Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Server 2008 R2 AD/DNS Server Malware bytes blocking IP address


  • Please log in to reply
1 reply to this topic

#1 debaugh

debaugh

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 08 January 2015 - 06:55 PM

I was looking through my MB logs the other day and found that Malware Bytes has been blocking a couple of IP addresses at various times throughout the day.  I ran our virus scan, malware bytes, rootkit buster, rogue killer, tdskiller, sophos on line, eset online, MBAR, and ADWCleaner.  None of them have found anything. I have run show hidden to see if anything pops up and I have not seen anything out ouf the ordinary thus far... but I am still looking.  I am at a loss as I know this should not be happening.  The only problem I had running any of the tooks was that Rogue killer would hang up on the MBAM service which I uninstalled then reinstalled once the scan was completed. Below are some of the logs... Any assistance would be greatful as I am at a loss.

 

Show-hidden -f

Show Hidden by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
Show Hidden will display all hidden folders on your computer.
You can use the -f argument to display hidden files as well.

Program started at: 01/08/2015 06:09:52 PM
Windows Version: Windows Server 2008 R2

Please be patient while your hard drives are scanned.

Scanning the A:\ drive


Finished scanning the A:\ drive. 0 hidden items found.

Scanning the C:\ drive

 * C:\$Recycle.Bin
 * C:\$Recycle.Bin\S-1-5-21-2569257102-2185423520-2273032915-1107
 * C:\$Recycle.Bin\S-1-5-21-2569257102-2185423520-2273032915-1248
 * C:\$Recycle.Bin\S-1-5-21-2569257102-2185423520-2273032915-1290
 * C:\$Recycle.Bin\S-1-5-21-2569257102-2185423520-2273032915-500
 * C:\$Recycle.Bin\S-1-5-21-2890613172-815135678-715974545-500
 * C:\Program Files\Uninstall Information
 * C:\Program Files (x86)\Belarc\BelMonitor\System\Brands\monitor\BelNotify\control.bcf [File]
 * C:\Program Files (x86)\Uninstall Information
 * C:\ProgramData
 * C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D [File]
 * C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W [File]
 * C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W [File]
 * C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H [File]
 * C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D [File]
 * C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck [File]
 * C:\ProgramData\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q [File]
 * C:\ProgramData\Microsoft\DRM\Server
 * C:\ProgramData\Microsoft\Group Policy\History
 * C:\ProgramData\ntuser.pol [File]
 * C:\Recovery
 * C:\Recovery\6fde102f-f28c-11e1-9b9a-c8c0bf91c0b5
 * C:\Recovery\6fde102f-f28c-11e1-9b9a-c8c0bf91c0b5\Winre.wim [File]
 * C:\System Volume Information
 * C:\Users\Administrator\AppData
 * C:\Users\Administrator\AppData\Local\IconCache.db [File]
 * C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
 * C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
 * C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\0GA3R1U3
 * C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\6V8STHIT
 * C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\F0ATPSKB
 * C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache\P22CUHBY
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\Burn\Burn
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\Burn\Burn1
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\History
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2RAUFS3Z
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F76T3MYD
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NXS6NE6I
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VBRIEL30
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat [File]
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 [File]
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 [File]
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat{bbdb655b-f284-11e1-b20c-000c29a5156f}.TM.blf [File]
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat{bbdb655b-f284-11e1-b20c-000c29a5156f}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat{bbdb655b-f284-11e1-b20c-000c29a5156f}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\CREDHIST [File]
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Protect\SYNCHIST [File]
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IETldCache
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IETldCache\Low
 * C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Users\Administrator\NTUSER.DAT [File]
 * C:\Users\Administrator\ntuser.dat.LOG1 [File]
 * C:\Users\Administrator\ntuser.dat.LOG2 [File]
 * C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [File]
 * C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\Administrator\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\Administrator\ntuser.ini [File]
 * C:\Users\Administrator\Searches\Everywhere.search-ms [File]
 * C:\Users\Administrator\Searches\Indexed Locations.search-ms [File]
 * C:\Users\administrator.SCI\AppData
 * C:\Users\administrator.SCI\AppData\Local\EmieBrowserModeList
 * C:\Users\administrator.SCI\AppData\Local\EmieBrowserModeList\container.dat [File]
 * C:\Users\administrator.SCI\AppData\Local\EmieSiteList
 * C:\Users\administrator.SCI\AppData\Local\EmieSiteList\container.dat [File]
 * C:\Users\administrator.SCI\AppData\Local\EmieUserList
 * C:\Users\administrator.SCI\AppData\Local\EmieUserList\container.dat [File]
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Feeds Cache\2S6VMPO6
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Feeds Cache\43XE6XM8
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Feeds Cache\container.dat [File]
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Feeds Cache\GQGZM898
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Feeds Cache\TGHIN0XK
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Feeds Cache\U1C2O0TW
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Feeds Cache\U3D2FPLG
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Feeds Cache\XMWUNMK8
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Feeds Cache\ZVERJU0W
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\AppCache
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\AppCache\container.dat [File]
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\AppCache\U8G228U2
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\AppCache\U8G228U2\container.dat [File]
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\Burn\Burn
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\Burn\Burn1
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\History
