
Symantec Endpoint Protection Manager Remote Console (HKCU\...\Symantec Endpoint Protection Manager Remote Console) (Version:  - Symantec Corporation)
Symantec Enterprise Vault HTTP-only Outlook Add-In (HKLM-x32\...\{E39FF2F6-AE40-4B2F-AC51-5F3EB4971E93}) (Version: 10.0.1316 - Symantec Corporation)
TightVNC 1.2.9 (HKLM-x32\...\TightVNC_is1) (Version: 1.2.9 - Constantin Kaplinsky)
UltraMon (HKLM\...\{537056B7-32A4-4408-9B54-0341963C7C9C}) (Version: 3.1.0 - Realtime Soft Ltd)
UltraVnc (HKLM\...\Ultravnc2_is1) (Version: 1.1.9.6 - uvnc bvba)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office (KB2879953) (HKLM-x32\...\{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{C68BF597-B7A7-407A-A190-0ACF95BEB8EC}) (Version:  - Microsoft)
Update for Microsoft Office (KB2879953) (HKLM-x32\...\{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{C68BF597-B7A7-407A-A190-0ACF95BEB8EC}) (Version:  - Microsoft)
Update for Microsoft Office (KB2879953) (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{C68BF597-B7A7-407A-A190-0ACF95BEB8EC}) (Version:  - Microsoft)
Update for Microsoft Office (KB2879953) (HKLM-x32\...\{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{C68BF597-B7A7-407A-A190-0ACF95BEB8EC}) (Version:  - Microsoft)
Update for Microsoft Office (KB2879953) (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{C68BF597-B7A7-407A-A190-0ACF95BEB8EC}) (Version:  - Microsoft)
Update for Microsoft Office (KB2879953) (HKLM-x32\...\{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{C68BF597-B7A7-407A-A190-0ACF95BEB8EC}) (Version:  - Microsoft)
Update for Microsoft Office (KB2879953) (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C68BF597-B7A7-407A-A190-0ACF95BEB8EC}) (Version:  - Microsoft)
Update for Microsoft Office (KB2879953) (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{C68BF597-B7A7-407A-A190-0ACF95BEB8EC}) (Version:  - Microsoft)
Update for Microsoft Office (KB2879953) (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{C68BF597-B7A7-407A-A190-0ACF95BEB8EC}) (Version:  - Microsoft)
Update for Microsoft Office (KB2879953) (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{C68BF597-B7A7-407A-A190-0ACF95BEB8EC}) (Version:  - Microsoft)
Update for Microsoft Office (KB2879953) (HKLM-x32\...\{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{C68BF597-B7A7-407A-A190-0ACF95BEB8EC}) (Version:  - Microsoft)
Update for Microsoft Office (KB2879953) (HKLM-x32\...\{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{C68BF597-B7A7-407A-A190-0ACF95BEB8EC}) (Version:  - Microsoft)
Update for Microsoft Office (KB2879953) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{C68BF597-B7A7-407A-A190-0ACF95BEB8EC}) (Version:  - Microsoft)
Update for Microsoft Office (KB2879953) (HKLM-x32\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{C68BF597-B7A7-407A-A190-0ACF95BEB8EC}) (Version:  - Microsoft)
Update for Microsoft Office (KB2879953) (HKLM-x32\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{C68BF597-B7A7-407A-A190-0ACF95BEB8EC}) (Version:  - Microsoft)
Update for Microsoft Office (KB2879953) (HKLM-x32\...\{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{C68BF597-B7A7-407A-A190-0ACF95BEB8EC}) (Version:  - Microsoft)
Update for Microsoft Office (KB2879953) (HKLM-x32\...\{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{C68BF597-B7A7-407A-A190-0ACF95BEB8EC}) (Version:  - Microsoft)
Update for Microsoft Office (KB2879953) (HKLM-x32\...\{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{C68BF597-B7A7-407A-A190-0ACF95BEB8EC}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
VMware vSphere Client 5.0 (HKLM-x32\...\{04805AB6-F757-496A-8D56-37A0FC5FF6F3}) (Version: 5.0.0.16964 - VMware, Inc.)
VMware vSphere Client 5.5 (HKLM-x32\...\{4CFB0494-2E96-4631-8364-538E2AA91324}) (Version: 5.5.0.3165 - VMware, Inc.)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.10.7 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.10.7 - The Wireshark developer community, http://www.wireshark.org)

