Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Server 2008R2 infected w/Cutwail per CBL

Started by isaacgrover , Nov 14 2013 07:05 AM

  • Please log in to reply

#1
isaacgrover
Posted 14 November 2013 - 07:05 AM

isaacgrover

    New Member

  • Member
  • Pip
  • 1 posts
Greetings from Wisconsin.

We have a client server running Windows Server 2008 R2, Exchange 2010, file services, and Terminal Services (the culprit) that appears to now be infected with Cutwail. Watching the outbound traffic logs on the Sonicwall and Wireshark packet captures confirms this. The following programs have been run on the server: Rkill, RogueKiller, Hitman Pro, Combofix (won't run), NPE, JRT, FRST64, TrendMicro HouseCall, SuperAntiSpyware, MSERT, MBAM, and AdwCleaner. Yet the infection remains.

We have been fighting this infection for over six days, and it's affecting email for this organization of 40+ users.

CBL still reports "This IP is infected (or NATting for a computer that is infected) with the cutwail spambot. In other words, it's participating in a botnet."

The OTL logs are shown below. Thank you in advance.


OTL logfile created on: 11/14/2013 6:54:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Quality Computer Services
64bit- Server Standard Edition (full installation) Service Pack 1 (Version = 6.1.7601) - Type = NTDomainController
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.96 Gb Total Physical Memory | 9.03 Gb Available Physical Memory | 56.57% Memory free
31.91 Gb Paging File | 14.83 Gb Available in Paging File | 46.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40.00 Gb Total Space | 17.52 Gb Free Space | 43.80% Space Free | Partition Type: NTFS
Drive D: | 950.80 Gb Total Space | 862.97 Gb Free Space | 90.76% Space Free | Partition Type: NTFS
Drive E: | 1800.16 Gb Total Space | 1658.05 Gb Free Space | 92.11% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 931.39 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Computer Name: CHSERVER | User Name: PCadmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/14 06:53:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Quality Computer Services\OTL.exe
PRC - [2013/10/25 03:43:21 | 001,739,440 | ---- | M] (QNAP) -- C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
PRC - [2013/02/19 03:43:59 | 002,417,504 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/09/07 09:27:58 | 000,115,624 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/09/07 09:27:58 | 000,108,456 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/09/07 09:27:52 | 001,846,592 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/09/07 09:27:52 | 000,050,592 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2011/01/06 12:21:56 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\RD1000\Service\RDXmon.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/25 18:03:10 | 000,696,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dns.exe -- (DNS)
SRV:64bit: - [2013/10/10 16:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/07/31 13:33:18 | 000,113,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\MSExchangeADTopologyService.exe -- (MSExchangeADTopology)
SRV:64bit: - [2013/07/31 13:33:18 | 000,028,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\PopImap\Microsoft.Exchange.Imap4Service.exe -- (MSExchangeImap4)
SRV:64bit: - [2013/07/31 13:33:16 | 000,028,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\PopImap\Microsoft.Exchange.Pop3Service.exe -- (MSExchangePop3)
SRV:64bit: - [2013/07/31 13:32:54 | 000,110,688 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\exfba.exe -- (MSExchangeFBA)
SRV:64bit: - [2013/07/31 13:32:32 | 006,941,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\store.exe -- (MSExchangeIS)
SRV:64bit: - [2013/07/31 13:32:12 | 000,212,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\MSExchangeTransportLogSearch.exe -- (MSExchangeTransportLogSearch)
SRV:64bit: - [2013/07/31 13:31:42 | 000,035,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.ServiceHost.exe -- (MSExchangeServiceHost)
SRV:64bit: - [2013/07/31 13:31:42 | 000,032,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.ProtectedServiceHost.exe -- (MSExchangeProtectedServiceHost)
SRV:64bit: - [2013/07/31 13:30:48 | 000,794,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxAssistants.exe -- (MSExchangeMailboxAssistants)
SRV:64bit: - [2013/07/31 13:30:48 | 000,118,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\MSExchangeMailSubmission.exe -- (MSExchangeMailSubmission)
SRV:64bit: - [2013/07/31 13:30:48 | 000,048,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\MSExchangeThrottling.exe -- (MSExchangeThrottling)
SRV:64bit: - [2013/07/31 13:30:48 | 000,044,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe -- (MSExchangeAntispamUpdate)
SRV:64bit: - [2013/07/31 13:30:46 | 000,155,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.AddressBook.Service.exe -- (MSExchangeAB)
SRV:64bit: - [2013/07/31 13:30:46 | 000,089,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.RpcClientAccess.Service.exe -- (MSExchangeRPC)
SRV:64bit: - [2013/07/31 13:30:42 | 000,069,248 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\msexchangerepl.exe -- (MSExchangeRepl)
SRV:64bit: - [2013/07/31 13:30:38 | 000,131,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\wsbexchange.exe -- (wsbexchange)
SRV:64bit: - [2013/07/31 13:30:38 | 000,073,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.Monitoring.exe -- (MSExchangeMonitoring)
SRV:64bit: - [2013/07/31 13:30:38 | 000,027,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxReplication.exe -- (MSExchangeMailboxReplication)
SRV:64bit: - [2013/07/31 13:30:36 | 000,114,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.EdgeSyncSvc.exe -- (MSExchangeEdgeSync)
SRV:64bit: - [2013/07/31 13:30:34 | 000,081,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\MSExchangeTransport.exe -- (MSExchangeTransport)
SRV:64bit: - [2013/07/31 13:30:32 | 000,417,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.Search.ExSearch.exe -- (MSExchangeSearch)
SRV:64bit: - [2013/07/31 13:30:32 | 000,110,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\MsExchangeFDS.exe -- (MSExchangeFDS)
SRV:64bit: - [2013/07/31 13:30:28 | 001,371,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\mad.exe -- (MSExchangeSA)
SRV:64bit: - [2013/07/19 11:21:14 | 002,179,056 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV:64bit: - [2013/02/05 22:00:56 | 000,183,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft\Exchange Server\V14\Bin\msftesql.exe -- (msftesql-Exchange)
SRV:64bit: - [2010/11/20 21:25:21 | 001,020,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ntfrs.exe -- (NtFrs)
SRV:64bit: - [2010/11/20 21:24:37 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RpcProxy\LBService.dll -- (RPCHTTPLBS)
SRV:64bit: - [2010/11/20 21:24:34 | 000,729,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpssvc.dll -- (DHCPServer)
SRV:64bit: - [2010/11/20 21:24:34 | 000,694,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lserver.dll -- (TermServLicensing)
SRV:64bit: - [2010/11/20 21:24:30 | 004,518,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dfsrs.exe -- (DFSR)
SRV:64bit: - [2010/11/20 21:24:30 | 000,377,344 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dfssvc.exe -- (Dfs)
SRV:64bit: - [2010/11/20 21:24:30 | 000,059,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\ismserv.exe -- (IsmServ)
SRV:64bit: - [2010/11/20 21:24:30 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN)
SRV:64bit: - [2009/07/13 19:41:53 | 000,014,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sacsvr.dll -- (sacsvr)
SRV:64bit: - [2009/07/13 19:40:52 | 000,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FCRegSvc.dll -- (FCRegSvc)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/13 19:39:31 | 000,091,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rsopprov.exe -- (RSoPProv)
SRV - [2013/11/08 07:10:30 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\vds.exe -- (vds)
SRV - [2013/11/08 07:10:30 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\dfssvc.exe -- (Dfs)
SRV - [2013/11/08 07:10:29 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\spoolsv.exe -- (Spooler)
SRV - [2013/11/08 07:10:29 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ntfrs.exe -- (NtFrs)
SRV - [2013/11/08 07:10:29 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\msdtc.exe -- (MSDTC)
SRV - [2013/11/08 07:10:29 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ismserv.exe -- (IsmServ)
SRV - [2013/11/08 07:10:29 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2013/11/08 07:10:29 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\dns.exe -- (DNS)
SRV - [2013/11/08 07:10:29 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\dfsrs.exe -- (DFSR)
SRV - [2013/11/08 07:10:27 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)
SRV - [2013/11/08 07:10:27 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2013/11/08 07:10:27 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
SRV - [2013/11/08 07:10:27 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (NTDS)
SRV - [2013/11/08 07:10:27 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
SRV - [2013/11/08 07:10:27 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV - [2013/11/08 07:10:27 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (kdc)
SRV - [2013/11/08 07:10:27 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)
SRV - [2013/10/24 11:40:40 | 000,226,640 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2013/10/24 11:40:38 | 000,376,144 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/04/30 09:57:00 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2013/02/19 03:43:59 | 002,417,504 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/09/07 09:27:58 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/09/07 09:27:58 | 000,108,456 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/09/07 09:27:56 | 000,428,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2011/09/07 09:27:54 | 003,250,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/09/07 09:27:52 | 001,846,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2011/02/07 18:40:08 | 003,093,944 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2011/01/06 12:21:56 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RD1000\Service\RDXmon.exe -- (RDXmon)