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat [File]
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\History\Low\History.IE5
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\History\Low\History.IE5\container.dat [File]
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat [File]
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\container.dat [File]
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\UsrClass.dat [File]
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 [File]
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 [File]
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\UsrClass.dat{0f89dc1e-634e-11e2-8192-000c29a5156f}.TM.blf [File]
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\UsrClass.dat{0f89dc1e-634e-11e2-8192-000c29a5156f}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\UsrClass.dat{0f89dc1e-634e-11e2-8192-000c29a5156f}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\UsrClass.dat{bf5eaa83-7975-11e4-9a34-000c294c233a}.TM.blf [File]
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\UsrClass.dat{bf5eaa83-7975-11e4-9a34-000c294c233a}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\UsrClass.dat{bf5eaa83-7975-11e4-9a34-000c294c233a}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\WebCache
 * C:\Users\administrator.SCI\AppData\Local\Microsoft\Windows\WebCacheLock.dat [File]
 * C:\Users\administrator.SCI\AppData\LocalLow\EmieBrowserModeList
 * C:\Users\administrator.SCI\AppData\LocalLow\EmieBrowserModeList\container.dat [File]
 * C:\Users\administrator.SCI\AppData\LocalLow\EmieSiteList
 * C:\Users\administrator.SCI\AppData\LocalLow\EmieSiteList\container.dat [File]
 * C:\Users\administrator.SCI\AppData\LocalLow\EmieUserList
 * C:\Users\administrator.SCI\AppData\LocalLow\EmieUserList\container.dat [File]
 * C:\Users\administrator.SCI\AppData\LocalLow\Microsoft\Windows\AppCache
 * C:\Users\administrator.SCI\AppData\LocalLow\Microsoft\Windows\AppCache\container.dat [File]
 * C:\Users\administrator.SCI\AppData\LocalLow\Microsoft\Windows\AppCache\H113WHSL
 * C:\Users\administrator.SCI\AppData\LocalLow\Microsoft\Windows\AppCache\H113WHSL\container.dat [File]
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Protect\CREDHIST [File]
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Protect\S-1-5-21-2569257102-2185423520-2273032915-500\3116bbaa-0554-4155-9c12-7dee1f330914 [File]
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Protect\S-1-5-21-2569257102-2185423520-2273032915-500\42d564ab-1431-4a2d-9d89-56e7905add8b [File]
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Protect\S-1-5-21-2569257102-2185423520-2273032915-500\52617677-9aaf-40ba-bd8d-065cbdba45c3 [File]
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Protect\S-1-5-21-2569257102-2185423520-2273032915-500\97e2c7d9-31dd-4364-ad40-d937c566acb4 [File]
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Protect\S-1-5-21-2569257102-2185423520-2273032915-500\BK-SCI [File]
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Protect\S-1-5-21-2569257102-2185423520-2273032915-500\Preferred [File]
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Protect\SYNCHIST [File]
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\Cookies\container.dat [File]
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\Cookies\Low
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\Cookies\Low\container.dat [File]
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\DNTException
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\DNTException\container.dat [File]
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\DNTException\Low
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\IECompatCache
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\IECompatCache\container.dat [File]
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\IECompatUACache
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\IECompatUACache\container.dat [File]
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\container.dat [File]
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\IETldCache
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\IETldCache\container.dat [File]
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\IETldCache\Low
 * C:\Users\administrator.SCI\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Users\administrator.SCI\NTUSER.DAT [File]
 * C:\Users\administrator.SCI\ntuser.dat.LOG1 [File]
 * C:\Users\administrator.SCI\ntuser.dat.LOG2 [File]
 * C:\Users\administrator.SCI\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [File]
 * C:\Users\administrator.SCI\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\administrator.SCI\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\administrator.SCI\ntuser.ini [File]
 * C:\Users\administrator.SCI\ntuser.pol [File]
 * C:\Users\administrator.SCI\Searches\Everywhere.search-ms [File]
 * C:\Users\administrator.SCI\Searches\Indexed Locations.search-ms [File]
 * C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_CValidator.H1D [File]
 * C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_AssetId.H1W [File]
 * C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MKWD_BestBet.H1W [File]
 * C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MTOC_help.H1H [File]
 * C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.H1D [File]
 * C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help_MValidator.Lck [File]
 * C:\Users\All Users\Microsoft\Assistance\Client\1.0\en-US\Help{9DAA54E8-CD95-4107-8E7F-BA3F24732D95}.H1Q [File]
 * C:\Users\All Users\Microsoft\DRM\Server
 * C:\Users\All Users\Microsoft\Group Policy\History
 * C:\Users\All Users\ntuser.pol [File]
 * C:\Users\debaugh\AppData
 * C:\Users\debaugh\AppData\Local\IconCache.db [File]
 * C:\Users\debaugh\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
 * C:\Users\debaugh\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
 * C:\Users\debaugh\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\debaugh\AppData\Local\Microsoft\Feeds Cache\HBNTJJY3
 * C:\Users\debaugh\AppData\Local\Microsoft\Feeds Cache\IKUPZTTV
 * C:\Users\debaugh\AppData\Local\Microsoft\Feeds Cache\P48C27MP
 * C:\Users\debaugh\AppData\Local\Microsoft\Feeds Cache\WT9OQ4HL
 * C:\Users\debaugh\AppData\Local\Microsoft\Windows\History
 * C:\Users\debaugh\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\debaugh\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Users\debaugh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Users\debaugh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BRO5CUYA
 * C:\Users\debaugh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DX2L9PGP
