Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus changes folders, pdfs, Excel and Word docs to .exe


  • This topic is locked This topic is locked
8 replies to this topic

#1 absolute_tom

absolute_tom

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 13 March 2015 - 10:41 AM

The virus also duplicates all of the files in a folder and changes to Apllications.  I've researched and found that it's similar to W32.SillyFDC but it doesn't hide the folders.  Also, simlar to Trojan-Ransom without the ransom.

 

Running Windors Server 2003 on an Acer Homeserver. I tried restoring from backup but the new files and folders have become infected again.  I've tried AVG, Microsoft Safety Scanner, and Malwarebytes but the virus shows back up.

 

Please help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Administrator (administrator) on HOMESERVER on 13-03-2015 09:36:22
Running from D:\shares\Software
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Microsoft® Windows® Server 2003 for Small Business Server Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> msdtc.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> svchost.exe
Failed to access process -> firefly.exe
Failed to access process -> IAANTmon.exe
Failed to access process -> inetinfo.exe
Failed to access process -> llssrv.exe
Failed to access process -> svchost.exe
Failed to access process -> sbscrexe.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> vds.exe
Failed to access process -> WiDMS.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> searchindexer.exe
Failed to access process -> WixWHSService.exe
Failed to access process -> qsm.exe
Failed to access process -> svchost.exe
Failed to access process -> whsarch.exe
Failed to access process -> whsbackup.exe
Failed to access process -> WHSFileSorter.exe
Failed to access process -> WHSHealth.exe
Failed to access process -> TransportService.exe
Failed to access process -> wmccds.exe
Failed to access process -> cqvSvc.exe
Failed to access process -> wmiprvse.exe
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> LightsOutService.exe
Failed to access process -> pdl.exe
Failed to access process -> portfwd.exe
Failed to access process -> dmadmin.exe
Failed to access process -> alg.exe
Failed to access process -> w3wp.exe
Failed to access process -> demigrator.exe
Failed to access process -> svchost.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> rdpclip.exe
Failed to access process -> explorer.exe
Failed to access process -> IAAnotif.exe
Failed to access process -> ctfmon.exe
Failed to access process -> WindowsSearch.exe
Failed to access process -> Microsoft Safety Scanner.exe
Failed to access process -> svchost.exe
Failed to access process -> vssvc.exe
Failed to access process -> FRST.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [107520 2008-07-12] (Microsoft Corporation)
HKLM\...\Run: [IMEKRMIG6.1] => C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [50688 2008-07-12] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-07-12] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-07-12] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [173056 2008-07-12] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKLM\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
HKLM\...\Policies\Explorer: [NoUserNameInStartMenu] 1
HKLM\...\Command Processor:  <======= ATTENTION
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44032 2008-07-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44032 2008-07-12] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44032 2008-07-12] (Microsoft Corporation)
Lsa: [Notification Packages] RASSFM KDCSVC WDIGEST scecli pwdfilter
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Logon Warning.lnk
ShortcutTarget: Logon Warning.lnk -> C:\Install\admin_desktop_warning.htm ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3524439881-2721216019-2401113298-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-25] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\system32\mswsock.dll [256000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "SBCore" service was unlocked successfully. <===== ATTENTION