SRV - [2010/11/20 21:25:07 | 000,487,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe -- (ADWS)
SRV - [2010/11/20 21:24:58 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 21:24:58 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 21:24:58 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/11/13 22:56:02 | 000,096,856 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR410.SYS -- (SMR410)
DRV:64bit: - [2013/11/07 15:23:23 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/25 18:03:11 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/10/24 11:41:00 | 000,107,368 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2013/04/30 09:57:00 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2013/04/30 09:56:42 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2013/03/15 14:08:00 | 000,055,048 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\percsas2.sys -- (percsas2)
DRV:64bit: - [2012/11/15 16:52:14 | 000,488,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1r62x64.sys -- (e1rexpress)
DRV:64bit: - [2012/10/05 01:33:02 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2012/06/29 01:23:42 | 000,321,992 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0153.sys -- (RsFx0153)
DRV:64bit: - [2011/10/14 17:40:22 | 000,022,256 | ---- | M] (Dell Inc.) [storport] [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bccfg3.sys -- (bccfg3)
DRV:64bit: - [2011/10/14 17:40:18 | 000,536,304 | ---- | M] (Dell Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcraid3.sys -- (bcraid3)
DRV:64bit: - [2011/09/08 18:11:54 | 000,248,320 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\G200eRm.sys -- (G200eR)
DRV:64bit: - [2011/09/07 09:28:02 | 000,054,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2011/09/07 09:27:58 | 000,482,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2011/09/07 09:27:58 | 000,453,240 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/09/07 09:27:58 | 000,032,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/09/07 09:27:56 | 000,053,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Teefer3.sys -- (Teefer3)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/11/20 21:24:30 | 000,066,944 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\dfsrro.sys -- (DfsrRo)
DRV:64bit: - [2010/11/20 21:24:30 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:24:00 | 000,181,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid)
DRV:64bit: - [2010/11/20 21:24:00 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2010/11/20 21:24:00 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 21:24:00 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:24:00 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 21:24:00 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 21:24:00 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/06/09 17:10:16 | 000,046,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\nm3.sys -- (nm3)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:47:48 | 000,051,776 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\dfs.sys -- (DfsDriver)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:45:45 | 000,096,320 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sacdrv.sys -- (sacdrv)
DRV:64bit: - [2009/06/10 14:35:30 | 000,035,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2013/11/07 16:36:25 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131113.023\ex64.sys -- (NAVEX15)
DRV - [2013/11/07 16:36:25 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/07 16:36:25 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131113.023\eng64.sys -- (NAVENG)
DRV - [2013/10/16 09:53:28 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/04/30 09:57:00 | 000,016,056 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2011/09/07 09:27:58 | 000,482,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2011/09/07 09:27:58 | 000,453,240 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2011/09/07 09:27:58 | 000,032,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3733454883-534023750-2195465039-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-3733454883-534023750-2195465039-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKU\S-1-5-21-3733454883-534023750-2195465039-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3733454883-534023750-2195465039-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKU\S-1-5-21-3733454883-534023750-2195465039-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = res://iesetup.dll/SoftAdmin.htm
IE - HKU\S-1-5-21-3733454883-534023750-2195465039-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3733454883-534023750-2195465039-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3733454883-534023750-2195465039-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [MtxHotPlugService] C:\Windows\SysNative\MtxHotPlugService.exe ()
O4:64bit: - HKLM..\Run: [tvncontrol] C:\Program Files\TightVNC\tvnserver.exe (GlavSoft LLC.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-3733454883-534023750-2195465039-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ShowSuperHidden = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1058 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Prescott.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F8422658-A794-407F-9A9D-89DEF8ECA573}: NameServer = 192.168.5.201,127.0.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (pwdssp.dll) - File not found
O29 - HKLM SecurityProviders - (pwdssp.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/13 23:13:14 | 000,000,000 | ---D | C] -- C:\FRST
[2013/11/13 22:56:02 | 000,096,856 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR410.SYS
[2013/11/13 22:28:27 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\AppData\Local\CrashDumps
[2013/11/13 14:50:51 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/13 14:37:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/08 06:45:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/11/08 05:46:16 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\AppData\Roaming\SUPERAntiSpyware.com
[2013/11/08 05:45:41 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/11/08 05:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/11/08 05:45:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/11/07 20:51:42 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\AppData\Roaming\Malwarebytes
[2013/11/07 20:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/07 20:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/07 20:50:06 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/07 20:50:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/07 20:49:55 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\AppData\Local\Programs
[2013/11/07 20:39:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LAN-Fax Utilities
[2013/11/07 20:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAN-Fax Utilities
[2013/11/07 15:25:39 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\AppData\Local\Symantec
[2013/11/07 15:25:33 | 000,233,120 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\wpshelper.sys
[2013/11/07 15:23:11 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/11/07 15:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/11/07 15:22:48 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.DLL
[2013/11/07 15:22:48 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll
[2013/11/07 15:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/11/07 15:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/11/07 15:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
[2013/11/07 15:22:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/11/07 15:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Symantec
[2013/11/07 15:18:37 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\WINDOWS
[2013/11/07 14:52:25 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\Documents\Network Monitor 3
[2013/11/07 14:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Network Monitor 3.4
[2013/11/07 14:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Network Monitor 3
[2013/11/07 14:34:13 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\AppData\Local\NPE
[2013/11/07 14:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/11/07 13:39:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TiPSSRecords
[2013/11/05 22:34:25 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\lserver
[2013/11/05 22:19:20 | 000,000,000 | ---D | C] -- C:\Program Files\Packaged Programs
[2013/11/05 22:19:19 | 000,000,000 | ---D | C] -- C:\Windows\application compatibility scripts
[2013/11/05 09:41:37 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\Documents\Visual Studio 2005
[2013/11/05 09:26:47 | 000,086,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-MSSQL10_50.SQL2008R2-sqlagtctr.dll
[2013/11/05 09:26:47 | 000,057,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL10_50.SQL2008R2-sqlagtctr.dll
[2013/11/05 09:26:31 | 000,088,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-MSSQL$SQL2008R2-sqlctr10.52.4000.0.dll
[2013/11/05 09:26:31 | 000,082,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL$SQL2008R2-sqlctr10.52.4000.0.dll
[2013/11/05 09:26:05 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\Documents\Integration Services Script Component
[2013/11/05 09:25:46 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\Documents\Integration Services Script Task
[2013/11/05 09:25:16 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\Documents\SQL Server Management Studio
[2013/11/05 09:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/11/05 09:22:41 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\Documents\Visual Studio 2008
[2013/11/05 09:22:26 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\AppData\Local\Microsoft Help
[2013/11/05 09:20:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2013/11/05 09:20:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/11/05 09:20:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2013/11/05 09:20:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2013/11/05 09:09:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2013/11/04 21:30:31 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\AppData\Local\Microsoft_Corporation
[2013/11/04 21:25:02 | 000,057,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
[2013/11/04 21:25:01 | 000,086,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-MSSQL10_50.SQLEXPRESS-sqlagtctr.dll