 * C:\Users\debaugh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FEX4UGNX
 * C:\Users\debaugh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCLMPV9U
 * C:\Users\debaugh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
 * C:\Users\debaugh\AppData\Local\Microsoft\Windows\UsrClass.dat [File]
 * C:\Users\debaugh\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 [File]
 * C:\Users\debaugh\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 [File]
 * C:\Users\debaugh\AppData\Local\Microsoft\Windows\UsrClass.dat{0d7ab8f3-77b8-11e2-afd4-000c29a5156f}.TM.blf [File]
 * C:\Users\debaugh\AppData\Local\Microsoft\Windows\UsrClass.dat{0d7ab8f3-77b8-11e2-afd4-000c29a5156f}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\debaugh\AppData\Local\Microsoft\Windows\UsrClass.dat{0d7ab8f3-77b8-11e2-afd4-000c29a5156f}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\debaugh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Users\debaugh\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Users\debaugh\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
 * C:\Users\debaugh\AppData\Roaming\Microsoft\Windows\IETldCache\Low
 * C:\Users\debaugh\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Users\debaugh\NTUSER.DAT [File]
 * C:\Users\debaugh\ntuser.dat.LOG1 [File]
 * C:\Users\debaugh\ntuser.dat.LOG2 [File]
 * C:\Users\debaugh\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [File]
 * C:\Users\debaugh\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\debaugh\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\debaugh\ntuser.ini [File]
 * C:\Users\debaugh\Searches\Everywhere.search-ms [File]
 * C:\Users\debaugh\Searches\Indexed Locations.search-ms [File]
 * C:\Users\Default
 * C:\Users\Default\AppData
 * C:\Users\Default\NTUSER.DAT [File]
 * C:\Users\Default\NTUSER.DAT.LOG [File]
 * C:\Users\Default\NTUSER.DAT.LOG1 [File]
 * C:\Users\Default\NTUSER.DAT.LOG2 [File]
 * C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [File]
 * C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\Public\Desktop
 * C:\Users\Public\Favorites
 * C:\Users\Public\Libraries
 * C:\Users\services-admin\AppData
 * C:\Users\services-admin\AppData\Local\IconCache.db [File]
 * C:\Users\services-admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
 * C:\Users\services-admin\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
 * C:\Users\services-admin\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\services-admin\AppData\Local\Microsoft\Feeds Cache\container.dat [File]
 * C:\Users\services-admin\AppData\Local\Microsoft\Feeds Cache\H5ZDKP7R
 * C:\Users\services-admin\AppData\Local\Microsoft\Feeds Cache\O2VRFEL4
 * C:\Users\services-admin\AppData\Local\Microsoft\Feeds Cache\TJYWM8GN
 * C:\Users\services-admin\AppData\Local\Microsoft\Feeds Cache\ZDGF6NDD
 * C:\Users\services-admin\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\services-admin\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat [File]
 * C:\Users\services-admin\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Users\services-admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Users\services-admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
 * C:\Users\services-admin\AppData\Local\Microsoft\Windows\UsrClass.dat [File]
 * C:\Users\services-admin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 [File]
 * C:\Users\services-admin\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 [File]
 * C:\Users\services-admin\AppData\Local\Microsoft\Windows\UsrClass.dat{cb3aa040-fd86-11e2-9d84-000c29a5156f}.TM.blf [File]
 * C:\Users\services-admin\AppData\Local\Microsoft\Windows\UsrClass.dat{cb3aa040-fd86-11e2-9d84-000c29a5156f}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\services-admin\AppData\Local\Microsoft\Windows\UsrClass.dat{cb3aa040-fd86-11e2-9d84-000c29a5156f}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\services-admin\AppData\Local\Microsoft\Windows\WebCache
 * C:\Users\services-admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Users\services-admin\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Users\services-admin\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
 * C:\Users\services-admin\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
 * C:\Users\services-admin\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Users\services-admin\NTUSER.DAT [File]
 * C:\Users\services-admin\ntuser.dat.LOG1 [File]
 * C:\Users\services-admin\ntuser.dat.LOG2 [File]
 * C:\Users\services-admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [File]
 * C:\Users\services-admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\services-admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\services-admin\ntuser.ini [File]
 * C:\Users\services-admin\Searches\Everywhere.search-ms [File]
 * C:\Users\services-admin\Searches\Indexed Locations.search-ms [File]
 * C:\Users\tguilbault\AppData
 * C:\Users\tguilbault\AppData\Local\IconCache.db [File]
 * C:\Users\tguilbault\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
 * C:\Users\tguilbault\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
 * C:\Users\tguilbault\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\tguilbault\AppData\Local\Microsoft\Feeds Cache\8JN10E1Q
 * C:\Users\tguilbault\AppData\Local\Microsoft\Feeds Cache\container.dat [File]
 * C:\Users\tguilbault\AppData\Local\Microsoft\Feeds Cache\WKHMGGAS
 * C:\Users\tguilbault\AppData\Local\Microsoft\Feeds Cache\YGCHPJX5
 * C:\Users\tguilbault\AppData\Local\Microsoft\Feeds Cache\YK423PXZ
 * C:\Users\tguilbault\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\tguilbault\AppData\Local\Microsoft\Windows\History\History.IE5\container.dat [File]
 * C:\Users\tguilbault\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Users\tguilbault\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Users\tguilbault\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat [File]
 * C:\Users\tguilbault\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
 * C:\Users\tguilbault\AppData\Local\Microsoft\Windows\UsrClass.dat [File]
 * C:\Users\tguilbault\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 [File]
 * C:\Users\tguilbault\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 [File]
 * C:\Users\tguilbault\AppData\Local\Microsoft\Windows\UsrClass.dat{e5971d7b-84f5-11e3-8aeb-000c29a5156f}.TM.blf [File]
 * C:\Users\tguilbault\AppData\Local\Microsoft\Windows\UsrClass.dat{e5971d7b-84f5-11e3-8aeb-000c29a5156f}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\tguilbault\AppData\Local\Microsoft\Windows\UsrClass.dat{e5971d7b-84f5-11e3-8aeb-000c29a5156f}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\tguilbault\AppData\Local\Microsoft\Windows\WebCache