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2007-07-24] (Apple Inc.) [File not signed]
R2 CqvSvc; C:\Program Files\Windows Home Server\cqvSvc.exe [59240 2009-10-07] (Microsoft Corporation)
S4 DDNSS; C:\Program Files\Windows Home Server\ddnss.exe [224112 2011-01-10] (Microsoft Corporation)
S3 Dfs; C:\WINDOWS\system32\Dfssvc.exe [164864 2008-07-12] (Microsoft Corporation)
R3 DriveExtenderMigrator; C:\Program Files\Windows Home Server\demigrator.exe [34664 2009-10-07] (Microsoft Corporation)
R2 Firefly Media Server; C:\Program Files\Firefly Media Server\firefly.exe [583168 2009-09-21] (Firefly Media Services) [File not signed]
R2 HomeServerMonService; C:\Program Files\Windows Home Server\WixWHSService.exe [40960 2009-10-09] (Wistron) [File not signed]
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [14336 2008-07-12] (Microsoft Corporation)
S4 IsmServ; C:\WINDOWS\System32\ismserv.exe [40448 2008-07-12] (Microsoft Corporation)
S4 kdc; C:\WINDOWS\System32\lsass.exe [13312 2008-07-12] (Microsoft Corporation)
R2 LicenseService; C:\WINDOWS\System32\llssrv.exe [94720 2008-07-12] (Microsoft Corporation)
R2 LoService; C:\Program Files\Windows Home Server\LightsOutService.exe [53248 2009-07-03] (AxoNet Software GmbH) [File not signed]
S3 NtFrs; C:\WINDOWS\system32\ntfrs.exe [792064 2008-07-12] (Microsoft Corporation)
R2 pdl; C:\Program Files\Windows Home Server\pdl.exe [68968 2009-10-07] (Microsoft Corporation)
R2 PortForwarding; C:\Program Files\Windows Home Server\portfwd.exe [152936 2009-10-07] (Microsoft Corporation)
R2 QSM; C:\Program Files\Windows Home Server\qsm.exe [523120 2010-07-12] (Microsoft Corporation)
S3 RSoPProv; C:\WINDOWS\system32\RSoPProv.exe [67072 2008-07-12] (Microsoft Corporation)
S3 sacsvr; C:\WINDOWS\system32\sacsvr.dll [12288 2008-07-12] (Microsoft Corporation)
R2 SBCore; C:\WINDOWS\System32\sbscrexe.exe [38400 2008-07-12] (Microsoft Corporation)
S4 TrkSvr; C:\WINDOWS\system32\trksvr.dll [50688 2008-07-12] (Microsoft Corporation)
S4 Tssdis; C:\WINDOWS\System32\tssdis.exe [71168 2008-07-12] (Microsoft Corporation)
R2 WHSArchiver; C:\Program Files\Windows Home Server\whsarch.exe [64360 2009-10-07] (Microsoft Corporation)
R2 WHSBackup; C:\Program Files\Windows Home Server\whsbackup.exe [531304 2009-10-07] (Microsoft Corporation)
R2 WHSFileSorter; C:\Program Files\WHS Suite\WHSFileSorter.exe [32768 2009-04-30] () [File not signed]
R2 WHSHealth; C:\Program Files\WHS Suite\WHSHealth.exe [61440 2009-09-27] () [File not signed]
R2 WHSTransportService; C:\Program Files\Windows Home Server\TransportService.exe [336752 2011-01-10] (Microsoft Corporation)
R2 WiDMS; C:\Program Files\Wistron\WiDMS\WiDMS.exe [603648 2009-09-29] () [File not signed]
R2 WMConnectCDS; C:\Program Files\Media Connect\wmccds.exe [914280 2009-10-07] (Microsoft Corporation)
R2 yksvc; C:\WINDOWS\System32\ykx32mpcoinst.dll [282624 2009-01-08] (Marvell)
R2 Eventlog;  [X]
S3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [172856 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)
S4 ClusDisk; C:\WINDOWS\System32\DRIVERS\ClusDisk.sys [69120 2008-07-12] (Microsoft Corporation)
R0 DEFilter; C:\WINDOWS\System32\DRIVERS\DEfilter.sys [99696 2010-07-12] (Microsoft Corporation)
R0 DfsDriver; C:\WINDOWS\System32\drivers\Dfs.sys [34816 2008-07-12] (Microsoft Corporation)
S3 MfeAVFK; C:\WINDOWS\System32\drivers\MfeAVFK.sys [79816 2009-05-15] (McAfee, Inc.)
S3 MfeBOPK; C:\WINDOWS\System32\drivers\MfeBOPK.sys [35272 2009-05-15] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [214024 2009-05-15] (McAfee, Inc.)
S3 MfeRKDK; C:\WINDOWS\System32\drivers\MfeRKDK.sys [34248 2009-05-15] (McAfee, Inc.)
R1 mfetdik; C:\WINDOWS\System32\drivers\mfetdik.sys [55336 2009-05-15] (McAfee, Inc.)
R0 mv61xx; C:\WINDOWS\System32\DRIVERS\mv61xx.sys [155688 2009-08-06] (Marvell Semiconductor, Inc.)
S3 WLBS; C:\WINDOWS\System32\DRIVERS\wlbs.sys [169984 2008-07-12] (Microsoft Corporation)
R3 WNAS; C:\WINDOWS\System32\DRIVERS\WNAS.sys [17920 2008-12-01] (Wistron Corporation)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [296320 2009-01-08] (Marvell)
S4 adpu320; No ImagePath
S4 afcnt; No ImagePath
S4 AmdIde; No ImagePath
S4 arc; No ImagePath
S4 cpqarry2; No ImagePath
S4 cpqcissm; No ImagePath
S4 cpqfcalm; No ImagePath
S4 dellcerc; No ImagePath
S3 efavdrv; \??\C:\WINDOWS\system32\drivers\efavdrv.sys [X]
S4 elxstor; No ImagePath
S4 hpcisss; No ImagePath
S4 hpt3xx; No ImagePath
S4 iirsp; No ImagePath
S4 IntelIde; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 ipsraidn; No ImagePath
U3 LicenseInfo; No ImagePath
S4 lp6nds35; No ImagePath
S4 nfrd960; No ImagePath
U4 ParVdm; No ImagePath
S4 ql2100; No ImagePath
S4 ql2200; No ImagePath
S4 ql2300; No ImagePath
U5 sacdrv; C:\Windows\System32\Drivers\sacdrv.sys [72704 2008-07-12] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [105472 2008-07-12] (Microsoft Corporation)
S4 symmpi; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: Sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
NETSVC: TrkSvr -> C:\Windows\system32\trksvr.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 09:36 - 2015-03-13 09:36 - 00000000 ____D () C:\FRST
2015-03-13 09:20 - 2015-03-13 09:34 - 00000000 ____D () C:\WINDOWS\pss
2015-03-13 06:48 - 2015-03-13 09:37 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp\1
2015-03-12 17:38 - 2015-03-12 17:38 - 00000522 _____ () C:\cleanup.bat
2015-03-12 17:03 - 2015-03-12 17:38 - 00000000 ____D () C:\AVG_SysInfo
2015-03-12 15:55 - 2015-03-12 15:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ESET
2015-03-12 14:49 - 2015-03-12 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-03-11 13:59 - 2015-03-11 13:59 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVG2013
2015-03-11 13:58 - 2015-03-11 13:58 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-03-11 13:57 - 2015-03-12 18:51 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2013
2015-03-11 13:57 - 2015-03-11 13:57 - 00000000 ___HD () C:\$AVG
2015-03-11 13:56 - 2015-03-11 13:56 - 00000000 ____D () C:\Program Files\AVG
2015-03-11 13:55 - 2015-03-13 06:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-03-10 00:18 - 2015-03-10 00:18 - 00001080 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
2015-03-10 00:00 - 2015-03-10 00:00 - 00014003 _____ () C:\WINDOWS\KB981089.log
2015-03-10 00:00 - 2015-03-10 00:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981089$
2015-03-09 06:52 - 2015-03-07 12:40 - 132163312 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Desktop\Microsoft Safety Scanner.exe
2015-03-09 00:01 - 2015-03-09 00:01 - 00017348 _____ () C:\WINDOWS\KB979453.log
2015-03-09 00:01 - 2015-03-09 00:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979453$
2015-03-09 00:00 - 2015-03-09 00:01 - 00012138 _____ () C:\WINDOWS\KB3021952-IE8.log
2015-03-09 00:00 - 2015-03-09 00:00 - 00007937 _____ () C:\WINDOWS\KB2510531-IE8.log
2015-03-08 12:10 - 2015-03-11 15:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\netdrcp
2015-03-08 04:42 - 2015-01-27 23:27 - 11086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-08 04:42 - 2015-01-27 23:27 - 06006272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2015-03-08 04:42 - 2015-01-27 23:27 - 06006272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-08 04:42 - 2015-01-27 23:27 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-08 04:42 - 2015-01-27 23:27 - 01217536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2015-03-08 04:42 - 2015-01-27 23:27 - 01217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-08 04:42 - 2015-01-27 23:27 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2015-03-08 04:42 - 2015-01-27 23:27 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-08 04:42 - 2015-01-27 23:27 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-08 04:42 - 2015-01-27 23:27 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2015-03-08 04:42 - 2015-01-27 23:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2015-03-08 04:42 - 2015-01-27 23:27 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2015-03-08 04:42 - 2015-01-27 23:27 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2015-03-08 04:42 - 2015-01-27 23:27 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2015-03-08 04:42 - 2011-03-03 19:58 - 00726528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jscript.dll
2015-03-08 04:42 - 2011-03-03 19:58 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-07 11:44 - 2015-03-11 15:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\autoeate
2015-03-07 11:43 - 2015-03-11 15:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\mobsnet
2015-03-07 11:08 - 2015-03-07 11:08 - 00000000 __SHD () C:\Documents and Settings\Default User\IETldCache
2015-03-07 11:01 - 2015-03-07 11:01 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2015-03-07 11:01 - 2015-03-07 11:01 - 00000000 __SHD () C:\Documents and Settings\Administrator\IECompatCache
2015-03-07 10:59 - 2015-03-07 10:59 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2015-03-07 10:30 - 2015-03-07 10:39 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-07 10:29 - 2015-03-07 10:29 - 00109058 _____ () C:\WINDOWS\KB2918614.log
2015-03-07 10:29 - 2015-03-07 10:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2918614$
2015-03-07 10:19 - 2015-03-07 10:20 - 00107489 _____ () C:\WINDOWS\KB961118.log
2015-03-07 10:19 - 2015-03-07 10:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB961118$
2015-03-07 09:33 - 2015-03-07 09:34 - 00105659 _____ () C:\WINDOWS\KB968349.log
2015-03-07 09:33 - 2015-03-07 09:33 - 00000640 _____ () C:\WINDOWS\InstallUtil.InstallLog
2015-03-07 09:33 - 2015-03-07 09:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968349$
2015-03-07 09:32 - 2015-03-07 09:33 - 00045451 _____ () C:\WINDOWS\KB969949.log
2015-03-07 09:32 - 2015-03-07 09:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB969949$
2015-03-07 09:31 - 2015-03-07 09:32 - 00048253 _____ () C:\WINDOWS\KB3003057-IE8.log
2015-03-07 09:30 - 2015-03-07 09:31 - 00048256 _____ () C:\WINDOWS\KB2977629-IE8.log
2015-03-07 09:30 - 2015-03-07 09:30 - 00048856 _____ () C:\WINDOWS\KB2976627-IE8.log
2015-03-07 09:29 - 2015-03-07 09:29 - 00055888 _____ () C:\WINDOWS\KB2909921-IE8.log
2015-03-07 09:29 - 2015-03-07 09:29 - 00048975 _____ () C:\WINDOWS\KB2467659.log
2015-03-07 09:29 - 2015-03-07 09:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2467659$
2015-03-07 09:29 - 2015-01-27 23:27 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2015-03-07 09:28 - 2015-03-09 00:00 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-03-07 09:28 - 2015-03-07 10:56 - 00065536 _____ () C:\WINDOWS\system32\config\Internet Explorer.evt
2015-03-07 09:28 - 2015-03-07 09:29 - 00065994 _____ () C:\WINDOWS\KB982381-IE8.log
2015-03-07 09:28 - 2015-03-07 09:28 - 00057035 _____ () C:\WINDOWS\KB982632-IE8.log
2015-03-07 09:28 - 2015-01-27 23:27 - 11086336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2015-03-07 09:28 - 2015-01-27 23:27 - 02006528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2015-03-07 09:28 - 2015-01-27 23:27 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2015-03-07 09:28 - 2015-01-27 23:27 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2015-03-07 09:28 - 2015-01-27 23:27 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2015-03-07 09:28 - 2015-01-27 23:27 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2015-03-07 09:28 - 2015-01-27 23:27 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2015-03-07 09:28 - 2010-04-16 08:06 - 00041984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll
2015-03-07 09:27 - 2015-03-07 09:28 - 00061860 _____ () C:\WINDOWS\ie8.log
2015-03-07 09:27 - 2015-03-07 09:28 - 00000000 __HDC () C:\WINDOWS\ie8
2015-03-07 09:24 - 2015-01-29 18:49 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-07 09:20 - 2015-03-07 09:32 - 00202892 _____ () C:\WINDOWS\ie8_main.log
2015-03-07 09:19 - 2015-03-07 09:19 - 00000000 ___HD () C:\WINDOWS\PIF
2015-03-07 09:19 - 2015-03-07 09:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Windows Search
2015-03-07 09:14 - 2015-03-07 09:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982666$
2015-03-07 08:44 - 2015-03-08 11:50 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-07 08:43 - 2015-03-07 08:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-07 08:43 - 2015-03-07 08:43 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-07 08:43 - 2015-03-07 08:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-03-07 08:43 - 2014-11-21 07:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-07 08:43 - 2014-11-21 07:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-07 07:09 - 2014-06-03 21:25 - 00600576 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\crypt32.dll
2015-03-07 07:09 - 2014-06-03 21:25 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-03-07 07:05 - 2015-03-07 09:14 - 00018573 _____ () C:\WINDOWS\KB982666.log
2015-03-06 14:37 - 2015-03-06 14:37 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2015-03-06 14:37 - 2008-05-22 05:15 - 00000434 _____ () C:\WINDOWS\myClean.bat
2015-03-06 14:34 - 2015-03-06 14:34 - 00000124 _____ () C:\Documents and Settings\Administrator\Desktop\Control Panel.lnk
2015-03-06 14:21 - 2015-03-13 06:23 - 00000222 ____H () C:\WINDOWS\Tasks\LoSBackupWake.job
2015-03-06 14:17 - 2015-03-06 14:17 - 00044500 _____ () C:\WINDOWS\KB3029944.log
2015-03-06 14:17 - 2015-03-06 14:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3029944$
2015-03-06 14:17 - 2015-03-06 14:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3004361$
2015-03-06 14:16 - 2015-03-06 14:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3023562$
2015-03-06 14:16 - 2015-03-06 14:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3021952$
2015-03-06 14:16 - 2015-03-06 14:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3013455$
2015-03-06 14:15 - 2015-03-06 14:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3021674$
2015-03-06 14:15 - 2015-03-06 14:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3020393$
2015-03-06 14:15 - 2015-03-06 14:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3014029$
2015-03-06 14:14 - 2015-03-06 14:15 - 00040036 _____ () C:\WINDOWS\KB3019215.log
2015-03-06 14:14 - 2015-03-06 14:14 - 00039483 _____ () C:\WINDOWS\KB3013126.log