[2013/11/04 21:24:45 | 000,088,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4000.0.dll
[2013/11/04 21:24:45 | 000,082,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.52.4000.0.dll
[2013/11/04 21:23:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RsFx
[2013/11/04 21:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2013/11/04 21:23:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2013/11/04 21:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/11/04 21:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/11/04 21:22:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[2013/11/04 21:21:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2013/11/04 21:21:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2013/11/04 21:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
[2013/11/04 21:10:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2013/11/04 21:10:21 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/11/04 21:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2013/11/04 13:58:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrashPlan
[2013/11/04 13:58:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/11/04 13:55:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CrashPlan
[2013/11/04 13:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QNAP
[2013/11/04 13:54:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QNAP
[2013/11/04 11:21:11 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\TOSHIBA
[2013/11/01 12:16:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Exchange Server 2010
[2013/10/31 16:00:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\TransportRoles
[2013/10/31 10:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\CrashPlan
[2013/10/31 10:24:01 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\AppData\Roaming\CrashPlan
[2013/10/31 10:04:07 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\AppData\Local\WindowsUpdate
[2013/10/31 09:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/10/31 09:26:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RpcProxy
[2013/10/31 09:26:35 | 000,000,000 | ---D | C] -- C:\Windows\idmu
[2013/10/31 09:19:43 | 000,000,000 | ---D | C] -- C:\ExchangeSetupLogs
[2013/10/31 09:11:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exchange Readiness Tools
[2013/10/31 09:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013/10/31 08:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2013/10/31 08:23:22 | 000,193,592 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppdcompio.dll
[2013/10/31 08:23:21 | 000,593,184 | ---- | C] (HP) -- C:\Windows\SysWow64\hpcdmc32.dll
[2013/10/31 08:23:21 | 000,442,656 | ---- | C] (Hewlett-Packard Corporation) -- C:\Windows\SysNative\hpcpn155.dll
[2013/10/31 08:23:21 | 000,441,632 | ---- | C] (Hewlett Packard Corporation) -- C:\Windows\SysWow64\hpcc3155.dll
[2013/10/31 08:23:21 | 000,237,344 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpmlm135.dll
[2013/10/31 08:23:21 | 000,217,376 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmml155.dll
[2013/10/31 08:23:21 | 000,199,968 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmja155.dll
[2013/10/31 08:23:21 | 000,190,240 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpm081.dll
[2013/10/31 08:23:21 | 000,167,480 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysWow64\hppccompio.dll
[2013/10/31 08:23:21 | 000,162,080 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmtp155.dll
[2013/10/31 08:23:21 | 000,140,064 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpcjpm.dll
[2013/10/31 08:23:21 | 000,074,016 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpmpw081.dll
[2013/10/31 08:23:20 | 000,060,440 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\FxCompChannel_x64.dll
[2013/10/30 10:24:26 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/10/30 10:24:16 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/30 10:24:16 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/30 10:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RD1000
[2013/10/30 10:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RD1000
[2013/10/30 09:42:10 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\AppData\Roaming\TightVNC
[2013/10/30 09:39:23 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\AppData\Local\LogMeIn
[2013/10/30 09:39:22 | 000,035,656 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2013/10/30 09:39:21 | 000,107,368 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2013/10/30 09:39:21 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2013/10/30 09:39:19 | 000,092,488 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2013/10/30 09:39:16 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2013/10/30 09:39:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2013/10/30 09:34:40 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\AppData\Local\Deployment
[2013/10/30 09:34:40 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\AppData\Local\Apps
[2013/10/30 09:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2013/10/30 09:30:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2013/10/30 09:30:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\dhcp
[2013/10/30 09:29:57 | 000,000,000 | ---D | C] -- C:\inetpub
[2013/10/30 09:25:30 | 000,000,000 | R--D | C] -- C:\Users\PCadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/10/30 09:25:30 | 000,000,000 | R--D | C] -- C:\Users\PCadmin\Searches
[2013/10/30 09:25:30 | 000,000,000 | R--D | C] -- C:\Users\PCadmin\Contacts
[2013/10/30 09:25:30 | 000,000,000 | R--D | C] -- C:\Users\PCadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/10/30 09:25:30 | 000,000,000 | -H-D | C] -- C:\Users\PCadmin\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/10/30 09:25:21 | 000,000,000 | -HSD | C] -- C:\Users\PCadmin\AppData\Local\Temporary Internet Files
[2013/10/30 09:25:21 | 000,000,000 | -HSD | C] -- C:\Users\PCadmin\Templates
[2013/10/30 09:25:21 | 000,000,000 | -HSD | C] -- C:\Users\PCadmin\Start Menu
[2013/10/30 09:25:21 | 000,000,000 | -HSD | C] -- C:\Users\PCadmin\SendTo
[2013/10/30 09:25:21 | 000,000,000 | -HSD | C] -- C:\Users\PCadmin\Recent
[2013/10/30 09:25:21 | 000,000,000 | -HSD | C] -- C:\Users\PCadmin\PrintHood
[2013/10/30 09:25:21 | 000,000,000 | -HSD | C] -- C:\Users\PCadmin\NetHood
[2013/10/30 09:25:21 | 000,000,000 | -HSD | C] -- C:\Users\PCadmin\Local Settings
[2013/10/30 09:25:21 | 000,000,000 | -HSD | C] -- C:\Users\PCadmin\AppData\Local\History
[2013/10/30 09:25:21 | 000,000,000 | -HSD | C] -- C:\Users\PCadmin\Cookies
[2013/10/30 09:25:21 | 000,000,000 | -HSD | C] -- C:\Users\PCadmin\Application Data
[2013/10/30 09:25:21 | 000,000,000 | -HSD | C] -- C:\Users\PCadmin\AppData\Local\Application Data
[2013/10/30 09:25:20 | 000,000,000 | --SD | C] -- C:\Users\PCadmin\AppData\Roaming\Microsoft
[2013/10/30 09:25:20 | 000,000,000 | R--D | C] -- C:\Users\PCadmin\Videos
[2013/10/30 09:25:20 | 000,000,000 | R--D | C] -- C:\Users\PCadmin\Saved Games
[2013/10/30 09:25:20 | 000,000,000 | R--D | C] -- C:\Users\PCadmin\Pictures
[2013/10/30 09:25:20 | 000,000,000 | R--D | C] -- C:\Users\PCadmin\Music
[2013/10/30 09:25:20 | 000,000,000 | R--D | C] -- C:\Users\PCadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/10/30 09:25:20 | 000,000,000 | R--D | C] -- C:\Users\PCadmin\Links
[2013/10/30 09:25:20 | 000,000,000 | R--D | C] -- C:\Users\PCadmin\Favorites
[2013/10/30 09:25:20 | 000,000,000 | R--D | C] -- C:\Users\PCadmin\Downloads
[2013/10/30 09:25:20 | 000,000,000 | R--D | C] -- C:\Users\PCadmin\Documents
[2013/10/30 09:25:20 | 000,000,000 | R--D | C] -- C:\Users\PCadmin\Desktop
[2013/10/30 09:25:20 | 000,000,000 | R--D | C] -- C:\Users\PCadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/10/30 09:25:20 | 000,000,000 | -HSD | C] -- C:\Users\PCadmin\Documents\My Videos
[2013/10/30 09:25:20 | 000,000,000 | -HSD | C] -- C:\Users\PCadmin\Documents\My Pictures
[2013/10/30 09:25:20 | 000,000,000 | -HSD | C] -- C:\Users\PCadmin\Documents\My Music
[2013/10/30 09:25:20 | 000,000,000 | -HSD | C] -- C:\Users\PCadmin\My Documents
[2013/10/30 09:25:20 | 000,000,000 | -H-D | C] -- C:\Users\PCadmin\AppData
[2013/10/30 09:25:20 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\AppData\Local\Temp
[2013/10/30 09:25:20 | 000,000,000 | ---D | C] -- C:\Users\PCadmin\AppData\Local\Microsoft
[2013/10/30 09:16:50 | 000,000,000 | ---D | C] -- C:\Windows\ntfrs
[2013/10/30 09:16:45 | 000,000,000 | ---D | C] -- C:\Windows\SYSVOL
[2013/10/30 09:16:45 | 000,000,000 | ---D | C] -- C:\Windows\NTDS
[2013/10/30 09:16:29 | 004,889,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gppref.dll
[2013/10/30 09:16:29 | 004,342,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gppref.dll
[2013/10/30 09:16:29 | 003,787,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\propshts.dll
[2013/10/30 09:16:29 | 002,548,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\propshts.dll
[2013/10/30 09:16:29 | 000,901,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefbr.dll
[2013/10/30 09:16:29 | 000,627,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefbr.dll
[2013/10/30 09:16:29 | 000,302,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpregistrybrowser.dll
[2013/10/30 09:16:29 | 000,236,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefcn.dll
[2013/10/30 09:16:29 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpregistrybrowser.dll
[2013/10/30 09:16:29 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefcn.dll
[2013/10/30 09:16:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\dns
[2013/10/30 09:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2013/10/30 09:13:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2013/10/30 09:13:46 | 000,000,000 | ---D | C] -- C:\Windows\ADWS
[2013/10/30 09:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2013/10/30 09:13:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2013/10/30 08:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\TightVNC
[2013/10/30 08:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TightVNC
[2013/10/30 08:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\TightVNC