 * C:\Users\tguilbault\AppData\Local\Microsoft\Windows\WebCacheLock.dat [File]
 * C:\Users\tguilbault\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Users\tguilbault\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Users\tguilbault\AppData\Roaming\Microsoft\Windows\DNTException\Low
 * C:\Users\tguilbault\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
 * C:\Users\tguilbault\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
 * C:\Users\tguilbault\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Users\tguilbault\NTUSER.DAT [File]
 * C:\Users\tguilbault\ntuser.dat.LOG1 [File]
 * C:\Users\tguilbault\ntuser.dat.LOG2 [File]
 * C:\Users\tguilbault\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [File]
 * C:\Users\tguilbault\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Users\tguilbault\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Users\tguilbault\ntuser.ini [File]
 * C:\Users\tguilbault\Searches\Everywhere.search-ms [File]
 * C:\Users\tguilbault\Searches\Indexed Locations.search-ms [File]
 * C:\Windows\assembly\NativeImages_v2.0.50727_32\index588.dat [File]
 * C:\Windows\assembly\NativeImages_v2.0.50727_32\index589.dat [File]
 * C:\Windows\assembly\NativeImages_v2.0.50727_64\index50f.dat [File]
 * C:\Windows\assembly\NativeImages_v2.0.50727_64\index5c0.dat [File]
 * C:\Windows\assembly\NativeImages_v2.0.50727_64\index5c1.dat [File]
 * C:\Windows\assembly\PublisherPolicy.tme [File]
 * C:\Windows\assembly\pubpol1.dat [File]
 * C:\Windows\Fonts\fms_metadata.xml [File]
 * C:\Windows\Fonts\StaticCache.dat [File]
 * C:\Windows\Installer
 * C:\Windows\Installer\$PatchCache$
 * C:\Windows\Installer\$PatchCache$\Managed
 * C:\Windows\Installer\$PatchCache$\Managed\4C628BB85BC40B241A42AAB9968FBC14
 * C:\Windows\Installer\$PatchCache$\Managed\4C628BB85BC40B241A42AAB9968FBC14\4.3.129
 * C:\Windows\Installer\$PatchCache$\Managed\BE4EBED704B66673BB53C5BB3C58AD73
 * C:\Windows\Installer\$PatchCache$\Managed\BE4EBED704B66673BB53C5BB3C58AD73\4.5.50938
 * C:\Windows\security\templates\policies
 * C:\Windows\ServiceProfiles\LocalService\AppData
 * C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT [File]
 * C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG [File]
 * C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 [File]
 * C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 [File]
 * C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [File]
 * C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{bf5eaa79-7975-11e4-9a34-000c294c233a}.TM.blf [File]
 * C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{bf5eaa79-7975-11e4-9a34-000c294c233a}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{bf5eaa79-7975-11e4-9a34-000c294c233a}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\AppData
 * C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT [File]
 * C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG [File]
 * C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 [File]
 * C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 [File]
 * C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [File]
 * C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{bf5eaa75-7975-11e4-9a34-806e6f6e6963}.TM.blf [File]
 * C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{bf5eaa75-7975-11e4-9a34-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [File]
 * C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{bf5eaa75-7975-11e4-9a34-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [File]
 * C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-security-lsalookup-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-security-sddl-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-service-core-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-service-management-l1-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-service-management-l2-1-0.dll [File]
 * C:\Windows\System32\api-ms-win-service-winsvc-l1-1-0.dll [File]
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FA4OC0L
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5OS7C95
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JM4M8754
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XUVHNTW8
 * C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-security-lsalookup-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-security-sddl-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-service-core-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-service-management-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-service-management-l2-1-0.dll [File]
 * C:\Windows\SysWOW64\api-ms-win-service-winsvc-l1-1-0.dll [File]
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1FA4OC0L
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A5OS7C95
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JM4M8754
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XUVHNTW8
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Windows\Tasks\SA.DAT [File]
 * C:\Windows\WindowsShell.Manifest [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-baseapinamespace_31bf3856ad364e35_6.1.7601.17514_none_a4272f399040a523\api-ms-win-core-ums-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-d..evelapisets-windows_31bf3856ad364e35_7.1.7601.16492_none_e249fd3fed68cb81\api-ms-win-downlevel-user32-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-base_31bf3856ad364e35_7.1.7601.16492_none_1ed670cbaddb31b7\api-ms-win-downlevel-advapi32-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-base_31bf3856ad364e35_7.1.7601.16492_none_1ed670cbaddb31b7\api-ms-win-downlevel-advapi32-l2-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-base_31bf3856ad364e35_7.1.7601.16492_none_1ed670cbaddb31b7\api-ms-win-downlevel-normaliz-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-com_31bf3856ad364e35_7.1.7601.16492_none_5b1161f912e23f6d\api-ms-win-downlevel-ole32-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_2b20f882c1c0eaca\api-ms-win-downlevel-shell32-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_2b20f882c1c0eaca\api-ms-win-downlevel-shlwapi-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_2b20f882c1c0eaca\api-ms-win-downlevel-shlwapi-l2-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_2b20f882c1c0eaca\api-ms-win-downlevel-version-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_c8b8ba7bcb4e2c66\api-ms-win-security-lsalookup-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_c8b8ba7bcb4e2c66\api-ms-win-security-sddl-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_c8b8ba7bcb4e2c66\api-ms-win-service-core-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