2015-03-06 14:14 - 2015-03-06 14:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3019215$
2015-03-06 14:14 - 2015-03-06 14:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3013126$
2015-03-06 14:14 - 2015-03-06 14:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3012168$
2015-03-06 14:14 - 2015-03-06 14:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3011780$
2015-03-06 14:13 - 2015-03-06 14:14 - 00038659 _____ () C:\WINDOWS\KB2993958.log
2015-03-06 14:13 - 2015-03-06 14:13 - 00038961 _____ () C:\WINDOWS\KB2989935.log
2015-03-06 14:13 - 2015-03-06 14:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2993958$
2015-03-06 14:13 - 2015-03-06 14:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2991963$
2015-03-06 14:13 - 2015-03-06 14:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2989935$
2015-03-06 14:12 - 2015-03-06 14:13 - 00039902 _____ () C:\WINDOWS\KB2978114.log
2015-03-06 14:12 - 2015-03-06 14:12 - 00038115 _____ () C:\WINDOWS\KB2998579.log
2015-03-06 14:12 - 2015-03-06 14:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3006226$
2015-03-06 14:12 - 2015-03-06 14:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2998579$
2015-03-06 14:12 - 2015-03-06 14:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2978114$
2015-03-06 14:11 - 2015-03-06 14:12 - 00038322 _____ () C:\WINDOWS\KB2993254.log
2015-03-06 14:11 - 2015-03-06 14:11 - 00038994 _____ () C:\WINDOWS\KB2972207.log
2015-03-06 14:11 - 2015-03-06 14:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2993254$
2015-03-06 14:11 - 2015-03-06 14:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2972207$
2015-03-06 14:10 - 2015-03-06 14:11 - 00037952 _____ () C:\WINDOWS\KB2894845.log
2015-03-06 14:10 - 2015-03-06 14:10 - 00038182 _____ () C:\WINDOWS\KB2993651.log
2015-03-06 14:10 - 2015-03-06 14:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2993651$
2015-03-06 14:10 - 2015-03-06 14:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2981580$
2015-03-06 14:10 - 2015-03-06 14:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2894845$
2015-03-06 14:09 - 2015-03-06 14:10 - 00040658 _____ () C:\WINDOWS\KB942288-v4.log
2015-03-06 14:09 - 2015-03-06 14:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v4$
2015-03-06 14:09 - 2015-03-06 14:09 - 00036709 _____ () C:\WINDOWS\KB2961072.log
2015-03-06 14:09 - 2015-03-06 14:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2961072$
2015-03-06 14:09 - 2015-03-06 14:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2957509$
2015-03-06 14:08 - 2015-03-06 14:09 - 00532504 _____ () C:\WINDOWS\msxml6-KB2957482-enu-x86.LOG
2015-03-06 14:08 - 2015-03-06 14:08 - 00035065 _____ () C:\WINDOWS\KB2957503.log
2015-03-06 14:08 - 2015-03-06 14:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2957503$
2015-03-06 14:08 - 2015-03-06 14:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2926765$
2015-03-06 14:07 - 2015-03-06 14:07 - 00035536 _____ () C:\WINDOWS\KB2901115.log
2015-03-06 14:07 - 2015-03-06 14:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2015-03-06 14:07 - 2015-03-06 14:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2015-03-06 14:07 - 2015-03-06 14:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2901115$
2015-03-06 14:06 - 2015-03-06 14:07 - 00034264 _____ () C:\WINDOWS\KB2914368.log
2015-03-06 14:06 - 2015-03-06 14:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2015-03-06 14:06 - 2015-03-06 14:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2015-03-06 14:06 - 2015-03-06 14:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2015-03-06 14:06 - 2015-03-06 14:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892076$
2015-03-06 14:05 - 2015-03-06 14:05 - 00033027 _____ () C:\WINDOWS\KB2900986.log
2015-03-06 14:05 - 2015-03-06 14:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2015-03-06 14:05 - 2015-03-06 14:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2015-03-06 14:05 - 2015-03-06 14:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2015-03-06 13:56 - 2015-03-07 08:59 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2015-03-06 13:56 - 2015-03-06 13:56 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-03-06 13:56 - 2015-03-06 13:56 - 00000000 ____D () C:\Program Files\MSBuild
2015-03-06 13:56 - 2008-07-06 08:06 - 01676288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll
2015-03-06 13:56 - 2008-07-06 08:06 - 01676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll
2015-03-06 13:56 - 2008-07-06 08:06 - 00575488 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll
2015-03-06 13:56 - 2008-07-06 08:06 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2015-03-06 13:56 - 2008-07-06 08:06 - 00117760 ____N (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2015-03-06 13:56 - 2008-07-06 08:06 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2015-03-06 13:56 - 2008-07-06 06:50 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2015-03-06 13:50 - 2015-03-06 13:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWIC$
2015-03-06 13:48 - 2015-03-06 13:48 - 00031630 _____ () C:\WINDOWS\KB2862335.log
2015-03-06 13:48 - 2015-03-06 13:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864058$
2015-03-06 13:48 - 2015-03-06 13:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2015-03-06 13:48 - 2015-03-06 13:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2015-03-06 13:47 - 2015-03-06 13:48 - 00031021 _____ () C:\WINDOWS\KB2864058.log
2015-03-06 13:47 - 2015-03-06 13:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2015-03-06 13:47 - 2015-03-06 13:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2015-03-06 13:47 - 2015-03-06 13:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2015-03-06 13:47 - 2015-03-06 13:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2803821-v2$
2015-03-06 13:46 - 2015-03-06 13:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2015-03-06 13:46 - 2015-03-06 13:46 - 00030992 _____ () C:\WINDOWS\KB2807986.log
2015-03-06 13:46 - 2015-03-06 13:46 - 00027595 _____ () C:\WINDOWS\KB2834886.log
2015-03-06 13:46 - 2015-03-06 13:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2015-03-06 13:46 - 2015-03-06 13:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2015-03-06 13:46 - 2015-03-06 13:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2015-03-06 13:45 - 2015-03-06 13:45 - 00033264 _____ () C:\WINDOWS\KB2742604.log
2015-03-06 13:45 - 2015-03-06 13:45 - 00027360 _____ () C:\WINDOWS\KB2779562.log
2015-03-06 13:45 - 2015-03-06 13:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2780091$
2015-03-06 13:45 - 2015-03-06 13:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2779562$
2015-03-06 13:45 - 2015-03-06 13:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2742604$
2015-03-06 13:44 - 2015-03-06 13:44 - 00030873 _____ () C:\WINDOWS\KB2748349.log
2015-03-06 13:44 - 2015-03-06 13:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2770660$
2015-03-06 13:44 - 2015-03-06 13:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2015-03-06 13:44 - 2015-03-06 13:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2748349$
2015-03-06 13:44 - 2015-03-06 13:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2727528$
2015-03-06 13:44 - 2015-03-06 13:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2705219-v2$
2015-03-06 13:43 - 2015-03-06 13:43 - 00029969 _____ () C:\WINDOWS\KB2698365.log
2015-03-06 13:43 - 2015-03-06 13:43 - 00029501 _____ () C:\WINDOWS\KB2685939.log
2015-03-06 13:43 - 2015-03-06 13:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2015-03-06 13:43 - 2015-03-06 13:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2698365$
2015-03-06 13:43 - 2015-03-06 13:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2691442$
2015-03-06 13:43 - 2015-03-06 13:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2686509$
2015-03-06 13:43 - 2015-03-06 13:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2685939$
2015-03-06 13:42 - 2015-03-06 13:43 - 00030057 _____ () C:\WINDOWS\KB2686509.log
2015-03-06 13:42 - 2015-03-06 13:42 - 00026867 _____ () C:\WINDOWS\KB2659262.log
2015-03-06 13:42 - 2015-03-06 13:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2015-03-06 13:42 - 2015-03-06 13:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2659262$
2015-03-06 13:42 - 2015-03-06 13:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2653956$
2015-03-06 13:41 - 2015-03-06 13:41 - 00027544 _____ () C:\WINDOWS\KB2603381.log
2015-03-06 13:41 - 2015-03-06 13:41 - 00025276 _____ () C:\WINDOWS\KB2638806.log
2015-03-06 13:41 - 2015-03-06 13:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2644615$
2015-03-06 13:41 - 2015-03-06 13:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2638806$
2015-03-06 13:41 - 2015-03-06 13:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2015-03-06 13:41 - 2015-03-06 13:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2598479$
2015-03-06 13:40 - 2015-03-06 13:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2631813$
2015-03-06 13:40 - 2015-03-06 13:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2620712$
2015-03-06 13:40 - 2015-03-06 13:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2584146$
2015-03-06 13:39 - 2015-03-06 13:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2544893-v2$
2015-03-06 13:39 - 2015-03-06 13:39 - 00026175 _____ () C:\WINDOWS\KB2536276-v2.log
2015-03-06 13:39 - 2015-03-06 13:39 - 00026081 _____ () C:\WINDOWS\KB2566454.log
2015-03-06 13:39 - 2015-03-06 13:39 - 00025758 _____ () C:\WINDOWS\KB2570947.log
2015-03-06 13:39 - 2015-03-06 13:39 - 00023921 _____ () C:\WINDOWS\KB2564958.log
2015-03-06 13:39 - 2015-03-06 13:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2570947$
2015-03-06 13:39 - 2015-03-06 13:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2566454$
2015-03-06 13:39 - 2015-03-06 13:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2564958$
2015-03-06 13:39 - 2015-03-06 13:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2536276-v2$
2015-03-06 13:38 - 2015-03-06 13:39 - 00308712 _____ () C:\WINDOWS\msxml4-KB973688-enu.LOG
2015-03-06 13:38 - 2015-03-06 13:38 - 00025113 _____ () C:\WINDOWS\KB2535512.log
2015-03-06 13:38 - 2015-03-06 13:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2535512$
2015-03-06 13:38 - 2015-03-06 13:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2510587$
2015-03-06 13:38 - 2015-03-06 13:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2509553$
2015-03-06 13:38 - 2015-03-06 13:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2507938$
2015-03-06 13:37 - 2015-03-06 13:37 - 00023366 _____ () C:\WINDOWS\KB2393802.log
2015-03-06 13:37 - 2015-03-06 13:37 - 00021669 _____ () C:\WINDOWS\KB2485663.log
2015-03-06 13:37 - 2015-03-06 13:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971029$
2015-03-06 13:37 - 2015-03-06 13:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2508429$
2015-03-06 13:37 - 2015-03-06 13:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2506212$
2015-03-06 13:37 - 2015-03-06 13:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2485663$
2015-03-06 13:37 - 2015-03-06 13:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2393802$
2015-03-06 13:36 - 2015-03-06 13:36 - 00019877 _____ () C:\WINDOWS\KB2423089.log
2015-03-06 13:36 - 2015-03-06 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2483185$
2015-03-06 13:36 - 2015-03-06 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478960$
2015-03-06 13:36 - 2015-03-06 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2443105$
2015-03-06 13:36 - 2015-03-06 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2423089$
2015-03-06 13:36 - 2015-03-06 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2419635$
2015-03-06 13:35 - 2015-03-06 13:35 - 00020675 _____ () C:\WINDOWS\KB2387149.log
2015-03-06 13:35 - 2015-03-06 13:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982132$
2015-03-06 13:35 - 2015-03-06 13:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979687$
2015-03-06 13:35 - 2015-03-06 13:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2387149$
2015-03-06 13:35 - 2015-03-06 13:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2378111$
2015-03-06 13:35 - 2015-03-06 13:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2345886$
2015-03-06 13:34 - 2015-03-06 13:34 - 00018325 _____ () C:\WINDOWS\KB2229593.log
2015-03-06 13:34 - 2015-03-06 13:34 - 00014964 _____ () C:\WINDOWS\KB975558.log
2015-03-06 13:34 - 2015-03-06 13:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975558_WM8$
2015-03-06 13:34 - 2015-03-06 13:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2347290$
2015-03-06 13:34 - 2015-03-06 13:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2229593$
2015-03-06 13:34 - 2015-03-06 13:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2124261$
2015-03-06 13:34 - 2015-03-06 13:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2115168$
2015-03-06 13:33 - 2015-03-06 13:34 - 00020523 _____ () C:\WINDOWS\KB979907.log
2015-03-06 13:33 - 2015-03-06 13:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979907$
2015-03-06 13:33 - 2015-03-06 13:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979482$
2015-03-06 13:33 - 2015-03-06 13:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695$
2015-03-06 13:33 - 2015-03-06 13:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978542$
2015-03-06 13:33 - 2015-03-06 13:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978338$
2015-03-06 13:32 - 2015-03-06 13:32 - 00017152 _____ () C:\WINDOWS\KB980232.log
2015-03-06 13:32 - 2015-03-06 13:32 - 00016565 _____ () C:\WINDOWS\KB977816.log
2015-03-06 13:32 - 2015-03-06 13:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980232$
2015-03-06 13:32 - 2015-03-06 13:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979309$
2015-03-06 13:32 - 2015-03-06 13:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978706$
2015-03-06 13:32 - 2015-03-06 13:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977816$
2015-03-06 13:32 - 2015-03-06 13:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973917-v2$
2015-03-06 13:31 - 2015-03-06 13:32 - 00016364 _____ () C:\WINDOWS\KB977914.log
2015-03-06 13:31 - 2015-03-06 13:31 - 00015623 _____ () C:\WINDOWS\KB973904.log