==================== Restore Points  =========================

16-06-2014 04:00:01 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {EBC87362-5676-4D6C-BEB5-771862ACE335} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-03] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-05-27 08:32 - 2013-10-23 14:24 - 00087600 _____ () C:\Windows\System32\cpwmon64.dll
2014-05-23 01:34 - 2014-05-23 01:34 - 00023552 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2014-06-11 09:17 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-11 09:17 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-11 09:17 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-11 09:17 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-06-11 09:17 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2013-04-23 09:36 - 2013-04-23 09:36 - 00196608 _____ () C:\Program Files (x86)\ASG-Remote Desktop 2012\AxMSTSCLib.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/12/2014 01:29:23 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\rsteele\AppData\Local\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\2VT0AUOD\dia-setup-0.97.2-2-unsigned.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (06/12/2014 00:29:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 4.1.6.2, time stamp: 0x5358065d
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0x00000000
Fault offset: 0x0000c42d
Faulting process id: 0xfcc
Faulting application start time: 0xsoffice.bin0
Faulting application path: soffice.bin1
Faulting module path: soffice.bin2
Report Id: soffice.bin3

Error: (06/12/2014 00:27:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/12/2014 00:23:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 4.1.6.2, time stamp: 0x5358065d
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0x00000000
Fault offset: 0x0000c42d
Faulting process id: 0x34f0
Faulting application start time: 0xsoffice.bin0
Faulting application path: soffice.bin1
Faulting module path: soffice.bin2
Report Id: soffice.bin3

Error: (06/12/2014 00:23:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 4.1.6.2, time stamp: 0x5358065d
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0x00000000
Fault offset: 0x0000c42d
Faulting process id: 0x368c
Faulting application start time: 0xsoffice.bin0
Faulting application path: soffice.bin1
Faulting module path: soffice.bin2
Report Id: soffice.bin3

Error: (06/12/2014 00:22:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 4.1.6.2, time stamp: 0x5358065d
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0x00000000
Fault offset: 0x0000c42d
Faulting process id: 0x420c
Faulting application start time: 0xsoffice.bin0
Faulting application path: soffice.bin1
Faulting module path: soffice.bin2
Report Id: soffice.bin3

Error: (06/12/2014 00:20:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 4.1.6.2, time stamp: 0x5358065d
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0x00000000
Fault offset: 0x0000c42d
Faulting process id: 0x2e84
Faulting application start time: 0xsoffice.bin0
Faulting application path: soffice.bin1
Faulting module path: soffice.bin2
Report Id: soffice.bin3

Error: (06/12/2014 00:19:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 4.1.6.2, time stamp: 0x5358065d
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0x00000000
Fault offset: 0x0000c42d
Faulting process id: 0x3c2c
Faulting application start time: 0xsoffice.bin0
Faulting application path: soffice.bin1
Faulting module path: soffice.bin2
Report Id: soffice.bin3

Error: (06/12/2014 00:19:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 4.1.6.2, time stamp: 0x5358065d
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0x00000000
Fault offset: 0x0000c42d
Faulting process id: 0x40a4
Faulting application start time: 0xsoffice.bin0
Faulting application path: soffice.bin1
Faulting module path: soffice.bin2
Report Id: soffice.bin3

Error: (06/12/2014 00:18:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: soffice.bin, version: 4.1.6.2, time stamp: 0x5358065d
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x53159a86
Exception code: 0x00000000
Fault offset: 0x0000c42d
Faulting process id: 0x4028
Faulting application start time: 0xsoffice.bin0
Faulting application path: soffice.bin1
Faulting module path: soffice.bin2
Report Id: soffice.bin3

System errors:
=============
Error: (06/15/2014 07:55:06 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/13/2014 02:18:26 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/12/2014 03:48:29 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/12/2014 08:29:24 AM) (Source: Kerberos) (EventID: 5) (User: )
Description: The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server USAGAGRXPPRO18$. This indicates that the ticket used against that server is not yet valid (in relationship to that server time).  Contact your system administrator to make sure the client and server times are in sync, and that the KDC in realm TITAN.US is in sync with the KDC in the client realm.

Error: (06/11/2014 03:03:43 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/11/2014 02:59:09 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/09/2014 07:21:56 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/06/2014 11:43:28 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/06/2014 08:26:30 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/05/2014 01:44:53 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Microsoft Office Sessions:
=========================
Error: (06/12/2014 01:29:23 PM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!WS.Reputation.1 in File: C:\Users\rsteele\AppData\Local\MICROSOFT\Windows\TEMPORARY INTERNET FILES\Content.IE5\2VT0AUOD\dia-setup-0.97.2-2-unsigned.exe by: Auto-Protect scan.  Action: Quarantine succeeded : Access denied.  Action Description: The file was quarantined successfully.