[2013/10/30 08:20:39 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/10/30 08:20:39 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/10/30 08:20:39 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013/10/30 08:20:37 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/10/30 08:20:37 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/10/30 08:20:37 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013/10/30 08:20:35 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/10/30 08:20:35 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/10/25 18:03:22 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/25 18:03:22 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/25 18:03:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/25 18:03:22 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/10/25 18:03:22 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/10/25 18:03:22 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/10/25 18:03:22 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/10/25 18:03:21 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/10/25 18:03:21 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/10/25 18:03:21 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/10/25 18:03:21 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/10/25 18:03:21 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/10/25 18:03:20 | 002,738,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdsai.dll
[2013/10/25 18:03:19 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/25 18:03:19 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/25 18:03:19 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/25 18:03:19 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/10/25 18:03:19 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/10/25 18:03:19 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/10/25 18:03:19 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/10/25 18:03:19 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/10/25 18:03:19 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/10/25 18:03:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/10/25 18:03:19 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/10/25 18:03:19 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/10/25 18:03:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/10/25 18:03:18 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013/10/25 18:03:17 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/10/25 18:03:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013/10/25 18:03:17 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013/10/25 18:03:13 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/10/25 18:03:13 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013/10/25 18:03:13 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/10/25 18:03:13 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013/10/25 18:03:13 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/10/25 18:03:13 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/10/25 18:03:13 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013/10/25 18:03:13 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/25 18:03:13 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/10/25 18:03:13 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013/10/25 18:03:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/25 18:03:13 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/10/25 18:03:13 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/25 18:03:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/10/25 18:03:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/25 18:03:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/10/25 18:03:13 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/10/25 18:03:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/10/25 18:03:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/10/25 18:03:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/25 18:03:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/10/25 18:03:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/25 18:03:12 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/25 18:03:12 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/25 18:03:12 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2013/10/25 18:03:12 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2013/10/25 18:03:12 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/25 18:03:12 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/25 18:03:12 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2013/10/25 18:03:12 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2013/10/25 18:03:12 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2013/10/25 18:03:12 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/25 18:03:12 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/25 18:03:12 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2013/10/25 18:03:12 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2013/10/25 18:03:12 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2013/10/25 18:03:12 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2013/10/25 18:03:12 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2013/10/25 18:03:12 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2013/10/25 18:03:12 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2013/10/25 18:03:11 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/25 18:03:11 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/25 18:03:11 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/10/25 18:03:11 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/10/25 18:03:11 | 000,155,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/10/25 18:03:11 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/10/25 18:03:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013/10/25 18:03:11 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013/10/25 18:03:11 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013/10/25 18:03:11 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2013/10/25 18:03:10 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2013/10/25 18:03:10 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2013/10/25 18:03:10 | 000,696,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dns.exe
[2013/10/25 18:03:10 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2013/10/25 18:03:10 | 000,190,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013/10/25 18:03:10 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2013/10/25 18:03:10 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013/10/25 18:03:10 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2013/10/25 18:03:10 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2013/10/25 18:03:10 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\svchost.exe
[2013/10/25 18:03:10 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2013/10/25 18:03:08 | 000,800,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/10/25 18:03:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINTAM.DLL
[2013/10/25 18:03:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINMAL.DLL
[2013/10/25 18:03:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINDEV.DLL
[2013/10/25 18:03:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINBEN.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINTEL.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINTAM.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINPUN.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINORI.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINORI.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINMAR.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINMAR.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINMAL.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINKAN.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINKAN.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINHIN.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINHIN.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINGUJ.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINEN.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINDEV.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINBEN.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINBE2.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINBE1.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINASA.DLL
[2013/10/25 18:03:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINTEL.DLL
[2013/10/25 18:03:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINPUN.DLL
[2013/10/25 18:03:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINGUJ.DLL
[2013/10/25 18:03:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINBE2.DLL
[2013/10/25 18:03:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINBE1.DLL
[2013/10/25 18:03:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINASA.DLL
[2013/10/25 18:01:15 | 000,000,000 | ---D | C] -- C:\Install
[2013/10/25 18:01:12 | 000,488,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\e1r62x64.sys
[2013/10/25 18:01:12 | 000,101,224 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicInE1R.dll
[2013/10/25 18:01:12 | 000,036,472 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicCo36.dll
[2013/10/25 18:01:02 | 000,055,048 | ---- | C] (LSI Corporation) -- C:\Windows\SysNative\drivers\percsas2.sys
[2013/10/25 18:01:00 | 000,536,304 | ---- | C] (Dell Inc.) -- C:\Windows\SysNative\drivers\bcraid3.sys
[2013/10/25 18:01:00 | 000,022,256 | ---- | C] (Dell Inc.) -- C:\Windows\SysNative\drivers\bccfg3.sys
[2013/10/25 18:00:57 | 000,374,272 | ---- | C] (Matrox Graphics Inc.) -- C:\Windows\SysNative\MtxCIP2.dll
[2013/10/25 18:00:57 | 000,248,320 | ---- | C] (Matrox Graphics Inc.) -- C:\Windows\SysNative\drivers\G200eRm.sys
[2013/10/25 18:00:57 | 000,220,160 | ---- | C] (Matrox Graphics Inc.) -- C:\Windows\SysNative\G200eRd.dll
[2013/10/25 17:53:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oem
[2013/10/25 17:53:00 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/10/25 17:53:00 | 000,000,000 | ---D | C] -- C:\Drivers
[2013/10/25 17:53:00 | 000,000,000 | ---D | C] -- C:\DELL
[2013/10/25 17:14:07 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/10/25 17:13:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\PDesk
[2013/10/25 17:11:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/10/25 15:20:09 | 000,544,568 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\PROUnstl.exe
[2013/10/25 15:20:03 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/10/25 15:19:55 | 000,000,000 | ---D | C] -- C:\Program Files\Intel