2015-03-06 13:31 - 2015-03-06 13:31 - 00015211 _____ () C:\WINDOWS\KB955759.log
2015-03-06 13:31 - 2015-03-06 13:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977914$
2015-03-06 13:31 - 2015-03-06 13:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$
2015-03-06 13:31 - 2015-03-06 13:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973904$
2015-03-06 13:31 - 2015-03-06 13:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB972270$
2015-03-06 13:31 - 2015-03-06 13:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955759$
2015-03-06 13:30 - 2015-03-06 13:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974571$
2015-03-06 13:30 - 2015-03-06 13:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974392$
2015-03-06 13:30 - 2015-03-06 13:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974318$
2015-03-06 13:30 - 2015-03-06 13:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974112$
2015-03-06 13:30 - 2015-03-06 13:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB970430$
2015-03-06 13:30 - 2015-03-06 13:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB969059$
2015-03-06 13:29 - 2015-03-06 13:29 - 00010410 _____ () C:\WINDOWS\KB975025.log
2015-03-06 13:29 - 2015-03-06 13:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975025$
2015-03-06 13:29 - 2015-03-06 13:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954155$
2015-03-06 13:29 - 2015-03-06 13:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB936357$
2015-03-06 13:05 - 2015-03-06 13:05 - 00000000 ____D () C:\fs
2015-03-06 13:01 - 2015-03-06 14:15 - 00055706 _____ () C:\WINDOWS\KB3021674.log
2015-03-06 13:01 - 2015-03-06 14:05 - 00050355 _____ () C:\WINDOWS\KB2868626.log
2015-03-06 13:01 - 2015-03-06 13:47 - 00046048 _____ () C:\WINDOWS\KB2847311.log
2015-03-06 13:01 - 2015-03-06 13:40 - 00043397 _____ () C:\WINDOWS\KB2584146.log
2015-03-06 13:01 - 2015-03-06 13:35 - 00035119 _____ () C:\WINDOWS\KB982132.log
2015-03-06 13:01 - 2015-03-06 13:33 - 00033931 _____ () C:\WINDOWS\KB978542.log
2015-03-06 13:01 - 2013-07-20 15:18 - 00032128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2015-03-06 13:01 - 2013-07-20 15:18 - 00017664 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbohci.sys
2015-03-06 13:01 - 2013-07-20 15:18 - 00005760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2015-03-06 12:59 - 2015-03-06 14:16 - 00059401 _____ () C:\WINDOWS\KB3013455.log
2015-03-06 12:59 - 2015-03-06 13:46 - 00046395 _____ () C:\WINDOWS\KB2820917.log
2015-03-06 12:59 - 2015-03-06 13:38 - 00041444 _____ () C:\WINDOWS\KB2507938.log
2015-03-06 12:59 - 2015-03-06 13:36 - 00038172 _____ () C:\WINDOWS\KB2419635.log
2015-03-06 12:58 - 2015-03-06 14:15 - 00054798 _____ () C:\WINDOWS\KB3014029.log
2015-03-06 12:58 - 2015-03-06 14:13 - 00053575 _____ () C:\WINDOWS\KB2991963.log
2015-03-06 12:58 - 2015-03-06 14:06 - 00050678 _____ () C:\WINDOWS\KB2892076.log
2015-03-06 12:58 - 2015-03-06 13:44 - 00045288 _____ () C:\WINDOWS\KB2727528.log
2015-03-06 12:58 - 2015-03-06 13:44 - 00044565 _____ () C:\WINDOWS\KB2712808.log
2015-03-06 12:58 - 2009-11-21 10:55 - 01364226 ____C () C:\WINDOWS\system32\dllcache\sysmain.sdb
2015-03-06 12:58 - 2009-11-21 10:48 - 00421376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aclayers.dll
2015-03-06 12:57 - 2015-03-06 13:44 - 00045074 _____ () C:\WINDOWS\KB2749655.log
2015-03-06 12:57 - 2015-03-06 13:41 - 00042739 _____ () C:\WINDOWS\KB2631813.log
2015-03-06 12:57 - 2015-03-06 13:40 - 00043105 _____ () C:\WINDOWS\KB2620712.log
2015-03-06 12:57 - 2015-03-06 13:38 - 00037195 _____ () C:\WINDOWS\KB2506212.log
2015-03-06 12:57 - 2015-03-06 13:36 - 00035717 _____ () C:\WINDOWS\KB2483185.log
2015-03-06 12:57 - 2015-03-06 13:32 - 00029485 _____ () C:\WINDOWS\KB978706.log
2015-03-06 12:57 - 2015-03-06 13:31 - 00028205 _____ () C:\WINDOWS\KB974392.log
2015-03-06 12:57 - 2012-08-21 08:56 - 00153600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\volsnap.sys
2015-03-06 12:56 - 2015-03-06 14:12 - 00052585 _____ () C:\WINDOWS\KB3006226.log
2015-03-06 12:56 - 2015-03-06 14:06 - 00047948 _____ () C:\WINDOWS\KB2893294.log
2015-03-06 12:56 - 2015-03-06 13:47 - 00044448 _____ () C:\WINDOWS\KB2803821-v2.log
2015-03-06 12:56 - 2015-03-06 13:42 - 00042541 _____ () C:\WINDOWS\KB2644615.log
2015-03-06 12:56 - 2015-03-06 13:38 - 00040309 _____ () C:\WINDOWS\KB2509553.log
2015-03-06 12:56 - 2015-03-06 13:33 - 00032385 _____ () C:\WINDOWS\KB979482.log
2015-03-06 12:56 - 2013-07-02 21:01 - 00025472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2015-03-06 12:56 - 2013-07-02 20:52 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2015-03-06 12:56 - 2009-11-26 10:45 - 00086016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avifil32.dll
2015-03-06 12:56 - 2009-11-26 10:45 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\avifil32.dll
2015-03-06 12:56 - 2009-11-26 10:45 - 00048128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iyuv_32.dll
2015-03-06 12:56 - 2009-11-26 10:45 - 00008704 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tsbyuv.dll
2015-03-06 12:55 - 2015-03-06 14:17 - 00058952 _____ () C:\WINDOWS\KB3023562.log
2015-03-06 12:55 - 2015-03-06 14:15 - 00053485 _____ () C:\WINDOWS\KB3020393.log
2015-03-06 12:55 - 2015-03-06 14:08 - 00049362 _____ () C:\WINDOWS\KB2926765.log
2015-03-06 12:55 - 2015-03-06 14:07 - 00048057 _____ () C:\WINDOWS\KB2929961.log
2015-03-06 12:55 - 2015-03-06 13:43 - 00044244 _____ () C:\WINDOWS\KB2691442.log
2015-03-06 12:55 - 2015-03-06 13:42 - 00047308 _____ () C:\WINDOWS\KB2676562.log
2015-03-06 12:55 - 2015-03-06 13:37 - 00036116 _____ () C:\WINDOWS\KB2508429.log
2015-03-06 12:55 - 2015-03-06 13:34 - 00031867 _____ () C:\WINDOWS\KB2115168.log
2015-03-06 12:55 - 2013-02-11 21:13 - 00014336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2015-03-06 12:54 - 2015-03-06 13:47 - 00044411 _____ () C:\WINDOWS\KB2876217.log
2015-03-06 12:54 - 2015-03-06 13:44 - 00044581 _____ () C:\WINDOWS\KB2705219-v2.log
2015-03-06 12:54 - 2015-03-06 13:40 - 00042619 _____ () C:\WINDOWS\KB2544893-v2.log
2015-03-06 12:54 - 2015-03-06 13:38 - 00039385 _____ () C:\WINDOWS\KB2510587.log
2015-03-06 12:54 - 2015-03-06 13:34 - 00032532 _____ () C:\WINDOWS\KB2124261.log
2015-03-06 12:54 - 2015-03-06 13:29 - 00024461 _____ () C:\WINDOWS\KB936357.log
2015-03-06 12:54 - 2014-08-24 08:29 - 00285696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gdi32.dll
2015-03-06 12:54 - 2014-08-24 08:29 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-03-06 12:53 - 2015-03-06 13:30 - 00024690 _____ () C:\WINDOWS\KB969059.log
2015-03-06 12:53 - 2015-03-06 13:30 - 00023876 _____ () C:\WINDOWS\KB974112.log
2015-03-06 12:52 - 2015-03-06 14:09 - 00049795 _____ () C:\WINDOWS\KB2957509.log
2015-03-06 12:52 - 2015-03-06 13:47 - 00046771 _____ () C:\WINDOWS\KB2859537.log
2015-03-06 12:52 - 2015-03-06 13:33 - 00031629 _____ () C:\WINDOWS\KB978695.log
2015-03-06 12:52 - 2015-03-06 13:30 - 00024015 _____ () C:\WINDOWS\KB974571.log
2015-03-06 12:52 - 2014-08-22 21:11 - 01187840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msxml3.dll
2015-03-06 12:52 - 2014-08-22 21:11 - 01187840 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-03-06 12:52 - 2014-08-21 11:22 - 00836608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mqqm.dll
2015-03-06 12:52 - 2014-08-21 11:22 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2015-03-06 12:51 - 2015-03-06 14:16 - 00059071 _____ () C:\WINDOWS\KB3021952.log
2015-03-06 12:51 - 2015-03-06 14:14 - 00054393 _____ () C:\WINDOWS\KB3012168.log
2015-03-06 12:51 - 2015-03-06 14:06 - 00047565 _____ () C:\WINDOWS\KB2898715.log
2015-03-06 12:51 - 2015-03-06 14:06 - 00047520 _____ () C:\WINDOWS\KB2862152.log
2015-03-06 12:51 - 2015-03-06 13:42 - 00041955 _____ () C:\WINDOWS\KB2653956.log
2015-03-06 12:51 - 2015-03-06 13:41 - 00041195 _____ () C:\WINDOWS\KB2598479.log
2015-03-06 12:51 - 2015-03-06 13:35 - 00033850 _____ () C:\WINDOWS\KB2345886.log
2015-03-06 12:51 - 2015-03-06 13:35 - 00032703 _____ () C:\WINDOWS\KB2378111.log
2015-03-06 12:50 - 2015-03-06 14:17 - 00057296 _____ () C:\WINDOWS\KB3004361.log
2015-03-06 12:50 - 2015-03-06 14:08 - 00047124 _____ () C:\WINDOWS\KB2922229.log
2015-03-06 12:50 - 2015-03-06 13:47 - 00043335 _____ () C:\WINDOWS\KB2864063.log
2015-03-06 12:50 - 2015-03-06 13:46 - 00042422 _____ () C:\WINDOWS\KB2780091.log
2015-03-06 12:50 - 2015-03-06 13:37 - 00034573 _____ () C:\WINDOWS\KB971029.log
2015-03-06 12:50 - 2015-03-06 13:35 - 00032710 _____ () C:\WINDOWS\KB979687.log
2015-03-06 12:50 - 2015-03-06 13:29 - 00022782 _____ () C:\WINDOWS\KB954155.log
2015-03-06 12:49 - 2015-03-06 13:33 - 00029419 _____ () C:\WINDOWS\KB978338.log
2015-03-06 12:49 - 2015-03-06 13:32 - 00032832 _____ () C:\WINDOWS\KB973917-v2.log
2015-03-06 12:48 - 2015-03-06 13:36 - 00031568 _____ () C:\WINDOWS\KB2443105.log
2015-03-06 12:48 - 2015-03-06 13:32 - 00027979 _____ () C:\WINDOWS\KB979309.log
2015-03-06 12:48 - 2015-03-06 13:30 - 00025211 _____ () C:\WINDOWS\KB974318.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-13 09:37 - 2009-10-09 16:20 - 00000000 ____D () C:\Program Files\Firefly Media Server
2015-03-13 09:37 - 2009-10-06 17:51 - 00001170 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-13 09:34 - 2009-10-06 17:54 - 00000224 __RSH () C:\boot.ini
2015-03-13 09:34 - 2009-10-06 17:51 - 00000477 _____ () C:\WINDOWS\win.ini
2015-03-13 09:34 - 2009-10-06 17:50 - 00000227 _____ () C:\WINDOWS\system.ini
2015-03-13 09:32 - 2009-10-06 17:14 - 00002586 _____ () C:\WINDOWS\system32\licstr.cpa
2015-03-13 06:24 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2015-03-13 06:22 - 2009-10-06 17:23 - 00000016 ____H () C:\QSM_VolumeID
2015-03-13 06:22 - 2009-10-06 17:07 - 01483051 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-13 06:22 - 2009-10-06 10:00 - 00724060 _____ () C:\WINDOWS\setupapi.log
2015-03-13 06:21 - 2009-10-06 17:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-13 06:21 - 2009-10-06 17:13 - 00002946 _____ () C:\WINDOWS\PFRO.log
2015-03-13 06:19 - 2009-10-06 17:21 - 00065536 _____ () C:\WINDOWS\system32\config\HomeServerEvents.evt
2015-03-13 06:19 - 2009-10-06 17:14 - 00032566 _____ () C:\WINDOWS\Tasks\SchedLgU.Txt
2015-03-13 00:00 - 2009-10-09 16:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LightsOut
2015-03-12 13:45 - 2009-10-06 17:21 - 00000000 ____D () C:\Program Files\Windows Home Server
2015-03-12 10:16 - 2009-10-09 16:29 - 00000353 _____ () C:\WINDOWS\system32\whsinfo.xml
2015-03-12 07:16 - 2009-10-06 10:01 - 00604374 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-12 07:11 - 2009-10-06 10:00 - 00160344 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-10 00:18 - 2009-10-09 13:05 - 00066412 _____ () C:\WINDOWS\spupdsvc.log
2015-03-10 00:18 - 2009-10-06 10:01 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-10 00:17 - 2009-10-06 17:40 - 00000000 ____D () C:\WHS
2015-03-10 00:00 - 2009-10-09 12:45 - 00188369 _____ () C:\WINDOWS\updspapi.log
2015-03-10 00:00 - 2009-10-06 10:01 - 02035414 _____ () C:\WINDOWS\iis6.log
2015-03-10 00:00 - 2009-10-06 10:01 - 01807218 _____ () C:\WINDOWS\FaxSetup.log
2015-03-10 00:00 - 2009-10-06 10:01 - 01296541 _____ () C:\WINDOWS\ocgen.log
2015-03-10 00:00 - 2009-10-06 10:01 - 00826244 _____ () C:\WINDOWS\uddisetup.log
2015-03-10 00:00 - 2009-10-06 10:01 - 00763407 _____ () C:\WINDOWS\tsoc.log
2015-03-10 00:00 - 2009-10-06 10:01 - 00668094 _____ () C:\WINDOWS\msmqinst.log
2015-03-10 00:00 - 2009-10-06 10:01 - 00542398 _____ () C:\WINDOWS\comsetup.log
2015-03-10 00:00 - 2009-10-06 10:01 - 00372062 _____ () C:\WINDOWS\certocm.log
2015-03-10 00:00 - 2009-10-06 10:01 - 00340821 _____ () C:\WINDOWS\ntdtcsetup.log
2015-03-10 00:00 - 2009-10-06 10:01 - 00293327 _____ () C:\WINDOWS\netfxocm.log
2015-03-10 00:00 - 2009-10-06 10:01 - 00252314 _____ () C:\WINDOWS\aspnetocm.log
2015-03-10 00:00 - 2009-10-06 10:01 - 00179252 _____ () C:\WINDOWS\LicenOc.log
2015-03-10 00:00 - 2009-10-06 10:01 - 00003423 _____ () C:\WINDOWS\imsins.log
2015-03-09 00:01 - 2009-10-06 10:01 - 00003376 _____ () C:\WINDOWS\imsins.BAK
2015-03-09 00:00 - 2009-10-06 17:09 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2015-03-08 02:01 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-03-08 01:00 - 2009-10-09 14:41 - 00041647 _____ () C:\WINDOWS\KB958469.log
2015-03-07 11:01 - 2009-10-06 17:14 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-03-07 10:59 - 2009-10-06 17:14 - 00000806 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2015-03-07 10:59 - 2009-10-06 17:14 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2015-03-07 10:57 - 2009-10-06 17:40 - 00000000 ____D () C:\Install
2015-03-07 10:57 - 2009-10-06 17:24 - 00000000 ____D () C:\Program Files\Media Connect
2015-03-07 10:57 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\Help
2015-03-07 09:27 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\Media
2015-03-06 20:34 - 2009-10-06 10:03 - 00000000 ____D () C:\WINDOWS\system32\lls
2015-03-06 14:29 - 2009-10-06 17:06 - 00002314 _____ () C:\WINDOWS\sessmgr.setup.log
2015-03-06 14:29 - 2009-10-06 17:04 - 00003772 _____ () C:\WINDOWS\DtcInstall.log
2015-03-06 14:29 - 2009-10-06 17:04 - 00000000 ____D () C:\WINDOWS\Registration
2015-03-06 14:29 - 2009-10-06 10:01 - 00002492 _____ () C:\WINDOWS\system32\pid.PNF
2015-03-06 14:29 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\security
2015-03-06 14:20 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\repair
2015-03-06 14:19 - 2009-10-06 17:06 - 00000000 ____D () C:\Program Files\Outlook Express
2015-03-06 14:18 - 2009-10-06 17:14 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-03-06 14:10 - 2009-10-09 13:35 - 00448490 _____ () C:\WINDOWS\system32\TZLog.log
2015-03-06 14:10 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\system32\mui
2015-03-06 13:56 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-03-06 13:35 - 2009-10-06 17:08 - 00002658 _____ () C:\WINDOWS\wmsetup.log
2015-03-06 13:04 - 2009-10-06 10:00 - 00004464 _____ () C:\WINDOWS\regopt.log
2015-03-06 13:04 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2015-03-06 12:32 - 2009-10-06 17:14 - 00000741 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2015-03-05 22:29 - 2009-10-06 10:00 - 00192910 _____ () C:\WINDOWS\setupact.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:46 AM