Error: (06/12/2014 00:29:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: soffice.bin4.1.6.25358065dKERNELBASE.dll6.1.7601.1840953159a86000000000000c42dfcc01cf865b879a1550C:\Program Files (x86)\LibreOffice 4\program\soffice.binC:\Windows\syswow64\KERNELBASE.dllc7cccff2-f24e-11e3-892e-782bcba400d0

Error: (06/12/2014 00:27:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/12/2014 00:23:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: soffice.bin4.1.6.25358065dKERNELBASE.dll6.1.7601.1840953159a86000000000000c42d34f001cf865aa1ff452aC:\Program Files (x86)\LibreOffice 4\program\soffice.binC:\Windows\syswow64\KERNELBASE.dlle0500f76-f24d-11e3-aec5-782bcba400d0

Error: (06/12/2014 00:23:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: soffice.bin4.1.6.25358065dKERNELBASE.dll6.1.7601.1840953159a86000000000000c42d368c01cf865a9da53e02C:\Program Files (x86)\LibreOffice 4\program\soffice.binC:\Windows\syswow64\KERNELBASE.dlldcafb42a-f24d-11e3-aec5-782bcba400d0

Error: (06/12/2014 00:22:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: soffice.bin4.1.6.25358065dKERNELBASE.dll6.1.7601.1840953159a86000000000000c42d420c01cf865a72d37e28C:\Program Files (x86)\LibreOffice 4\program\soffice.binC:\Windows\syswow64\KERNELBASE.dllb1244874-f24d-11e3-aec5-782bcba400d0

Error: (06/12/2014 00:20:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: soffice.bin4.1.6.25358065dKERNELBASE.dll6.1.7601.1840953159a86000000000000c42d2e8401cf865a357014d4C:\Program Files (x86)\LibreOffice 4\program\soffice.binC:\Windows\syswow64\KERNELBASE.dll73c34082-f24d-11e3-aec5-782bcba400d0

Error: (06/12/2014 00:19:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: soffice.bin4.1.6.25358065dKERNELBASE.dll6.1.7601.1840953159a86000000000000c42d3c2c01cf865a2741f80aC:\Program Files (x86)\LibreOffice 4\program\soffice.binC:\Windows\syswow64\KERNELBASE.dll6592c256-f24d-11e3-aec5-782bcba400d0

Error: (06/12/2014 00:19:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: soffice.bin4.1.6.25358065dKERNELBASE.dll6.1.7601.1840953159a86000000000000c42d40a401cf865a0f579372C:\Program Files (x86)\LibreOffice 4\program\soffice.binC:\Windows\syswow64\KERNELBASE.dll4dd59804-f24d-11e3-aec5-782bcba400d0

Error: (06/12/2014 00:18:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: soffice.bin4.1.6.25358065dKERNELBASE.dll6.1.7601.1840953159a86000000000000c42d402801cf8659fb71843aC:\Program Files (x86)\LibreOffice 4\program\soffice.binC:\Windows\syswow64\KERNELBASE.dll3af7c24a-f24d-11e3-aec5-782bcba400d0

==================== Memory info ===========================

Percentage of memory in use: 61%
Total physical RAM: 4052.93 MB
Available physical RAM: 1540.9 MB
Total Pagefile: 8104.05 MB
Available Pagefile: 4996.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:49.9 GB) (Free:9.7 GB) NTFS
Drive e: () (Fixed) (Total:182.88 GB) (Free:139.24 GB) NTFS
Drive m: (Data) (Network) (Total:374.98 GB) (Free:19.71 GB) NTFS
Drive p: () (Network) (Total:540 GB) (Free:404.56 GB) NTFS
Drive s: (Data) (Network) (Total:374.98 GB) (Free:19.71 GB) NTFS
Drive z: () (Network) (Total:540 GB) (Free:404.56 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 1BB879E7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=183 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:05:17 AM

Posted 17 June 2014 - 08:39 AM

Hello,

 

Thank you for the log. :)

 

I am currently discussing our options with my instructor as this is a unique case.

 

Do you have backups of your users' workstations stored on a server or NAS?


CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#5 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:05:17 AM

Posted 17 June 2014 - 11:01 AM

Hello,

 

Your logs look clean, so I do not suspect malware on the workstation.

 

--------------------------------------------------------

 

I suggest performing a factory reset of your router as it is the next logical place to look (that and DNS).

 

Depending on the type of router (if you're dealing with an enterprise level Cisco router for example), you may want to save the router configuration then perform the factory reset.

 

--------------------------------------------------------

 

Beyond that, the only way to deal with this is to push out recent backups of all the workstations.

 

The fact that all the systems are experiencing this coupled with your logs being clean points to some central cause for this behavior though. Pursue that before pushing out the backups.


Edited by TheShooter93, 17 June 2014 - 11:02 AM.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#6 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:05:17 AM

Posted 20 June 2014 - 09:47 AM

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:17 AM

Posted 23 June 2014 - 12:24 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users