========== Files - Modified Within 30 Days ==========

[2013/11/13 23:01:06 | 000,020,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 23:01:06 | 000,020,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 22:58:36 | 002,745,420 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/13 22:58:36 | 002,112,226 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/13 22:58:36 | 000,582,320 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/13 22:56:04 | 000,000,020 | ---- | M] () -- C:\Windows\SysNative\drivers\SMR410.dat
[2013/11/13 22:56:02 | 000,096,856 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR410.SYS
[2013/11/13 22:51:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/11 07:30:25 | 010,846,299 | ---- | M] () -- C:\Users\PCadmin\AppData\Local\census.cache
[2013/11/11 02:52:18 | 000,057,100 | ---- | M] () -- C:\Users\PCadmin\AppData\Local\ars.cache
[2013/11/08 07:10:31 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\rdpclip.exe
[2013/11/08 07:10:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\vds.exe
[2013/11/08 07:10:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\taskhost.exe
[2013/11/08 07:10:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\MtxHotPlugService.exe
[2013/11/08 07:10:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dwm.exe
[2013/11/08 07:10:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dfssvc.exe
[2013/11/08 07:10:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\spoolsv.exe
[2013/11/08 07:10:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\ntfrs.exe
[2013/11/08 07:10:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\msdtc.exe
[2013/11/08 07:10:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\ismserv.exe
[2013/11/08 07:10:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dns.exe
[2013/11/08 07:10:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dfsrs.exe
[2013/11/08 07:10:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\winlogon.exe
[2013/11/08 07:10:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\smss.exe
[2013/11/08 07:10:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\services.exe
[2013/11/08 07:10:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\lsm.exe
[2013/11/08 07:10:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\lsass.exe
[2013/11/08 07:10:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\LogonUI.exe
[2013/11/08 07:10:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\csrss.exe
[2013/11/08 07:10:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\conhost.exe
[2013/11/08 07:04:52 | 000,000,036 | ---- | M] () -- C:\Users\PCadmin\AppData\Local\housecall.guid.cache
[2013/11/08 05:45:42 | 000,001,826 | ---- | M] () -- C:\Users\PCadmin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/11/07 20:50:09 | 000,001,129 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/07 15:23:23 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/11/07 15:23:23 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/11/07 15:23:23 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/11/05 22:46:28 | 000,005,076 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/11/05 22:22:06 | 000,266,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/05 09:09:40 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2013/11/04 11:41:07 | 000,000,648 | -H-- | M] () -- C:\Users\PCadmin\Documents\SWWATER.INI
[2013/11/04 11:17:26 | 000,303,104 | ---- | M] () -- C:\Windows\SysNative\eST3snm.dll
[2013/11/04 11:17:20 | 000,562,176 | ---- | M] () -- C:\Windows\SysNative\eST4snm6.dll
[2013/10/31 10:24:29 | 000,001,847 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2013/10/31 09:56:00 | 001,765,592 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/31 08:23:34 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI
[2013/10/30 21:18:07 | 000,048,079 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/10/30 21:18:07 | 000,048,079 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/10/30 09:39:18 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/10/30 09:31:59 | 000,001,439 | ---- | M] () -- C:\Users\PCadmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/10/30 09:16:27 | 004,889,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gppref.dll
[2013/10/30 09:16:27 | 004,342,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gppref.dll
[2013/10/30 09:16:27 | 003,787,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\propshts.dll
[2013/10/30 09:16:27 | 002,548,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\propshts.dll
[2013/10/30 09:16:27 | 000,901,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefbr.dll
[2013/10/30 09:16:27 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefbr.dll
[2013/10/30 09:16:27 | 000,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gpregistrybrowser.dll
[2013/10/30 09:16:27 | 000,236,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefcn.dll
[2013/10/30 09:16:27 | 000,225,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gpregistrybrowser.dll
[2013/10/30 09:16:27 | 000,166,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefcn.dll
[2013/10/30 09:13:41 | 012,599,296 | ---- | M] () -- C:\Windows\SysNative\ntds.dit
[2013/10/30 09:13:41 | 000,000,435 | ---- | M] () -- C:\Windows\SysNative\dsac.exe.config
[2013/10/25 18:04:44 | 000,031,412 | RH-- | M] () -- C:\dell.sdr
[2013/10/25 18:03:22 | 000,735,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/25 18:03:22 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/25 18:03:22 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/25 18:03:22 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/10/25 18:03:22 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/10/25 18:03:22 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/10/25 18:03:22 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/10/25 18:03:21 | 000,751,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/10/25 18:03:21 | 000,492,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/10/25 18:03:21 | 000,288,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/10/25 18:03:21 | 000,265,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013/10/25 18:03:21 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/10/25 18:03:20 | 002,738,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdsai.dll
[2013/10/25 18:03:19 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/25 18:03:19 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/25 18:03:19 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/25 18:03:19 | 003,717,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/10/25 18:03:19 | 003,217,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/10/25 18:03:19 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/10/25 18:03:19 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/10/25 18:03:19 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/10/25 18:03:19 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/10/25 18:03:19 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/10/25 18:03:19 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/10/25 18:03:19 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/10/25 18:03:19 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/10/25 18:03:18 | 000,376,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2013/10/25 18:03:17 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/10/25 18:03:17 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2013/10/25 18:03:17 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2013/10/25 18:03:13 | 001,161,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/10/25 18:03:13 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2013/10/25 18:03:13 | 000,424,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/10/25 18:03:13 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2013/10/25 18:03:13 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/10/25 18:03:13 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/10/25 18:03:13 | 000,246,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013/10/25 18:03:13 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/25 18:03:13 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/10/25 18:03:13 | 000,175,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013/10/25 18:03:13 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/25 18:03:13 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/10/25 18:03:13 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/25 18:03:13 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/10/25 18:03:13 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/25 18:03:13 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/10/25 18:03:13 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/10/25 18:03:13 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/10/25 18:03:13 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/10/25 18:03:13 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/25 18:03:13 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/10/25 18:03:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/10/25 18:03:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/10/25 18:03:13 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/25 18:03:12 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/25 18:03:12 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/25 18:03:12 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2013/10/25 18:03:12 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2013/10/25 18:03:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/25 18:03:12 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/25 18:03:12 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2013/10/25 18:03:12 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2013/10/25 18:03:12 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2013/10/25 18:03:12 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/25 18:03:12 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/25 18:03:12 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2013/10/25 18:03:12 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2013/10/25 18:03:12 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2013/10/25 18:03:12 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2013/10/25 18:03:12 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2013/10/25 18:03:12 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2013/10/25 18:03:12 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2013/10/25 18:03:11 | 000,911,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/25 18:03:11 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/25 18:03:11 | 000,609,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/10/25 18:03:11 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/10/25 18:03:11 | 000,155,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/10/25 18:03:11 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/10/25 18:03:11 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2013/10/25 18:03:11 | 000,059,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2013/10/25 18:03:11 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2013/10/25 18:03:11 | 000,023,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2013/10/25 18:03:10 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2013/10/25 18:03:10 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2013/10/25 18:03:10 | 000,696,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dns.exe
[2013/10/25 18:03:10 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2013/10/25 18:03:10 | 000,190,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2013/10/25 18:03:10 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2013/10/25 18:03:10 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2013/10/25 18:03:10 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2013/10/25 18:03:10 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2013/10/25 18:03:10 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\svchost.exe
[2013/10/25 18:03:10 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2013/10/25 18:03:08 | 000,800,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/10/25 18:03:08 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINTAM.DLL
[2013/10/25 18:03:08 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINMAL.DLL
[2013/10/25 18:03:08 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINDEV.DLL
[2013/10/25 18:03:08 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINBEN.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINTEL.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINTAM.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINPUN.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINORI.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINORI.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINMAR.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINMAR.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINMAL.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINKAN.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINKAN.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINHIN.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINHIN.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINGUJ.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINEN.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINDEV.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINBEN.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINBE2.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINBE1.DLL
[2013/10/25 18:03:08 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KBDINASA.DLL
[2013/10/25 18:03:08 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINTEL.DLL
[2013/10/25 18:03:08 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINPUN.DLL
[2013/10/25 18:03:08 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINGUJ.DLL
[2013/10/25 18:03:08 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINBE2.DLL
[2013/10/25 18:03:08 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINBE1.DLL
[2013/10/25 18:03:08 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDINASA.DLL
[2013/10/25 15:20:44 | 000,000,312 | ---- | M] () -- C:\Windows\IntelNICInventory.xml
[2013/10/24 11:41:00 | 000,107,368 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2013/10/24 11:40:44 | 000,092,488 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2013/10/24 11:40:44 | 000,035,656 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll

========== Files Created - No Company Name ==========

[2013/11/13 22:56:03 | 000,000,020 | ---- | C] () -- C:\Windows\SysNative\drivers\SMR410.dat
[2013/11/08 07:21:50 | 010,846,299 | ---- | C] () -- C:\Users\PCadmin\AppData\Local\census.cache
[2013/11/08 07:21:41 | 000,057,100 | ---- | C] () -- C:\Users\PCadmin\AppData\Local\ars.cache
[2013/11/08 07:10:31 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\rdpclip.exe
[2013/11/08 07:10:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\vds.exe
[2013/11/08 07:10:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\taskhost.exe
[2013/11/08 07:10:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\MtxHotPlugService.exe
[2013/11/08 07:10:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dwm.exe
[2013/11/08 07:10:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dfssvc.exe
[2013/11/08 07:10:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\spoolsv.exe
[2013/11/08 07:10:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ntfrs.exe
[2013/11/08 07:10:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\msdtc.exe
[2013/11/08 07:10:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\ismserv.exe
[2013/11/08 07:10:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dns.exe
[2013/11/08 07:10:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dfsrs.exe
[2013/11/08 07:10:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
[2013/11/08 07:10:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
[2013/11/08 07:10:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\services.exe
[2013/11/08 07:10:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsm.exe
[2013/11/08 07:10:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2013/11/08 07:10:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\LogonUI.exe
[2013/11/08 07:10:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2013/11/08 07:10:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\conhost.exe
[2013/11/08 07:04:52 | 000,000,036 | ---- | C] () -- C:\Users\PCadmin\AppData\Local\housecall.guid.cache
[2013/11/08 05:45:42 | 000,001,826 | ---- | C] () -- C:\Users\PCadmin\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/11/07 20:50:09 | 000,001,129 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/07 15:23:11 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/11/07 15:23:11 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/11/05 09:09:40 | 000,001,180 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2013/11/05 09:09:40 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2013/11/04 11:41:07 | 000,000,648 | -H-- | C] () -- C:\Users\PCadmin\Documents\SWWATER.INI
[2013/10/31 10:24:29 | 000,001,847 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2013/10/31 09:31:11 | 001,765,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/31 08:23:34 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2013/10/30 09:39:17 | 000,001,024 | ---- | C] () -- C:\.rnd
[2013/10/30 09:39:12 | 000,000,990 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn.lnk
[2013/10/30 09:31:59 | 000,001,439 | ---- | C] () -- C:\Users\PCadmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/10/30 09:25:37 | 000,001,411 | ---- | C] () -- C:\Users\PCadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/10/30 09:25:32 | 000,001,445 | ---- | C] () -- C:\Users\PCadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/10/30 09:25:20 | 000,001,304 | ---- | C] () -- C:\Users\PCadmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Server Manager.lnk
[2013/10/30 09:25:20 | 000,000,290 | ---- | C] () -- C:\Users\PCadmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/10/30 09:25:20 | 000,000,272 | ---- | C] () -- C:\Users\PCadmin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/10/30 09:22:44 | 000,005,076 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/10/30 09:13:45 | 012,599,296 | ---- | C] () -- C:\Windows\SysNative\ntds.dit
[2013/10/30 09:13:45 | 000,000,435 | ---- | C] () -- C:\Windows\SysNative\dsac.exe.config
[2013/10/25 18:04:44 | 000,031,412 | RH-- | C] () -- C:\dell.sdr
[2013/10/25 18:01:12 | 000,003,097 | ---- | C] () -- C:\Windows\SysNative\e1r62x64.din
[2013/10/25 18:00:57 | 000,038,984 | ---- | C] () -- C:\Windows\SysNative\MtxHotPlugService.exe
[2013/10/25 15:20:44 | 000,000,312 | ---- | C] () -- C:\Windows\IntelNICInventory.xml
[2013/10/25 15:20:10 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din
[2013/10/10 12:35:10 | 000,009,584 | ---- | C] () -- C:\Windows\SysWow64\ractrlkeyhook.dll
[2013/02/01 12:28:24 | 000,278,016 | ---- | C] () -- C:\Windows\prouninst.exe

========== ZeroAccess Check ==========

[2009/07/13 22:58:08 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 21:24:02 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 21:24:06 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:24 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >



OTL Extras logfile created on: 11/14/2013 6:54:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Quality Computer Services
64bit- Server Standard Edition (full installation) Service Pack 1 (Version = 6.1.7601) - Type = NTDomainController
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.96 Gb Total Physical Memory | 9.03 Gb Available Physical Memory | 56.57% Memory free
31.91 Gb Paging File | 14.83 Gb Available in Paging File | 46.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40.00 Gb Total Space | 17.52 Gb Free Space | 43.80% Space Free | Partition Type: NTFS
Drive D: | 950.80 Gb Total Space | 862.97 Gb Free Space | 90.76% Space Free | Partition Type: NTFS
Drive E: | 1800.16 Gb Total Space | 1658.05 Gb Free Space | 92.11% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 931.39 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Computer Name: CHSERVER | User Name: PCadmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BA6157-93CF-436D-B3D1-C3AC0726405E}" = lport=rpc-epmap | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\microsoft.exchange.addressbook.service.exe |
"{05E09570-AFE6-4C82-96E1-4762E34BABB0}" = lport=110 | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\clientaccess\popimap\microsoft.exchange.pop3service.exe |
"{089CB9B2-513D-4A5C-B744-4A348F3F549A}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\microsoft.exchange.management.monitoring.exe |
"{0A99EE71-0C8F-4973-9245-0BBC45452B92}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\microsoft.exchange.addressbook.service.exe |
"{0D791894-327F-4A72-9629-ACE3F8BA1276}" = lport=64327 | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msexchangerepl.exe |
"{1BBF166D-A0FF-437B-B99F-78CDD3555599}" = lport=808 | protocol=6 | dir=in | name=msexchangemailboxreplication (gfw) (tcp-in) |
"{1F084990-D7E7-4569-9E23-FC0461D2B7C6}" = lport=80 | protocol=6 | dir=in | name=open port 80 |
"{20461CD1-AB17-4AEC-A0CE-FDDF2BB61EFC}" = lport=808 | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msexchangemailboxreplication.exe |
"{259C9A85-4B51-4A4B-BDFC-AF5390639C20}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\microsoft.exchange.rpcclientaccess.service.exe |
"{274FCDA4-5876-4DCF-9CB7-EBA34A2AECD8}" = lport=25 | protocol=6 | dir=in | name=msexchangetransportworker (gfw) (tcp-in) |
"{2ADE851E-B03F-408C-960C-6AF9F9F10CC2}" = lport=1434 | protocol=6 | dir=in | name=sql admin connection |
"{2BE49269-637F-4884-9246-63E496220325}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\microsoft.exchange.servicehost.exe |
"{2D59A4A0-9515-4464-AD3C-40CBBD60DD9B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msexchangemailboxassistants.exe |
"{2FE1E2F6-10FF-41CA-89A7-874753538A9D}" = lport=rpc-epmap | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msexchangemailboxassistants.exe |
"{31E88BF8-BB4F-46E6-8ED3-CC669AF6F5A2}" = lport=rpc-epmap | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msexchangerepl.exe |
"{3430AAA3-64F1-4D74-B898-955DE8A87D8A}" = lport=5075 | protocol=6 | dir=in | svc=msexchangeowaapppool | app=c:\windows\system32\inetsrv\w3wp.exe |
"{35428875-64C1-4263-A046-4C750C3AFDFF}" = lport=2383 | protocol=6 | dir=in | name=analysis services |
"{3F6ED109-16EF-4EF5-9EAE-E2D1B0584FD1}" = lport=64337 | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msexchangerepl.exe |
"{450D8480-7F01-4D61-BE34-F0FB86F31945}" = lport=6001 | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\store.exe |
"{47867BA1-B677-4E76-B131-E03B41535F34}" = lport=rpc-epmap | protocol=6 | dir=in | name=msexchangerpcepmap (gfw) (tcp-in) |
"{496EB2FA-C89D-4B9C-84E6-5892E167ED7A}" = lport=rpc-epmap | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\store.exe |
"{4A55D850-E1D6-4FD5-8C18-B3BD810436ED}" = lport=rpc | protocol=6 | dir=in | svc=rpchttplbs | app=c:\windows\system32\svchost.exe |
"{4FD5B4C0-EE7B-44B8-B7E1-836300FC724C}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\inetsrv\inetinfo.exe |
"{54237B34-EC19-4084-8DF9-F061B3CCD5D7}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msexchangethrottling.exe |
"{579899C4-9630-494A-BE7D-321671A3D6D4}" = lport=25 | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\edgetransport.exe |
"{57EA66F9-B198-48AA-82FB-697C8FD9D09D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\microsoft.exchange.edgesyncsvc.exe |
"{625A3E77-2C56-4013-B2EF-1AE43478AAA9}" = lport=rpc-epmap | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msexchangemailsubmission.exe |
"{640D32D4-7995-4405-8C3C-EAEE6825CE6D}" = lport=135 | protocol=6 | dir=in | name=sql debugger/rpc |
"{644F18AA-8D2A-4BA0-B403-2BD67FC986ED}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msexchangerepl.exe |
"{65E133F5-C7C9-4254-9417-E2D11245FA71}" = lport=rpc-epmap | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\microsoft.exchange.edgesyncsvc.exe |
"{66BB0CE0-47E3-48C1-A401-CA4072910058}" = lport=80 | protocol=6 | dir=in | name=http |
"{6C0668F8-7F02-4A67-A240-585350D353F3}" = lport=5075 | protocol=6 | dir=in | name=msexchange - owa (gfw) (tcp-in) |
"{77054000-21D3-4E22-BA00-B0642E44FB78}" = lport=6001 | protocol=6 | dir=in | name=msexchangeis (gfw) (tcp-in) |
"{83A39D30-80C5-4777-9C41-E9B051419118}" = lport=rpc-epmap | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msexchangemigration.exe |
"{8501F5ED-AB7F-4ED3-BC66-0142B5612B34}" = lport=rpc-epmap | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\edgetransport.exe |
"{8DC9D724-B96F-492A-BA52-4D62BDE69F46}" = lport=rpc-epmap | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msftefd.exe |
"{918511EA-3240-484B-B0EC-95E505AD5492}" = lport=143 | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\clientaccess\popimap\microsoft.exchange.imap4service.exe |
"{961F163A-2554-42D5-A0F4-0B1D12528359}" = lport=rpc-epmap | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msexchangetransportlogsearch.exe |
"{9623DD8E-5F7C-45E6-9F5B-AA127C8A71FC}" = lport=4022 | protocol=6 | dir=in | name=sql service broker |
"{967A06C0-4BBA-4D8B-96A3-4EBD7FE17F08}" = lport=3389 | protocol=6 | dir=in | svc=termservice | app=%systemroot%\system32\svchost.exe |
"{982A5858-0C9B-4C7A-91FB-A85EAE9008A5}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msexchangemigration.exe |
"{A0174934-D751-4A4D-9A1A-186E1882F48D}" = lport=rpc-epmap | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\microsoft.exchange.servicehost.exe |
"{A1837190-7C31-4A41-B96D-7C1C3EE46443}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\edgetransport.exe |
"{A3B1A351-8FD1-447C-9536-53F4C94C26F9}" = lport=3389 | protocol=6 | dir=in | app=system |
"{A9847F5B-9995-4663-A458-9B33627E18CA}" = lport=2382 | protocol=6 | dir=in | name=sql browser |
"{B0127223-6605-456D-94F5-56D26EE8BD02}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msexchangemailsubmission.exe |
"{B4E5E309-B529-4B81-BE35-B0CDD0B85E2C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=%systemroot%\system32\svchost.exe |
"{B50B1767-F2EA-4A11-9879-C399A8E30487}" = lport=443 | protocol=6 | dir=in | name=ssl |
"{BB257112-7262-42C7-BD01-F5ACFD9C5354}" = lport=1434 | protocol=17 | dir=in | name=sql browser |
"{BE5D69CA-6D72-445E-AA80-ACF16AE51244}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msexchangeadtopologyservice.exe |
"{C002F3EE-CCEB-4877-B4CD-903AFBC9CD24}" = lport=110 | protocol=6 | dir=in | name=msexchange - pop3 (gfw) (tcp-in) |
"{C2320B0D-50D6-4175-822E-6155F2BEAEE5}" = lport=1433 | protocol=6 | dir=in | name=sql server |
"{C404D13F-D9A8-48D4-9DEB-7724734B43CF}" = lport=rpc-epmap | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msexchangethrottling.exe |
"{C6E689D0-D2B4-4BDE-85B1-72A2C4B46F23}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\microsoft.exchange.search.exsearch.exe |
"{D4CC1BE6-A45A-4CF6-82B5-C600C4015426}" = lport=6001 | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\microsoft.exchange.rpcclientaccess.service.exe |
"{D666E071-84E9-4018-BDA2-13D0818AF142}" = lport=3399 | protocol=6 | dir=in | name=rdp-chserver |
"{D8D701FF-C430-4F49-BD25-F075702A305D}" = lport=rpc | protocol=6 | dir=in | name=msexchangerpc (gfw) (tcp-in) |
"{D9B2478C-FC58-47F2-B501-276DD4E6CE3D}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\store.exe |
"{E0996646-6D28-470D-8283-FB7BC138103E}" = lport=443 | protocol=6 | dir=in | name=https |
"{E59D7A50-D353-4BA3-9816-A5F567C4F457}" = lport=rpc-epmap | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\microsoft.exchange.rpcclientaccess.service.exe |