_c8b8ba7bcb4e2c66\api-ms-win-service-management-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_c8b8ba7bcb4e2c66\api-ms-win-service-management-l2-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_c8b8ba7bcb4e2c66\api-ms-win-service-winsvc-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-console-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-datetime-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-debug-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-delayload-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-errorhandling-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-fibers-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-file-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-handle-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-heap-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-interlocked-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-io-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-libraryloader-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-localization-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-localregistry-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-memory-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-misc-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-namedpipe-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-processenvironment-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-processthreads-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-profile-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-rtlsupport-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-string-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-synch-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-sysinfo-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-threadpool-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-util-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-core-xstate-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_66a6e19d9580f9e3\api-ms-win-security-base-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-console-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-datetime-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-debug-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-delayload-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-errorhandling-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-fibers-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-file-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-handle-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-heap-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-interlocked-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-io-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-libraryloader-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-localization-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-localregistry-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-memory-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-misc-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-namedpipe-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-processenvironment-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-processthreads-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-profile-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-rtlsupport-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-string-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-synch-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-sysinfo-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-threadpool-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-util-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-core-xstate-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_68d8d569926ebeb2\api-ms-win-security-base-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-console-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-datetime-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-debug-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-delayload-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-errorhandling-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-fibers-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-file-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-handle-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-heap-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-interlocked-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-io-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-libraryloader-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-localization-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-localregistry-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-memory-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-misc-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-namedpipe-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-processenvironment-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-processthreads-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-profile-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-rtlsupport-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-string-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-synch-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-sysinfo-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-threadpool-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-util-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-core-xstate-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_68d20a7192733a4d\api-ms-win-security-base-l1-1-0.dll [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-serverceipassistant_31bf3856ad364e35_6.1.7601.17514_none_dee2dcc10287db8b\ceipdata.xml [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-serverceipassistant_31bf3856ad364e35_6.1.7601.17514_none_dee2dcc10287db8b\ceiproleusage.xml [File]
 * C:\Windows\winsxs\amd64_microsoft-windows-serverrolecollector_31bf3856ad364e35_6.1.7601.17514_none_d014c0101f66419f\ceiprole.xml [File]
 * C:\Windows\winsxs\Temp\PendingDeletes