Posted 18 March 2015 - 10:45 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/569986 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 absolute_tom

absolute_tom
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 18 March 2015 - 11:20 AM

Still having the same problems.  Yesterday, I ran CCleaner (among many other scanners) and found two items in startup:

 

     azrll386        C:\Documents and Settings\Administrator\Application Data\dmreMRT\fltmpsrv.exe
     dnswsec6    C:\Documents and Settings\Administrator\Application Data\memnlpa\fltmycfg.exe

 

I disabled them but I wasn't able to delete them.  Also, ran Junkware, Adwcleaner, Mini Toolbox and Malwarebytes (x2).  Most of the files and folders were corrupted so they were deleted.  I thought I was finally in a good position late last night so I restored three of my main folders only from the last good backup that I knew of from November 3, 2014.  Immediately, all of the folders started to duplicate again.  So I would assume the problem is in the backups, but all of the folders/files look good prior to restoring.  This issue has my small business at a stand still and I would sincerely appreciate any help you're able to provide!

 

Here are the results of the latest FRST scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Administrator (administrator) on HOMESERVER on 18-03-2015 11:59:12
Running from \\Homeserver\Software
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Microsoft® Windows® Server 2003 for Small Business Server Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> msdtc.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> svchost.exe
Failed to access process -> IAANTmon.exe
Failed to access process -> inetinfo.exe
Failed to access process -> llssrv.exe
Failed to access process -> LMIGuardianSvc.exe
Failed to access process -> svchost.exe
Failed to access process -> sbscrexe.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> vds.exe
Failed to access process -> WLIDSVC.EXE
Failed to access process -> searchindexer.exe
Failed to access process -> WixWHSService.exe
Failed to access process -> qsm.exe
Failed to access process -> svchost.exe
Failed to access process -> whsarch.exe
Failed to access process -> whsbackup.exe
Failed to access process -> WHSFileSorter.exe
Failed to access process -> wmiprvse.exe
Failed to access process -> WHSHealth.exe
Failed to access process -> TransportService.exe
Failed to access process -> wmccds.exe
Failed to access process -> cqvSvc.exe
Failed to access process -> WLIDSVCM.EXE
Failed to access process -> ddnss.exe
Failed to access process -> LightsOutService.exe
Failed to access process -> pdl.exe
Failed to access process -> portfwd.exe
Failed to access process -> dmadmin.exe
Failed to access process -> alg.exe
Failed to access process -> svchost.exe
Failed to access process -> w3wp.exe
Failed to access process -> demigrator.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> rdpclip.exe
Failed to access process -> ctfmon.exe
Failed to access process -> HomeServerConsole.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> rdpclip.exe
Failed to access process -> explorer.exe
Failed to access process -> IAAnotif.exe
Failed to access process -> ctfmon.exe
Failed to access process -> WindowsSearch.exe
Failed to access process -> avgidsagent.exe
Failed to access process -> avgwdsvc.exe
Failed to access process -> avgui.exe
Failed to access process -> avgrsx.exe
Failed to access process -> avgcsrvx.exe
Failed to access process -> avgcsrvx.exe
Failed to access process -> avgcsrvx.exe
Failed to access process -> FRST.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [63048 2015-02-16] (LogMeIn, Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-11-04] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\LMIinit: C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKLM\...\Policies\Explorer: [NoStartMenuMFUprogramsList] 1
HKLM\...\Policies\Explorer: [NoUserNameInStartMenu] 1
HKLM\...\Command Processor:  <======= ATTENTION
HKU\S-1-5-19\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44032 2008-07-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44032 2008-07-12] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44032 2008-07-12] (Microsoft Corporation)
Lsa: [Notification Packages] RASSFM KDCSVC WDIGEST scecli pwdfilter
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3524439881-2721216019-2401113298-500\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1426594322500
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-25] (Microsoft Corporation)
Winsock: Catalog5 03 C:\WINDOWS\system32\mswsock.dll [256000] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-03-06]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

Locked "SBCore" service was unlocked successfully. <===== ATTENTION

R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4942384 2014-10-17] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2007-07-24] (Apple Inc.) [File not signed]
R2 CqvSvc; C:\Program Files\Windows Home Server\cqvSvc.exe [59240 2009-10-07] (Microsoft Corporation)
R2 DDNSS; C:\Program Files\Windows Home Server\ddnss.exe [224112 2011-01-10] (Microsoft Corporation)
S3 Dfs; C:\WINDOWS\system32\Dfssvc.exe [164864 2008-07-12] (Microsoft Corporation)
R3 DriveExtenderMigrator; C:\Program Files\Windows Home Server\demigrator.exe [34664 2009-10-07] (Microsoft Corporation)
R2 HomeServerMonService; C:\Program Files\Windows Home Server\WixWHSService.exe [40960 2009-10-09] (Wistron) [File not signed]
R2 IISADMIN; C:\WINDOWS\system32\inetsrv\inetinfo.exe [14336 2008-07-12] (Microsoft Corporation)
S4 IsmServ; C:\WINDOWS\System32\ismserv.exe [40448 2008-07-12] (Microsoft Corporation)
S4 kdc; C:\WINDOWS\System32\lsass.exe [13312 2008-07-12] (Microsoft Corporation)
R2 LicenseService; C:\WINDOWS\System32\llssrv.exe [94720 2008-07-12] (Microsoft Corporation)
R2 LoService; C:\Program Files\Windows Home Server\LightsOutService.exe [53248 2009-07-03] (AxoNet Software GmbH) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 NtFrs; C:\WINDOWS\system32\ntfrs.exe [792064 2008-07-12] (Microsoft Corporation)
R2 pdl; C:\Program Files\Windows Home Server\pdl.exe [68968 2009-10-07] (Microsoft Corporation)
R2 PortForwarding; C:\Program Files\Windows Home Server\portfwd.exe [152936 2009-10-07] (Microsoft Corporation)
R2 QSM; C:\Program Files\Windows Home Server\qsm.exe [523120 2010-07-12] (Microsoft Corporation)
S3 RSoPProv; C:\WINDOWS\system32\RSoPProv.exe [67072 2008-07-12] (Microsoft Corporation)
S3 sacsvr; C:\WINDOWS\system32\sacsvr.dll [12288 2008-07-12] (Microsoft Corporation)
R2 SBCore; C:\WINDOWS\System32\sbscrexe.exe [38400 2008-07-12] (Microsoft Corporation)
S4 TrkSvr; C:\WINDOWS\system32\trksvr.dll [50688 2008-07-12] (Microsoft Corporation)
S4 Tssdis; C:\WINDOWS\System32\tssdis.exe [71168 2008-07-12] (Microsoft Corporation)
R2 WHSArchiver; C:\Program Files\Windows Home Server\whsarch.exe [64360 2009-10-07] (Microsoft Corporation)
R2 WHSBackup; C:\Program Files\Windows Home Server\whsbackup.exe [531304 2009-10-07] (Microsoft Corporation)
R2 WHSFileSorter; C:\Program Files\WHS Suite\WHSFileSorter.exe [32768 2009-04-30] () [File not signed]
R2 WHSHealth; C:\Program Files\WHS Suite\WHSHealth.exe [61440 2009-09-27] () [File not signed]
R2 WHSTransportService; C:\Program Files\Windows Home Server\TransportService.exe [336752 2011-01-10] (Microsoft Corporation)
S4 WiDMS; C:\Program Files\Wistron\WiDMS\WiDMS.exe [603648 2009-09-29] () [File not signed]
R2 WMConnectCDS; C:\Program Files\Media Connect\wmccds.exe [914280 2009-10-07] (Microsoft Corporation)
R2 yksvc; C:\WINDOWS\System32\ykx32mpcoinst.dll [282624 2009-01-08] (Marvell)
R2 Eventlog;  [X]
R3 WinHttpAutoProxySvc; winhttp.dll [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [172856 2014-11-04] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)
S4 ClusDisk; C:\WINDOWS\System32\DRIVERS\ClusDisk.sys [69120 2008-07-12] (Microsoft Corporation)
R0 DEFilter; C:\WINDOWS\System32\DRIVERS\DEfilter.sys [99696 2010-07-12] (Microsoft Corporation)
R0 DfsDriver; C:\WINDOWS\System32\drivers\Dfs.sys [34816 2008-07-12] (Microsoft Corporation)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [54360 2014-11-21] (Malwarebytes Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MfeAVFK; C:\WINDOWS\System32\drivers\MfeAVFK.sys [79816 2009-05-15] (McAfee, Inc.)
S3 MfeBOPK; C:\WINDOWS\System32\drivers\MfeBOPK.sys [35272 2009-05-15] (McAfee, Inc.)
R1 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [214024 2009-05-15] (McAfee, Inc.)
S3 MfeRKDK; C:\WINDOWS\System32\drivers\MfeRKDK.sys [34248 2009-05-15] (McAfee, Inc.)
R1 mfetdik; C:\WINDOWS\System32\drivers\mfetdik.sys [55336 2009-05-15] (McAfee, Inc.)
R0 mv61xx; C:\WINDOWS\System32\DRIVERS\mv61xx.sys [155688 2009-08-06] (Marvell Semiconductor, Inc.)
S3 WLBS; C:\WINDOWS\System32\DRIVERS\wlbs.sys [169984 2008-07-12] (Microsoft Corporation)
R3 WNAS; C:\WINDOWS\System32\DRIVERS\WNAS.sys [17920 2008-12-01] (Wistron Corporation)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [296320 2009-01-08] (Marvell)
S4 adpu320; No ImagePath
S4 afcnt; No ImagePath
S4 AmdIde; No ImagePath
S4 arc; No ImagePath
S4 cpqarry2; No ImagePath
S4 cpqcissm; No ImagePath
S4 cpqfcalm; No ImagePath
S4 dellcerc; No ImagePath
S3 efavdrv; \??\C:\WINDOWS\system32\drivers\efavdrv.sys [X]
S4 elxstor; No ImagePath
S4 hpcisss; No ImagePath
S4 hpt3xx; No ImagePath
S4 iirsp; No ImagePath
S4 IntelIde; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S4 ipsraidn; No ImagePath
U3 LicenseInfo; No ImagePath
S4 LMIRfsClientNP; No ImagePath
S4 lp6nds35; No ImagePath
S0 mamd; System32\drivers\vevqxojc.sys [X]
S4 nfrd960; No ImagePath
U4 ParVdm; No ImagePath
S4 ql2100; No ImagePath
S4 ql2200; No ImagePath
S4 ql2300; No ImagePath
U5 sacdrv; C:\Windows\System32\Drivers\sacdrv.sys [72704 2008-07-12] (Microsoft Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [105472 2008-07-12] (Microsoft Corporation)
S4 symmpi; No ImagePath
U1 WS2IFSL; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

NETSVC: Sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)
NETSVC: TrkSvr -> C:\Windows\system32\trksvr.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 10:33 - 2015-03-18 10:33 - 00018698 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\tmpD0.tmp
2015-03-18 10:29 - 2015-03-18 10:29 - 00019535 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\tmpBC.tmp
2015-03-18 10:14 - 2015-03-18 10:14 - 00019536 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\tmpA8.tmp
2015-03-18 10:06 - 2015-03-18 10:06 - 00019560 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\tmp94.tmp
2015-03-18 09:41 - 2015-03-18 09:41 - 00018698 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\tmp81.tmp
2015-03-18 09:39 - 2015-03-18 09:39 - 00018698 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\tmp71.tmp
2015-03-18 09:34 - 2015-03-18 09:34 - 00018698 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\tmp61.tmp
2015-03-18 09:33 - 2015-03-18 09:33 - 00019536 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\tmp4D.tmp
2015-03-18 09:19 - 2015-03-18 09:19 - 00019459 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\tmp29.tmp
2015-03-18 09:19 - 2015-03-18 09:19 - 00018698 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\tmp3D.tmp
2015-03-18 09:09 - 2015-03-18 09:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\AVG2013
2015-03-18 09:08 - 2015-03-18 09:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2015-03-18 09:07 - 2015-03-18 09:07 - 00005497 _____ () C:\WINDOWS\setupapi.log
2015-03-18 09:05 - 2015-03-18 09:05 - 00000000 ____D () C:\Program Files\AVG
2015-03-18 08:53 - 2015-03-18 12:00 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp\2
2015-03-18 08:50 - 2015-03-18 08:50 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp\1
2015-03-18 08:43 - 2015-03-18 08:43 - 00001740 _____ () C:\WINDOWS\PFRO.log
2015-03-18 08:31 - 2015-03-18 08:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\WHSAdmin
2015-03-18 08:27 - 2015-03-18 08:27 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-18 08:27 - 2015-03-18 08:27 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2015-03-18 06:43 - 2015-03-18 06:43 - 00000123 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\CFG1.tmp
2015-03-17 20:16 - 2015-03-17 20:16 - 00001919 _____ () C:\WINDOWS\epplauncher.mif
2015-03-17 20:01 - 2015-03-17 20:01 - 00000606 _____ () C:\Documents and Settings\Administrator\Desktop\JRT.txt
2015-03-17 16:55 - 2015-03-17 11:52 - 00402944 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\MiniToolBox.exe
2015-03-17 16:55 - 2015-03-17 11:50 - 02171392 _____ () C:\Documents and Settings\Administrator\Desktop\adwcleaner_4.112.exe
2015-03-17 16:55 - 2015-03-17 11:47 - 01388672 _____ (Thisisu) C:\Documents and Settings\Administrator\Desktop\Junkware Removal Tool.exe
2015-03-17 14:49 - 2015-03-17 14:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2015-03-17 14:46 - 2015-03-18 09:02 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-03-17 14:45 - 2015-03-17 14:45 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-03-17 14:45 - 2015-03-17 14:45 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-17 14:45 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-03-17 14:45 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-03-17 14:30 - 2015-03-17 14:31 - 00022713 _____ () C:\Documents and Settings\Administrator\Desktop\Result.txt
2015-03-17 14:16 - 2015-03-17 14:16 - 00001830 _____ () C:\Documents and Settings\Administrator\Desktop\startup.txt
2015-03-17 12:39 - 2015-03-17 12:39 - 00004366 _____ () C:\WINDOWS\Result.txt
2015-03-17 11:54 - 2015-03-18 08:42 - 00000000 ____D () C:\AdwCleaner
2015-03-17 11:54 - 2015-03-17 11:54 - 00032768 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\~DF8366.tmp
2015-03-17 11:53 - 2015-03-17 11:53 - 00000924 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\JRT.txt
2015-03-17 11:49 - 2015-03-17 11:49 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp\jrt
2015-03-17 11:36 - 2015-03-18 08:44 - 00000738 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Client.lnk
2015-03-17 11:36 - 2015-03-18 08:44 - 00000722 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn Control Panel.lnk
2015-03-17 11:36 - 2015-03-18 08:44 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LogMeIn
2015-03-17 11:36 - 2015-03-17 11:36 - 00001024 _____ () C:\.rnd
2015-03-17 11:36 - 2015-02-16 18:10 - 00086912 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2015-03-17 11:36 - 2015-02-16 18:09 - 00085864 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2015-03-17 11:36 - 2015-02-16 18:09 - 00031592 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIport.dll
2015-03-17 11:36 - 2015-02-16 17:59 - 00047640 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\LMIRfsDriver.sys
2015-03-17 11:35 - 2015-03-17 15:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\memnlpa
2015-03-17 11:35 - 2015-03-17 11:39 - 00000000 ____D () C:\Program Files\LogMeIn
2015-03-17 11:20 - 2015-03-17 11:20 - 00000000 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\mmc036B27C5.xml
2015-03-17 08:52 - 2015-03-17 08:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3035132$
2015-03-17 08:52 - 2015-03-17 08:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3002657-v2$
2015-03-17 08:42 - 2015-03-17 08:42 - 00385138 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20150317_084205703-Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219-MSP0.txt
2015-03-17 08:42 - 2015-03-17 08:42 - 00075892 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_20150317_084205703.html
2015-03-17 08:42 - 2015-03-17 08:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp\Microsoft Visual C++ 2010  x86 Redistributable Setup_10.0.40219
2015-03-17 08:41 - 2015-03-17 08:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3046049$
2015-03-17 08:41 - 2015-03-17 08:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3039066$
2015-03-17 08:41 - 2015-03-17 08:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3034344$
2015-03-17 08:41 - 2015-03-17 08:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3033395-v2$
2015-03-17 08:40 - 2015-03-17 08:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3032323$
2015-03-17 08:39 - 2015-03-17 08:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3033889$
2015-03-17 08:26 - 2015-02-12 20:24 - 06009344 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2015-03-17 08:26 - 2015-02-12 20:24 - 06009344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-03-17 08:26 - 2015-02-12 20:24 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-03-17 08:26 - 2015-02-12 20:24 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-03-17 08:26 - 2015-02-12 20:24 - 00348160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\dxtmsft.dll
2015-03-17 08:26 - 2015-02-12 20:24 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-03-17 08:26 - 2015-02-12 20:24 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2015-03-17 08:26 - 2015-02-12 20:24 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2015-03-17 08:26 - 2015-02-12 20:24 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2015-03-17 08:26 - 2015-02-12 20:24 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2015-03-17 08:26 - 2015-02-12 20:24 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2015-03-17 08:26 - 2015-02-12 20:24 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2015-03-17 08:26 - 2015-02-12 20:24 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2015-03-17 08:25 - 2015-02-12 20:24 - 11086848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-03-17 08:25 - 2015-02-12 20:24 - 01217536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2015-03-17 08:25 - 2015-02-12 20:24 - 01217536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-03-17 08:25 - 2015-02-12 20:24 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2015-03-17 08:25 - 2015-02-12 20:24 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-03-17 08:19 - 2012-06-02 15:18 - 00275696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mucltui.dll
2015-03-17 08:19 - 2012-06-02 15:18 - 00017136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mucltui.dll.mui
2015-03-17 07:47 - 2015-03-17 15:58 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\dmreMRT
2015-03-14 09:33 - 2015-03-14 09:33 - 00000000 ____D () C:\abcdefghijklmnopqrssttuvwxyabcdefghijklmnopqrssttuvwxyabcdefghijklmnopqrssttuvwxyabcdefghijklmnopqrssttuvwxyabcdefghijklmnopqrssttuvwxyabcdefghijklmnopqrssttuvwxyabcdefghijklmnopqrssttuvwxyabcdefghijklmnopqrssttuvwxy
2015-03-14 09:24 - 2015-03-14 09:26 - 00002625 _____ () C:\WHScleanup.cmd
2015-03-13 20:57 - 2015-03-13 20:57 - 00439296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\netlogon.dll
2015-03-13 20:57 - 2015-03-13 20:57 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2015-03-13 09:36 - 2015-03-18 11:59 - 00000000 ____D () C:\FRST
2015-03-13 09:20 - 2015-03-17 14:07 - 00000000 ____D () C:\WINDOWS\pss
2015-03-12 17:38 - 2015-03-18 06:54 - 00000522 _____ () C:\cleanup.bat
2015-03-12 17:03 - 2015-03-18 06:54 - 00000000 ____D () C:\AVG_SysInfo
2015-03-12 15:55 - 2015-03-12 15:55 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ESET
2015-03-12 14:49 - 2015-03-12 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2015-03-11 13:57 - 2015-03-18 09:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2013
2015-03-11 13:57 - 2015-03-18 09:06 - 00000000 ___HD () C:\$AVG
2015-03-11 13:55 - 2015-03-18 09:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2015-03-10 00:18 - 2015-03-10 00:18 - 00001080 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live ID.lnk
2015-03-10 00:00 - 2015-03-10 00:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB981089$
2015-03-09 13:58 - 2015-03-17 11:54 - 00857088 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\adwcleaner.db
2015-03-09 06:52 - 2015-03-07 12:40 - 132163312 _____ (Microsoft Corporation) C:\Documents and Settings\Administrator\Desktop\Microsoft Safety Scanner.exe
2015-03-09 00:01 - 2015-03-09 00:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979453$
2015-03-08 12:10 - 2015-03-11 15:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\netdrcp
2015-03-08 04:42 - 2015-02-12 20:24 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2015-03-08 04:42 - 2015-02-12 20:24 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2015-03-08 04:42 - 2011-03-03 19:58 - 00726528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jscript.dll
2015-03-08 04:42 - 2011-03-03 19:58 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-03-07 11:44 - 2015-03-11 15:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\autoeate
2015-03-07 11:43 - 2015-03-11 15:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\mobsnet
2015-03-07 11:08 - 2015-03-07 11:08 - 00000000 __SHD () C:\Documents and Settings\Default User\IETldCache
2015-03-07 11:01 - 2015-03-07 11:01 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2015-03-07 11:01 - 2015-03-07 11:01 - 00000000 __SHD () C:\Documents and Settings\Administrator\IECompatCache
2015-03-07 10:59 - 2015-03-07 10:59 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2015-03-07 10:30 - 2015-03-17 08:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-03-07 10:29 - 2015-03-07 10:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2918614$
2015-03-07 10:19 - 2015-03-07 10:19 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB961118$
2015-03-07 09:33 - 2015-03-07 09:33 - 00000640 _____ () C:\WINDOWS\InstallUtil.InstallLog
2015-03-07 09:33 - 2015-03-07 09:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB968349$
2015-03-07 09:32 - 2015-03-07 09:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB969949$
2015-03-07 09:29 - 2015-03-07 09:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2467659$
2015-03-07 09:29 - 2015-02-12 20:24 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2015-03-07 09:28 - 2015-03-17 08:39 - 00000000 ____D () C:\WINDOWS\ie8updates
2015-03-07 09:28 - 2015-03-07 10:56 - 00065536 _____ () C:\WINDOWS\system32\config\Internet Explorer.evt
2015-03-07 09:28 - 2015-02-12 20:24 - 11086848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2015-03-07 09:28 - 2015-02-12 20:24 - 02006528 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2015-03-07 09:28 - 2015-02-12 20:24 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2015-03-07 09:28 - 2015-02-12 20:24 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2015-03-07 09:28 - 2015-02-12 20:24 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2015-03-07 09:28 - 2015-02-12 20:24 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2015-03-07 09:28 - 2015-02-12 20:24 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2015-03-07 09:28 - 2010-04-16 08:06 - 00041984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iecompat.dll
2015-03-07 09:27 - 2015-03-07 09:28 - 00000000 __HDC () C:\WINDOWS\ie8
2015-03-07 09:24 - 2015-03-17 08:42 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-03-07 09:19 - 2015-03-07 09:19 - 00000000 ___HD () C:\WINDOWS\PIF
2015-03-07 09:19 - 2015-03-07 09:19 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Windows Search
2015-03-07 09:14 - 2015-03-07 09:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982666$
2015-03-07 08:43 - 2015-03-07 08:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2015-03-07 07:09 - 2014-06-03 21:25 - 00600576 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\crypt32.dll
2015-03-07 07:09 - 2014-06-03 21:25 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-03-06 14:37 - 2015-03-06 14:37 - 00000000 ____D () C:\WINDOWS\system32\appmgmt
2015-03-06 14:37 - 2008-05-22 05:15 - 00000434 _____ () C:\WINDOWS\myClean.bat
2015-03-06 14:34 - 2015-03-06 14:34 - 00000124 _____ () C:\Documents and Settings\Administrator\Desktop\Control Panel.lnk
2015-03-06 14:21 - 2015-03-18 08:45 - 00000222 ____H () C:\WINDOWS\Tasks\LoSBackupWake.job
2015-03-06 14:17 - 2015-03-06 14:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3029944$
2015-03-06 14:17 - 2015-03-06 14:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3004361$
2015-03-06 14:16 - 2015-03-06 14:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3023562$
2015-03-06 14:16 - 2015-03-06 14:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3021952$
2015-03-06 14:16 - 2015-03-06 14:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3013455$
2015-03-06 14:15 - 2015-03-06 14:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3021674$
2015-03-06 14:15 - 2015-03-06 14:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3020393$
2015-03-06 14:15 - 2015-03-06 14:15 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3014029$
2015-03-06 14:14 - 2015-03-06 14:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3019215$
2015-03-06 14:14 - 2015-03-06 14:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3013126$
2015-03-06 14:14 - 2015-03-06 14:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3012168$
2015-03-06 14:14 - 2015-03-06 14:14 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3011780$
2015-03-06 14:13 - 2015-03-06 14:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2993958$
2015-03-06 14:13 - 2015-03-06 14:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2991963$
2015-03-06 14:13 - 2015-03-06 14:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2989935$
2015-03-06 14:12 - 2015-03-06 14:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB3006226$
2015-03-06 14:12 - 2015-03-06 14:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2998579$
2015-03-06 14:12 - 2015-03-06 14:12 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2978114$
2015-03-06 14:11 - 2015-03-06 14:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2993254$
2015-03-06 14:11 - 2015-03-06 14:11 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2972207$
2015-03-06 14:10 - 2015-03-06 14:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2993651$
2015-03-06 14:10 - 2015-03-06 14:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2981580$
2015-03-06 14:10 - 2015-03-06 14:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2894845$
2015-03-06 14:09 - 2015-03-06 14:10 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB942288-v4$
2015-03-06 14:09 - 2015-03-06 14:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2961072$
2015-03-06 14:09 - 2015-03-06 14:09 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2957509$
2015-03-06 14:08 - 2015-03-06 14:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2957503$
2015-03-06 14:08 - 2015-03-06 14:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2926765$
2015-03-06 14:07 - 2015-03-06 14:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2015-03-06 14:07 - 2015-03-06 14:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2015-03-06 14:07 - 2015-03-06 14:07 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2901115$
2015-03-06 14:06 - 2015-03-06 14:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2914368$
2015-03-06 14:06 - 2015-03-06 14:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2898715$
2015-03-06 14:06 - 2015-03-06 14:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2015-03-06 14:06 - 2015-03-06 14:06 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2892076$