 * C:\Windows\winsxs\x86_microsoft-windows-d..evelapisets-windows_31bf3856ad364e35_7.1.7601.16492_none_862b61bc350b5a4b\api-ms-win-downlevel-user32-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-downlevelapisets-base_31bf3856ad364e35_7.1.7601.16492_none_c2b7d547f57dc081\api-ms-win-downlevel-advapi32-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-downlevelapisets-base_31bf3856ad364e35_7.1.7601.16492_none_c2b7d547f57dc081\api-ms-win-downlevel-advapi32-l2-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-downlevelapisets-base_31bf3856ad364e35_7.1.7601.16492_none_c2b7d547f57dc081\api-ms-win-downlevel-normaliz-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-downlevelapisets-com_31bf3856ad364e35_7.1.7601.16492_none_fef2c6755a84ce37\api-ms-win-downlevel-ole32-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_cf025cff09637994\api-ms-win-downlevel-shell32-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_cf025cff09637994\api-ms-win-downlevel-shlwapi-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_cf025cff09637994\api-ms-win-downlevel-shlwapi-l2-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-downlevelapisets-shell_31bf3856ad364e35_7.1.7601.16492_none_cf025cff09637994\api-ms-win-downlevel-version-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-security-lsalookup-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-security-sddl-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-service-core-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-service-management-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-service-management-l2-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minioapinamespace_31bf3856ad364e35_6.1.7600.16385_none_6c9a1ef812f0bb30\api-ms-win-service-winsvc-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-console-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-datetime-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-debug-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-delayload-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-errorhandling-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-fibers-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-file-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-handle-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-heap-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-interlocked-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-io-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-localization-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-localregistry-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-memory-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-misc-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-namedpipe-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-processenvironment-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-processthreads-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-profile-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-rtlsupport-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-string-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-synch-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-sysinfo-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-threadpool-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-util-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-xstate-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-security-base-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-console-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-datetime-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-debug-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-delayload-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-errorhandling-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-fibers-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-file-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-handle-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-heap-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-interlocked-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-io-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-libraryloader-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-localization-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-localregistry-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-memory-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-misc-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-namedpipe-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-processenvironment-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-processthreads-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-profile-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-rtlsupport-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-string-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-synch-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-sysinfo-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-threadpool-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-util-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-core-xstate-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18015_none_0cba39e5da114d7c\api-ms-win-security-base-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-console-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-datetime-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-debug-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-delayload-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-errorhandling-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-fibers-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-file-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-handle-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-heap-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-interlocked-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-io-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-libraryloader-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-localization-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-localregistry-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-memory-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-misc-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-namedpipe-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-processenvironment-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-processthreads-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-profile-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-rtlsupport-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-string-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-synch-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-sysinfo-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-threadpool-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-util-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-core-xstate-l1-1-0.dll [File]
 * C:\Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7601.18229_none_0cb36eedda15c917\api-ms-win-security-base-l1-1-0.dll [File]

Finished scanning the C:\ drive. 645 hidden items found.

Program finished at: 01/08/2015 06:11:08 PM
Execution time: 0 hours(s), 1 minute(s), and 15 seconds(s)

 

 

Root Kit Buster

 

2015/01/05 18:19:28 GMT-05:00    2044:1476    00    F    [LogWritter_setEnable()]:  -+-+-+  RootkitBuster-5.00.01180,2015/01/05 18:19:28 Turn ON logging -+-+-+     [  (0)]
2015/01/05 18:19:28 GMT-05:00    2044:1476    00    F    [LogWritter_setEnable()]:  -+-+-+  RootkitBuster-5.00.01180,2015/01/05 18:19:28 Turn ON logging -+-+-+     [  (0)]
2015/01/05 18:19:28 GMT-05:00    2044:1476    00    E    [getModuleFolder]: Module path: C:\Users\administrator.SCI\Desktop\Tools
    [  (0)]
2015/01/05 18:19:39 GMT-05:00    2044:1476    00    E    [CTMRKScanWinApp::InitDriverAndLibrariesX64]: Can't start tmcomm service(0)    [  (0)]
2015/01/05 18:19:39 GMT-05:00    2044:1476    00    E    [CTMRKScanWinApp::InitDriverAndLibrariesX64]: TMTAPI_InitializeTAPI() fail(0)    [  (0)]
2015/01/05 18:19:39 GMT-05:00    2044:1476    00    E    [CTMRKScanWinApp::InitDriverAndLibrariesX64]: Initialization of TmCommEng library success.    [  (0)]
2015/01/05 18:19:39 GMT-05:00    2044:1476    00    E    [GetVersionFromInstalledModule()]: No version information at registry    [  (0)]
2015/01/05 18:19:44 GMT-05:00    1868:1416    00    F    [LogWritter_setEnable()]:  -+-+-+  RootkitBuster-5.00.01180,2015/01/05 18:19:44 Turn ON logging -+-+-+     [  (0)]
2015/01/05 18:19:44 GMT-05:00    1868:1416    00    F    [LogWritter_setEnable()]:  -+-+-+  RootkitBuster-5.00.01180,2015/01/05 18:19:44 Turn ON logging -+-+-+     [  (0)]
2015/01/05 18:19:44 GMT-05:00    1868:1416    00    E    [getModuleFolder]: Module path: C:\Users\administrator.SCI\Desktop\Tools
    [  (0)]
2015/01/05 18:21:16 GMT-05:00    2044:1864    00    E    [CConsoleDialog::ScanHiddenMBR]: Scan Hidden MBR
    [  (0)]
2015/01/05 18:21:17 GMT-05:00    2044:1864    00    E    [CConsoleDialog::ScanHiddenFile]: Scan Hidden File
    [  (0)]
2015/01/05 18:21:17 GMT-05:00    2044:1864    00    E    [CConsoleDialog::ScanKernelCodePatch()]: Scan KernelCodePatch
    [  (0)]
2015/01/05 18:21:17 GMT-05:00    2044:1864    00    E    [CConsoleDialog::ScanHiddenService()]: Scan Hidden Service
    [  (0)]
2015/01/05 18:21:17 GMT-05:00    2044:1476    00    E    [CConsoleDialog::updateLogHistoryList()]: # of items: 0
    [  (0)]
2015/01/05 18:21:17 GMT-05:00    2044:1476    00    E    [CConsoleDialog::updateLogHistoryList()]: requestLogHistoryList: {"LOG_HISTORY_LIST": [{"ID": 1, "SCAN_DATE": 1420500076}]}
    [  (0)]
2015/01/05 18:21:17 GMT-05:00    2044:1476    00    E    [CConsoleDialog::requestLogHistory]: 1420500076
    [  (0)]
2015/01/05 18:21:17 GMT-05:00    2044:1476    00    E    [CConsoleDialog::requestLogHistory]: # of items: 0x0
    [  (0)]
2015/01/05 18:21:25 GMT-05:00    2044:1476    00    E    [CSICReportLogger::_CloseLogFile]: CloseLogFile    [  (0)]
2015/01/05 18:21:25 GMT-05:00    2044:1476    00    E    [WinAppDestructor()]: (Needn't waiting)bStopped=1    [  (0)]
2015/01/05 18:21:25 GMT-05:00    2044:1476    00    E    [WinAppDestructor()]: After uninstall driver=1    [  (0)]
2015/01/05 18:21:25 GMT-05:00    2044:1476    00    F    [LogWritter_setEnable()]:  -+-+-+  RootkitBuster-5.00.01180,2015/01/05 18:21:25 Turn OFF logging -+-+-+     [  (0)]
2015/01/05 18:21:32 GMT-05:00    1768:1784    00    F    [LogWritter_setEnable()]:  -+-+-+  RootkitBuster-5.00.01180,2015/01/05 18:21:32 Turn ON logging -+-+-+     [  (0)]