2015-03-06 14:05 - 2015-03-06 14:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2900986$
2015-03-06 14:05 - 2015-03-06 14:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2868626$
2015-03-06 14:05 - 2015-03-06 14:05 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862152$
2015-03-06 13:56 - 2015-03-07 08:59 - 00000000 ____D () C:\WINDOWS\system32\XPSViewer
2015-03-06 13:56 - 2015-03-06 13:56 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-03-06 13:56 - 2015-03-06 13:56 - 00000000 ____D () C:\Program Files\MSBuild
2015-03-06 13:56 - 2008-07-06 08:06 - 01676288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpssvcs.dll
2015-03-06 13:56 - 2008-07-06 08:06 - 01676288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpssvcs.dll
2015-03-06 13:56 - 2008-07-06 08:06 - 00575488 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsshhdr.dll
2015-03-06 13:56 - 2008-07-06 08:06 - 00575488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpsshhdr.dll
2015-03-06 13:56 - 2008-07-06 08:06 - 00117760 ____N (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2015-03-06 13:56 - 2008-07-06 08:06 - 00089088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\filterpipelineprintproc.dll
2015-03-06 13:56 - 2008-07-06 06:50 - 00597504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe
2015-03-06 13:50 - 2015-03-06 13:50 - 00000000 __HDC () C:\WINDOWS\$NtUninstallWIC$
2015-03-06 13:48 - 2015-03-06 13:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864058$
2015-03-06 13:48 - 2015-03-06 13:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862335$
2015-03-06 13:48 - 2015-03-06 13:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2862330$
2015-03-06 13:47 - 2015-03-06 13:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2876217$
2015-03-06 13:47 - 2015-03-06 13:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2864063$
2015-03-06 13:47 - 2015-03-06 13:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2847311$
2015-03-06 13:47 - 2015-03-06 13:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2803821-v2$
2015-03-06 13:46 - 2015-03-06 13:47 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2859537$
2015-03-06 13:46 - 2015-03-06 13:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2834886$
2015-03-06 13:46 - 2015-03-06 13:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2820917$
2015-03-06 13:46 - 2015-03-06 13:46 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2807986$
2015-03-06 13:45 - 2015-03-06 13:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2780091$
2015-03-06 13:45 - 2015-03-06 13:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2779562$
2015-03-06 13:45 - 2015-03-06 13:45 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2742604$
2015-03-06 13:44 - 2015-03-06 13:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2770660$
2015-03-06 13:44 - 2015-03-06 13:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2749655$
2015-03-06 13:44 - 2015-03-06 13:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2748349$
2015-03-06 13:44 - 2015-03-06 13:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2727528$
2015-03-06 13:44 - 2015-03-06 13:44 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2705219-v2$
2015-03-06 13:43 - 2015-03-06 13:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2712808$
2015-03-06 13:43 - 2015-03-06 13:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2698365$
2015-03-06 13:43 - 2015-03-06 13:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2691442$
2015-03-06 13:43 - 2015-03-06 13:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2686509$
2015-03-06 13:43 - 2015-03-06 13:43 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2685939$
2015-03-06 13:42 - 2015-03-06 13:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2676562$
2015-03-06 13:42 - 2015-03-06 13:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2659262$
2015-03-06 13:42 - 2015-03-06 13:42 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2653956$
2015-03-06 13:41 - 2015-03-06 13:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2644615$
2015-03-06 13:41 - 2015-03-06 13:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2638806$
2015-03-06 13:41 - 2015-03-06 13:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2603381$
2015-03-06 13:41 - 2015-03-06 13:41 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2598479$
2015-03-06 13:40 - 2015-03-06 13:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2631813$
2015-03-06 13:40 - 2015-03-06 13:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2620712$
2015-03-06 13:40 - 2015-03-06 13:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2584146$
2015-03-06 13:39 - 2015-03-06 13:40 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2544893-v2$
2015-03-06 13:39 - 2015-03-06 13:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2570947$
2015-03-06 13:39 - 2015-03-06 13:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2566454$
2015-03-06 13:39 - 2015-03-06 13:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2564958$
2015-03-06 13:39 - 2015-03-06 13:39 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2536276-v2$
2015-03-06 13:38 - 2015-03-06 13:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2535512$
2015-03-06 13:38 - 2015-03-06 13:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2510587$
2015-03-06 13:38 - 2015-03-06 13:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2509553$
2015-03-06 13:38 - 2015-03-06 13:38 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2507938$
2015-03-06 13:37 - 2015-03-06 13:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB971029$
2015-03-06 13:37 - 2015-03-06 13:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2508429$
2015-03-06 13:37 - 2015-03-06 13:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2506212$
2015-03-06 13:37 - 2015-03-06 13:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2485663$
2015-03-06 13:37 - 2015-03-06 13:37 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2393802$
2015-03-06 13:36 - 2015-03-06 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2483185$
2015-03-06 13:36 - 2015-03-06 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2478960$
2015-03-06 13:36 - 2015-03-06 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2443105$
2015-03-06 13:36 - 2015-03-06 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2423089$
2015-03-06 13:36 - 2015-03-06 13:36 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2419635$
2015-03-06 13:35 - 2015-03-06 13:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB982132$
2015-03-06 13:35 - 2015-03-06 13:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979687$
2015-03-06 13:35 - 2015-03-06 13:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2387149$
2015-03-06 13:35 - 2015-03-06 13:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2378111$
2015-03-06 13:35 - 2015-03-06 13:35 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2345886$
2015-03-06 13:34 - 2015-03-06 13:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975558_WM8$
2015-03-06 13:34 - 2015-03-06 13:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2347290$
2015-03-06 13:34 - 2015-03-06 13:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2229593$
2015-03-06 13:34 - 2015-03-06 13:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2124261$
2015-03-06 13:34 - 2015-03-06 13:34 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2115168$
2015-03-06 13:33 - 2015-03-17 15:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978695$
2015-03-06 13:33 - 2015-03-06 13:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979907$
2015-03-06 13:33 - 2015-03-06 13:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979482$
2015-03-06 13:33 - 2015-03-06 13:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978542$
2015-03-06 13:33 - 2015-03-06 13:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978338$
2015-03-06 13:32 - 2015-03-06 13:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980232$
2015-03-06 13:32 - 2015-03-06 13:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB979309$
2015-03-06 13:32 - 2015-03-06 13:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978706$
2015-03-06 13:32 - 2015-03-06 13:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977816$
2015-03-06 13:32 - 2015-03-06 13:32 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973917-v2$
2015-03-06 13:31 - 2015-03-06 13:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977914$
2015-03-06 13:31 - 2015-03-06 13:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$
2015-03-06 13:31 - 2015-03-06 13:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB973904$
2015-03-06 13:31 - 2015-03-06 13:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB972270$
2015-03-06 13:31 - 2015-03-06 13:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB955759$
2015-03-06 13:30 - 2015-03-06 13:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974571$
2015-03-06 13:30 - 2015-03-06 13:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974392$
2015-03-06 13:30 - 2015-03-06 13:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974318$
2015-03-06 13:30 - 2015-03-06 13:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB974112$
2015-03-06 13:30 - 2015-03-06 13:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB970430$
2015-03-06 13:30 - 2015-03-06 13:30 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB969059$
2015-03-06 13:29 - 2015-03-06 13:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975025$
2015-03-06 13:29 - 2015-03-06 13:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB954155$
2015-03-06 13:29 - 2015-03-06 13:29 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB936357$
2015-03-06 13:05 - 2015-03-06 13:05 - 00000000 ____D () C:\fs
2015-03-06 13:01 - 2013-07-20 15:18 - 00032128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2015-03-06 13:01 - 2013-07-20 15:18 - 00017664 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbohci.sys
2015-03-06 13:01 - 2013-07-20 15:18 - 00005760 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2015-03-06 12:58 - 2009-11-21 10:55 - 01364226 ____C () C:\WINDOWS\system32\dllcache\sysmain.sdb
2015-03-06 12:58 - 2009-11-21 10:48 - 00421376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\aclayers.dll
2015-03-06 12:57 - 2012-08-21 08:56 - 00153600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\volsnap.sys
2015-03-06 12:56 - 2013-07-02 21:01 - 00025472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2015-03-06 12:56 - 2013-07-02 20:52 - 00016384 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys
2015-03-06 12:56 - 2009-11-26 10:45 - 00086016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\avifil32.dll
2015-03-06 12:56 - 2009-11-26 10:45 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\avifil32.dll
2015-03-06 12:56 - 2009-11-26 10:45 - 00048128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iyuv_32.dll
2015-03-06 12:56 - 2009-11-26 10:45 - 00008704 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\tsbyuv.dll
2015-03-06 12:55 - 2013-02-11 21:13 - 00014336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usb8023x.sys
2015-03-06 12:54 - 2014-08-24 08:29 - 00285696 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\gdi32.dll
2015-03-06 12:54 - 2014-08-24 08:29 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-03-06 12:52 - 2014-08-22 21:11 - 01187840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msxml3.dll
2015-03-06 12:52 - 2014-08-22 21:11 - 01187840 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-03-06 12:52 - 2014-08-21 11:22 - 00836608 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mqqm.dll
2015-03-06 12:52 - 2014-08-21 11:22 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2015-03-06 03:47 - 2015-03-06 03:47 - 00154624 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\schannel.dll
2015-03-06 03:47 - 2015-03-06 03:47 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-25 21:46 - 2015-02-25 21:46 - 01892352 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\win32k.sys
2015-02-25 21:46 - 2015-02-25 21:46 - 01892352 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-19 22:42 - 2015-02-19 22:42 - 00290816 ____C (Adobe Systems Incorporated) C:\WINDOWS\system32\dllcache\atmfd.dll
2015-02-19 22:42 - 2015-02-19 22:42 - 00290816 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-02-18 22:03 - 2015-02-18 22:03 - 08363008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\shell32.dll
2015-02-18 22:03 - 2015-02-18 22:03 - 08363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-02-16 17:58 - 2015-02-16 17:58 - 00025248 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\lmimirr.dll
2015-02-16 17:58 - 2015-02-16 17:58 - 00011552 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\lmimirr2.dll
2015-02-16 17:58 - 2015-02-16 17:58 - 00010144 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\Drivers\lmimirr.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-18 12:00 - 2009-10-06 17:51 - 00001170 _____ () C:\WINDOWS\system32\wpa.dbl
2015-03-18 11:55 - 2009-10-06 17:14 - 00002586 _____ () C:\WINDOWS\system32\licstr.cpa
2015-03-18 09:12 - 2009-10-06 17:07 - 01784208 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-18 08:46 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\system32\inetsrv
2015-03-18 08:45 - 2009-10-06 17:23 - 00000016 ____H () C:\QSM_VolumeID
2015-03-18 08:44 - 2009-10-06 17:14 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-18 08:42 - 2009-10-06 17:21 - 00065536 _____ () C:\WINDOWS\system32\config\HomeServerEvents.evt
2015-03-18 08:42 - 2009-10-06 17:14 - 00032566 _____ () C:\WINDOWS\Tasks\SchedLgU.Txt
2015-03-18 08:32 - 2009-10-09 16:29 - 00000353 _____ () C:\WINDOWS\system32\whsinfo.xml
2015-03-18 08:31 - 2009-10-09 16:23 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\LightsOut
2015-03-18 08:30 - 2009-10-06 17:14 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-03-18 06:43 - 2009-10-06 17:21 - 00000000 ____D () C:\Program Files\Windows Home Server
2015-03-17 11:37 - 2009-10-06 10:01 - 00604374 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-17 11:30 - 2009-10-06 17:54 - 00000224 __RSH () C:\boot.ini
2015-03-17 11:30 - 2009-10-06 17:51 - 00000477 _____ () C:\WINDOWS\win.ini
2015-03-17 11:30 - 2009-10-06 17:50 - 00000227 _____ () C:\WINDOWS\system.ini
2015-03-17 11:30 - 2009-10-06 17:14 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-03-17 11:21 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\system32\ias
2015-03-17 08:56 - 2009-10-06 10:00 - 00160344 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-11 20:52 - 2009-10-06 17:09 - 02503168 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2015-03-11 20:52 - 2009-10-06 17:09 - 02462720 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2015-03-11 20:52 - 2007-02-16 23:41 - 02503168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-03-11 19:50 - 2009-10-06 17:09 - 02354688 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2015-03-11 19:50 - 2009-10-06 17:09 - 02314240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2015-03-11 19:50 - 2007-02-16 23:42 - 02354688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntkrnlpa.exe
2015-03-10 00:18 - 2009-10-06 10:01 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-10 00:17 - 2009-10-06 17:40 - 00000000 ____D () C:\WHS
2015-03-09 13:58 - 2014-11-08 04:33 - 00583168 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\Quarantine.exe
2015-03-09 00:00 - 2009-10-06 17:09 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2015-03-08 02:01 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2015-03-07 10:59 - 2009-10-06 17:14 - 00000806 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
2015-03-07 10:59 - 2009-10-06 17:14 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2015-03-07 10:57 - 2009-10-06 17:40 - 00000000 ____D () C:\Install
2015-03-07 10:57 - 2009-10-06 17:24 - 00000000 ____D () C:\Program Files\Media Connect
2015-03-07 10:57 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\Help
2015-03-07 09:27 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\Media
2015-03-06 20:34 - 2009-10-06 10:03 - 00000000 ____D () C:\WINDOWS\system32\lls
2015-03-06 14:29 - 2009-10-06 17:04 - 00000000 ____D () C:\WINDOWS\Registration
2015-03-06 14:29 - 2009-10-06 10:01 - 00002492 _____ () C:\WINDOWS\system32\pid.PNF
2015-03-06 14:29 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\security
2015-03-06 14:20 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\repair
2015-03-06 14:19 - 2009-10-06 17:06 - 00000000 ____D () C:\Program Files\Outlook Express
2015-03-06 14:10 - 2009-10-09 13:35 - 00448490 _____ () C:\WINDOWS\system32\TZLog.log
2015-03-06 14:10 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\system32\mui
2015-03-06 13:56 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\system32\spool
2015-03-06 13:04 - 2009-10-06 09:56 - 00000000 ____D () C:\WINDOWS\system32\LogFiles
2015-03-06 12:32 - 2009-10-06 17:14 - 00000741 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
2015-03-04 15:30 - 2014-11-08 04:31 - 00007329 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp\EULA.txt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== End Of Log ============================