2015/01/05 18:21:32 GMT-05:00    1768:1784    00    F    [LogWritter_setEnable()]:  -+-+-+  RootkitBuster-5.00.01180,2015/01/05 18:21:32 Turn ON logging -+-+-+     [  (0)]
2015/01/05 18:21:32 GMT-05:00    1768:1784    00    E    [getModuleFolder]: Module path: C:\Users\administrator.SCI\Desktop\Tools
    [  (0)]
2015/01/05 18:21:43 GMT-05:00    1768:1784    00    E    [CTMRKScanWinApp::InitDriverAndLibrariesX64]: Can't start tmcomm service(0)    [  (0)]
2015/01/05 18:21:43 GMT-05:00    1768:1784    00    E    [CTMRKScanWinApp::InitDriverAndLibrariesX64]: TMTAPI_InitializeTAPI() fail(0)    [  (0)]
2015/01/05 18:21:43 GMT-05:00    1768:1784    00    E    [CTMRKScanWinApp::InitDriverAndLibrariesX64]: Initialization of TmCommEng library success.    [  (0)]
2015/01/05 18:21:43 GMT-05:00    1768:1784    00    E    [GetVersionFromInstalledModule()]: No version information at registry    [  (0)]
2015/01/05 18:21:49 GMT-05:00    1768:1228    00    E    [CConsoleDialog::ScanHiddenMBR]: Scan Hidden MBR
    [  (0)]
2015/01/05 18:21:49 GMT-05:00    1768:1228    00    E    [CConsoleDialog::ScanHiddenFile]: Scan Hidden File
    [  (0)]
2015/01/05 18:21:49 GMT-05:00    1768:1228    00    E    [CConsoleDialog::ScanKernelCodePatch()]: Scan KernelCodePatch
    [  (0)]
2015/01/05 18:21:49 GMT-05:00    1768:1228    00    E    [CConsoleDialog::ScanHiddenService()]: Scan Hidden Service
    [  (0)]
2015/01/05 18:21:49 GMT-05:00    1768:1784    00    E    [CConsoleDialog::updateLogHistoryList()]: # of items: 0
    [  (0)]
2015/01/05 18:21:49 GMT-05:00    1768:1784    00    E    [CConsoleDialog::updateLogHistoryList()]: requestLogHistoryList: {"LOG_HISTORY_LIST": [{"ID": 1, "SCAN_DATE": 1420500109}]}
    [  (0)]
2015/01/05 18:21:49 GMT-05:00    1768:1784    00    E    [CConsoleDialog::requestLogHistory]: 1420500109
    [  (0)]
2015/01/05 18:21:49 GMT-05:00    1768:1784    00    E    [CConsoleDialog::requestLogHistory]: # of items: 0x0
    [  (0)]
2015/01/05 18:21:59 GMT-05:00    1768:1784    00    E    [CSICReportLogger::_CloseLogFile]: CloseLogFile    [  (0)]
2015/01/05 18:21:59 GMT-05:00    1768:1784    00    E    [WinAppDestructor()]: (Needn't waiting)bStopped=1    [  (0)]
2015/01/05 18:22:00 GMT-05:00    1768:1784    00    E    [WinAppDestructor()]: After uninstall driver=1    [  (0)]
2015/01/05 18:22:00 GMT-05:00    1768:1784    00    F    [LogWritter_setEnable()]:  -+-+-+  RootkitBuster-5.00.01180,2015/01/05 18:22:00 Turn OFF logging -+-+-+     [  (0)]

 

Trend Micro RookKitBuster

 

+----------------------------------------------------
| Trend Micro RootkitBuster
| Module version:
| Computer Name: SCI-MI-DC2
| OS version: 6.1-7601
| User Name: administrator
+----------------------------------------------------


--== Dump malicious MBR ==--
No hidden MBR found.

--== Dump Hidden Files and Alternate Data Streams on C:\ ==--
No hidden files found.

--== Dump Kernel Code Patching ==--
No kernel code patching detected.

--== Dump Hidden Services ==--
No hidden services found.

 

 

 



BC AdBot (Login to Remove)

 


#2 debaugh

debaugh
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 08 January 2015 - 07:08 PM

Also, looking at TCP view and other types of similar programs, I do not see any connections that I cannot explain or do not expect.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users