#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:46 PM

Posted 18 March 2015 - 12:35 PM

Hello absolute_tom and welcome to BleepingComputer!         :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 3 days, feel free to PM me.          :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

Please copy and paste the addition.txt content here. No need to attach.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 absolute_tom

absolute_tom
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 18 March 2015 - 12:44 PM

Hello Siriwit,

 

Thank you for replying.  I've turned off all Antivirus programs that I had running and won't run anything unless you tell me to do so.  Here is the original addition.txt file that I ran 3/14:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Administrator at 2015-03-14 11:55:09
Running from \\Homeserver\Software
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AVG (HKLM\...\AVG) (Version: 3491 - AVG Technologies)
AVG 2013 (Version: 13.0.3495 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.4257 - AVG Technologies) Hidden
Bonjour (HKLM\...\{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}) (Version: 1.0.104 - Apple Inc.)
Firefly Media Server (HKLM\...\Firefly Media Server) (Version: svn-1737 - Ron Pedde)
Home Server System Monitor Service (HKLM\...\{2B0CDA1F-5166-4772-9169-A206C5E6C810}) (Version: 1.0.14 - Wistron)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - )
Lights Out - Runtime Management for Windows Home Server (HKLM\...\{55C3A1A9-78F8-46DA-B046-1BB04DE598B9}) (Version: 0.8.2 - Martin Rothschink - AxoNet Software)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB2957482) (HKLM\...\{87741E76-9D88-49FD-9C7C-14E2B37EB065}) (Version: 6.20.2017.0 - Microsoft Corporation)
WHS Suite (HKLM\...\InstallShield_{2AAF555E-DF74-43C3-885A-522C48F9EEDD}) (Version: 1.30.005 - )
WHS Suite (Version: 1.30.005 - ) Hidden
WiDMS (HKLM\...\{D37108AF-B7C0-4B26-A558-309190241594}) (Version: 1.62.0940.004 - )
Windows Home Server Activation Component (HKLM\...\umas) (Version:  - Microsoft Corporation)
Windows Home Server Backup Service (HKLM\...\umpcbackup) (Version:  - Microsoft Corporation)
Windows Home Server Certificate Enrollment (HKLM\...\umcenroll) (Version:  - Microsoft Corporation)
Windows Home Server Certificate Enrollment (Public Service) (HKLM\...\umcenrollid) (Version:  - Microsoft Corporation)
Windows Home Server Certificate Enrollment (Setup module) (HKLM\...\umcenrollsetup) (Version:  - Microsoft Corporation)
Windows Home Server Client Software Setup (Public Service) (HKLM\...\umcintranet) (Version:  - Microsoft Corporation)
Windows Home Server Console (HKLM\...\umconsole) (Version:  - Microsoft Corporation)
Windows Home Server Critical Process Monitor (HKLM\...\umcp) (Version:  - Microsoft Corporation)
Windows Home Server Drive Extender (HKLM\...\umde) (Version:  - Microsoft Corporation)
Windows Home Server Dynamic DNS Service (HKLM\...\umddns) (Version:  - Microsoft Corporation)
Windows Home Server Event Parser (HKLM\...\ummsglog) (Version:  - Microsoft Corporation)
Windows Home Server Notification Service (HKLM\...\umnotify) (Version:  - Microsoft Corporation)
Windows Home Server OOBE Setup Module (HKLM\...\umoobe) (Version:  - Microsoft Corporation)
Windows Home Server Port Forwarding Service (HKLM\...\umpf) (Version:  - Microsoft Corporation)
Windows Home Server Power Pack 2 (KB956587) (HKLM\...\KB956587) (Version: 1 - Microsoft Corporation)
Windows Home Server Power Pack 3 (KB968349) (HKLM\...\KB968349) (Version: 1 - Microsoft Corporation)
Windows Home Server Preserver (HKLM\...\umwhsarch) (Version:  - Microsoft Corporation)
Windows Home Server Remote Access (Base Package) (HKLM\...\umrabase) (Version:  - Microsoft Corporation)
Windows Home Server Remote Access (Public) (HKLM\...\umrahome) (Version:  - Microsoft Corporation)
Windows Home Server Remote Access (RWW) (HKLM\...\umraremote) (Version:  - Microsoft Corporation)
Windows Home Server SDK (HKLM\...\umpsdk) (Version:  - Microsoft Corporation)
Windows Home Server Storage Service (HKLM\...\umqsm) (Version:  - Microsoft Corporation)
Windows Home Server Toolkit 1.1 (HKLM\...\{AE042CE0-8C59-48DE-B64F-30A70D853927}) (Version: 6.0.1800.0 - Microsoft Corporation)
Windows Home Server Transport Service (HKLM\...\umconnector) (Version:  - Microsoft Corporation)
Windows Home Server UPnP and Media Connect Pack (HKLM\...\umupnp) (Version:  - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}) (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3524439881-2721216019-2401113298-500_Classes\CLSID\{97090E2F-3062-4459-855B-014F0D3CDBB1}\InprocServer32 -> C:\Program Files\Windows Desktop Search\deskbar.dll (Microsoft Corporation)

==================== Restore Points  =========================

ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-10-06 17:44 - 2008-07-12 08:17 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\LoSBackupWake.job => C:\WINDOWS\system32\tasklist.exe

==================== Loaded Modules (whitelisted) ==============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBCore => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBCore => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> (None)
HKU\S-1-5-21-3524439881-2721216019-2401113298-500\Control Panel\Desktop\\Wallpaper -> C:\install\q-1024x768_24bit.bmp
HKU\S-1-5-21-3524439881-2721216019-2401113298-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\install\q-1024x768_24bit.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

Administrator (S-1-5-21-3524439881-2721216019-2401113298-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
Andy (S-1-5-21-3524439881-2721216019-2401113298-1071 - Limited - Enabled)
ASPNET (S-1-5-21-3524439881-2721216019-2401113298-1003 - Limited - Enabled)
Guest (S-1-5-21-3524439881-2721216019-2401113298-501 - Limited - Disabled)
IUSR_SERVER (S-1-5-21-3524439881-2721216019-2401113298-1000 - Limited - Enabled)
IWAM_SERVER (S-1-5-21-3524439881-2721216019-2401113298-1001 - Limited - Enabled)
Shop (S-1-5-21-3524439881-2721216019-2401113298-1073 - Limited - Enabled)
SUPPORT_388945a0 (S-1-5-21-3524439881-2721216019-2401113298-1005 - Limited - Disabled)
Tom (S-1-5-21-3524439881-2721216019-2401113298-1070 - Limited - Enabled)
Wendy (S-1-5-21-3524439881-2721216019-2401113298-1072 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : This device is not configured correctly. (Code1)
Resolution: You may be prompted to provide the path of the driver. Windows may have the driver built-in, or may still have the driver files installed from the last time that you set up the device. If you are asked for the driver and you do not have it, you can try to download the latest driver from the hardware vendor�s Web site.
In the device properties dialog box, click the "Driver" tab, and then click "Update Driver" to start the "Hardware Update Wizard". Follow the instructions to update the driver. If updating the driver does not work, see your hardware documentation for more information.

==================== Event log errors: =========================

Application errors:
==================
Error: (03/14/2015 11:49:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application avgui.exe, version 13.0.0.3494, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/12/2015 01:27:12 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: Fault bucket 656084621.

Error: (03/12/2015 01:26:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application avgui.exe, version 13.0.0.3494, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/12/2015 07:07:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application avgui.exe, version 13.0.0.3494, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/12/2015 06:54:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application avgui.exe, version 13.0.0.3494, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/11/2015 02:11:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application avgui.exe, version 13.0.0.3494, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/08/2015 01:33:05 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\CONFIG.MSI\2FE5B8F.RBS> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (03/08/2015 01:33:05 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: The entry <C:\CONFIG.MSI\2FE5B8F.RBS> in the hash map cannot be updated.

Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)

Error: (03/07/2015 11:38:50 AM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context:  Application, SystemIndex Catalog

Error: (03/07/2015 10:41:12 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2742596, P2 1033, P3 1601, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 visualstudio8setup0, P10 visualstudio8setup1.

System errors:
=============
Error: (03/14/2015 11:35:15 AM) (Source: TermServDevices) (EventID: 1111) (User: )
Description: Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

Error: (03/14/2015 11:35:14 AM) (Source: TermServDevices) (EventID: 1111) (User: )
Description: Driver Amyuni Document Converter 300 required for printer QuickBooks PDF Converter is unknown. Contact the administrator to install the driver before you log in again.

Error: (03/14/2015 11:35:13 AM) (Source: TermServDevices) (EventID: 1111) (User: )
Description: Driver AutoVue Document Converter 2.20 required for printer AutoVue Document Converter is unknown. Contact the administrator to install the driver before you log in again.

Error: (03/14/2015 11:35:12 AM) (Source: TermServDevices) (EventID: 1111) (User: )
Description: Driver HP Officejet 4300 Series required for printer !!OFFICE1!HP Officejet 4300 Series is unknown. Contact the administrator to install the driver before you log in again.

Error: (03/14/2015 11:35:11 AM) (Source: TermServDevices) (EventID: 1111) (User: )
Description: Driver Canon MP280 series Printer required for printer !!TOM_LAPTOP!Canon MP280 series Printer is unknown. Contact the administrator to install the driver before you log in again.

Error: (03/14/2015 11:35:10 AM) (Source: TermServDevices) (EventID: 1111) (User: )
Description: Driver HP Photosmart C5500 series required for printer !!OFFICE1!HP Photosmart C5500 series is unknown. Contact the administrator to install the driver before you log in again.

Error: (03/14/2015 11:35:09 AM) (Source: TermServDevices) (EventID: 1111) (User: )
Description: Driver Canon MP280 series Printer required for printer Canon MP280 series Printer is unknown. Contact the administrator to install the driver before you log in again.

Error: (03/14/2015 09:23:43 AM) (Source: TermServDevices) (EventID: 1111) (User: )
Description: Driver Amyuni Document Converter 300 required for printer QuickBooks PDF Converter is unknown. Contact the administrator to install the driver before you log in again.

Error: (03/14/2015 09:23:42 AM) (Source: TermServDevices) (EventID: 1111) (User: )
Description: Driver HP Photosmart C5500 series required for printer !!OFFICE1!HP Photosmart C5500 series is unknown. Contact the administrator to install the driver before you log in again.

Error: (03/14/2015 09:23:41 AM) (Source: TermServDevices) (EventID: 1111) (User: )
Description: Driver AutoVue Document Converter 2.20 required for printer AutoVue Document Converter is unknown. Contact the administrator to install the driver before you log in again.

Microsoft Office Sessions:
=========================
Error: (03/14/2015 11:49:57 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avgui.exe13.0.0.3494hungapp0.0.0.000000000

Error: (03/12/2015 01:27:12 PM) (Source: Application Hang) (EventID: 1001) (User: )
Description: 656084621

Error: (03/12/2015 01:26:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avgui.exe13.0.0.3494hungapp0.0.0.000000000

Error: (03/12/2015 07:07:47 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avgui.exe13.0.0.3494hungapp0.0.0.000000000

Error: (03/12/2015 06:54:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avgui.exe13.0.0.3494hungapp0.0.0.000000000

Error: (03/11/2015 02:11:49 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: avgui.exe13.0.0.3494hungapp0.0.0.000000000

Error: (03/08/2015 01:33:05 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\CONFIG.MSI\2FE5B8F.RBS

Error: (03/08/2015 01:33:05 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Context:  Application, SystemIndex Catalog

Details:
 A device attached to the system is not functioning.   (0x8007001f)
C:\CONFIG.MSI\2FE5B8F.RBS

Error: (03/07/2015 11:38:50 AM) (Source: Windows Search Service) (EventID: 3024) (User: )
Description: Context:  Application, SystemIndex Catalog

Error: (03/07/2015 10:41:12 AM) (Source: HotFixInstaller) (EventID: 5000) (User: )
Description: visualstudio8setupmicrosoft .net framework 2.0-kb274259610331601msif9.0.40215.0installx86w2k30

==================== Memory info ===========================

Processor: Intel® Atom™ CPU 230 @ 1.60GHz
Percentage of memory in use: 59%
Total physical RAM: 2037.38 MB
Available physical RAM: 823.18 MB
Total Pagefile: 3936.09 MB
Available Pagefile: 2650.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.42 MB

==================== Drives ================================

Drive c: (SYS) (Fixed) (Total:20 GB) (Free:5.71 GB) NTFS
Drive d: (DATA) (Fixed) (Total:911.5 GB) (Free:1531.22 GB) NTFS
Drive j: (OFFSITEBACKUPDRIVE) (Fixed) (Total:931.51 GB) (Free:864.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: D85B4D10)
Partition 1: (Active) - (Size=20 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=911.5 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 41467B47)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 861DE06A)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:46 PM

Posted 20 March 2015 - 11:12 PM

Hi absolute_tom.

 

Please use Administrator account to run fix/scan.

 

We need to run a fix with FRST:

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

==========

 

After the fix was completed , please create new FRST log for me. Also please try copy some not important files there, do they got infected again?

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 absolute_tom

absolute_tom
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 21 March 2015 - 09:32 AM

Hi Siriwit,

 

I'm sorry but I was unable to wait any longer.  I installed Avast and it immediately found Win32:BProtect-D [Trj] and removed it.  The issue has been resolved.

 

Thank you for your assistance.



#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,158 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:09:46 PM

Posted 21 March 2015 - 09:33 AM

OK. No problem. :)

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,916 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:46 PM

Posted 21 March 2015 - 10:10 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users