"{EA332551-FCA9-4DAF-89F6-618907641956}" = lport=143 | protocol=6 | dir=in | name=msexchange - imap4 (gfw) (tcp-in) |
"{EF63506B-68D4-4051-A69F-7B6AFB6B541C}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msftefd.exe |
"{F3A199E9-C39B-4FA1-9EDA-0D0566410403}" = lport=80 | protocol=6 | dir=in | name=http |
"{FCE5C6EC-8F95-4E2C-AB6D-BB69EDE66ACE}" = lport=6002 | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\microsoft.exchange.addressbook.service.exe |
"{FE5A4F98-2D68-4A27-8B57-68C6626A3AE9}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msexchangetransportlogsearch.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16973819-C6CE-466E-BDB1-94C2F4F36BE5}" = protocol=17 | dir=in | app=c:\program files\microsoft sql server\mssql10_50.sql2008r2\mssql\binn\sqlservr.exe |
"{1A679B27-B96B-4B33-A980-5B178EC41BFE}" = dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msftesql.exe |
"{1EEEB30C-B61A-415E-9429-B4EDD75C199A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{1FEE2834-DCD6-4014-B36C-E2FC8A45525B}" = dir=in | app=c:\program files\microsoft\exchange server\v14\bin\store.exe |
"{240020E8-9439-421D-AB4F-475C9F27D2E7}" = dir=in | app=c:\program files\microsoft\exchange server\v14\bin\mad.exe |
"{3A0D4A5D-CE26-4318-8594-F914586919F3}" = protocol=6 | dir=in | app=c:\program files (x86)\crashplan\crashplantray.exe |
"{3EDC9176-0ACC-45B4-B9FE-8ED9E8913E3A}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{519A5118-425F-4EBE-BDCD-EE187F81AD22}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{717A90E8-BE41-4CB9-8A56-F6534C5E2476}" = protocol=17 | dir=in | app=c:\program files (x86)\crashplan\crashplanservice.exe |
"{83B6B878-F018-41AE-AED0-282E4C6CB332}" = protocol=6 | dir=in | app=c:\program files\microsoft sql server\mssql10_50.sql2008r2\mssql\binn\sqlservr.exe |
"{901F910D-EA43-47E3-AEFE-0B127FD7B6EF}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe |
"{908C3CF5-93E4-45D5-9692-E7F08FD02682}" = dir=in | app=c:\program files\microsoft\exchange server\v14\bin\msftesql.exe |
"{95643C6B-FF32-4F16-98C6-91CFBD2B20B3}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe |
"{9681D1B7-FDE5-4658-BB44-3C5DBA0D8DB9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{A2B53EB8-22F4-4A9B-B812-DE76DF2EFD99}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{A55C74F9-B031-4E78-BAA1-34BEED2F59AD}" = protocol=6 | dir=in | app=c:\program files (x86)\crashplan\crashplanservice.exe |
"{AB554DB5-4DAB-47A8-8D0F-367BDF0890BA}" = dir=in | app=c:\program files\microsoft\exchange server\v14\bin\store.exe |
"{B2D58D79-2A74-4BBF-AB89-F9661AEAA749}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{BCC68086-D9F7-40EA-825A-5285584D60C6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{C71C0F91-6790-47A7-A403-D711A3DA787B}" = dir=in | app=c:\program files\tightvnc\tvnserver.exe |
"{DD598082-9D4E-4940-932D-E6ADA7902C9F}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe |
"{E78C3132-AA74-4294-8220-B1A2F6C9D28B}" = protocol=17 | dir=in | app=c:\program files (x86)\crashplan\crashplantray.exe |
"{FFFB9FE9-8413-46F9-BE1F-CF516B3F591B}" = dir=in | app=c:\program files\microsoft\exchange server\v14\bin\mad.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14F288C7-C695-40D5-971D-8890605C6040}" = Microsoft Exchange 2007 Enterprise Block List Updates
"{234F6B0D-10AE-4BB7-B2F3-E48D4861952D}" = SQL Server 2008 R2 SP2 Common Files
"{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}" = Microsoft SQL Server VSS Writer
"{345F3F90-0505-4EDF-B7A9-5E3AC1AC6CE4}" = 64 Bit HP CIO Components Installer
"{36F70DEE-1EBF-4707-AFA2-E035EEAEBAA1}" = SQL Server 2008 R2 SP2 Common Files
"{4934D1EA-BE46-48B1-8847-F1AF20E892C1}" = Microsoft Exchange Server
"{51E5BC99-A087-4CFF-8D93-462903EA7E12}" = SQL Server 2008 R2 SP2 Management Studio
"{521E6064-B4B1-4CBC-0401-25AD697801FA}" = Microsoft Exchange Server Language Pack - Arabic
"{521E6064-B4B1-4CBC-0404-25AD697801FA}" = Microsoft Exchange Server Language Pack - Chinese (Traditional)
"{521E6064-B4B1-4CBC-0407-25AD697801FA}" = Microsoft Exchange Server Language Pack - German
"{521E6064-B4B1-4CBC-0409-25AD697801FA}" = Microsoft Exchange Server Language Pack - English
"{521E6064-B4B1-4CBC-040C-25AD697801FA}" = Microsoft Exchange Server Language Pack - French
"{521E6064-B4B1-4CBC-040D-25AD697801FA}" = Microsoft Exchange Server Language Pack - Hebrew
"{521E6064-B4B1-4CBC-0410-25AD697801FA}" = Microsoft Exchange Server Language Pack - Italian
"{521E6064-B4B1-4CBC-0411-25AD697801FA}" = Microsoft Exchange Server Language Pack - Japanese
"{521E6064-B4B1-4CBC-0412-25AD697801FA}" = Microsoft Exchange Server Language Pack - Korean
"{521E6064-B4B1-4CBC-0416-25AD697801FA}" = Microsoft Exchange Server Language Pack - Portuguese
"{521E6064-B4B1-4CBC-0419-25AD697801FA}" = Microsoft Exchange Server Language Pack - Russian
"{521E6064-B4B1-4CBC-0804-25AD697801FA}" = Microsoft Exchange Server Language Pack - Chinese (Simplified)
"{521E6064-B4B1-4CBC-0C0A-25AD697801FA}" = Microsoft Exchange Server Language Pack - Spanish
"{5318020E-E32C-4A33-BC8D-EEF5CC2F6CA1}" = SQL Server 2008 R2 SP2 Database Engine Services
"{54F2237F-018C-483B-8884-9FC0D88840C3}" = VC_CRT_x64
"{5C75DA6D-F5E3-4D4B-A381-B52B8CA5B1CF}" = Symantec Endpoint Protection
"{72AB7E6F-BC24-481E-8C45-1AB5B3DD795D}" = SQL Server 2008 R2 SP2 Management Studio
"{79A2C6E8-C727-4D12-B4B3-19790C181DEA}" = Microsoft SQL Server 2008 R2 Native Client
"{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}" = Microsoft Network Monitor 3.4
"{93FCFF43-49E2-4AE5-9AD4-0256878AB886}" = Microsoft Exchange 2007 Enterprise Anti-spam Signatures
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-2000-0409-1000-0000000FF1CE}" = Microsoft Filter Pack 2.0
"{963E5FEB-1367-46B9-851D-A957F1A3747F}" = Microsoft Network Monitor: NetworkMonitor Parsers 3.4
"{9FFAE13C-6160-4DD0-A67A-DAC5994F81BD}" = SQL Server 2008 R2 SP2 Database Engine Services
"{A2122A9C-A699-4365-ADF8-68FEAC125D61}" = SQL Server 2008 R2 SP2 Database Engine Shared
"{B40EE88B-400A-4266-A17B-E3DE64E94431}" = Microsoft SQL Server 2008 Setup Support Files
"{B4ED896A-2F5F-4FF4-B403-9DF832E1F21F}" = Intel® Network Connections 18.2.63.0
"{C3525BF7-3698-4CD3-A8C3-69BD6F57BA3B}" = Microsoft SQL Server 2008 R2 Setup (English)
"{C3F10D8C-BD70-4516-B2B4-BF6901980741}" = Microsoft Exchange 2007 Standard Anti-spam Filter Updates
"{C942A025-A840-4BF2-8987-849C0DD44574}" = SQL Server 2008 R2 SP2 Database Engine Shared
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D2372F87-7DA2-47F7-A102-AF2181B8EAA2}" = TightVNC
"{D406D803-C60C-4CF5-9B97-B95C3DF87F52}" = Microsoft SQL Server 2008 R2 RsFx Driver
"{DEDFFB64-42EC-4E26-0401-430E86DF378C}" = Microsoft Exchange Client Language Pack - Arabic
"{DEDFFB64-42EC-4E26-0402-430E86DF378C}" = Microsoft Exchange Client Language Pack - Bulgarian
"{DEDFFB64-42EC-4E26-0403-430E86DF378C}" = Microsoft Exchange Client Language Pack - Catalan
"{DEDFFB64-42EC-4E26-0404-430E86DF378C}" = Microsoft Exchange Client Language Pack - Chinese (Traditional)
"{DEDFFB64-42EC-4E26-0405-430E86DF378C}" = Microsoft Exchange Client Language Pack - Czech
"{DEDFFB64-42EC-4E26-0406-430E86DF378C}" = Microsoft Exchange Client Language Pack - Danish
"{DEDFFB64-42EC-4E26-0407-430E86DF378C}" = Microsoft Exchange Client Language Pack - German
"{DEDFFB64-42EC-4E26-0408-430E86DF378C}" = Microsoft Exchange Client Language Pack - Greek
"{DEDFFB64-42EC-4E26-0409-430E86DF378C}" = Microsoft Exchange Client Language Pack - English
"{DEDFFB64-42EC-4E26-040B-430E86DF378C}" = Microsoft Exchange Client Language Pack - Finnish
"{DEDFFB64-42EC-4E26-040C-430E86DF378C}" = Microsoft Exchange Client Language Pack - French
"{DEDFFB64-42EC-4E26-040D-430E86DF378C}" = Microsoft Exchange Client Language Pack - Hebrew
"{DEDFFB64-42EC-4E26-040E-430E86DF378C}" = Microsoft Exchange Client Language Pack - Hungarian
"{DEDFFB64-42EC-4E26-040F-430E86DF378C}" = Microsoft Exchange Client Language Pack - Icelandic
"{DEDFFB64-42EC-4E26-0410-430E86DF378C}" = Microsoft Exchange Client Language Pack - Italian
"{DEDFFB64-42EC-4E26-0411-430E86DF378C}" = Microsoft Exchange Client Language Pack - Japanese
"{DEDFFB64-42EC-4E26-0412-430E86DF378C}" = Microsoft Exchange Client Language Pack - Korean
"{DEDFFB64-42EC-4E26-0413-430E86DF378C}" = Microsoft Exchange Client Language Pack - Dutch
"{DEDFFB64-42EC-4E26-0414-430E86DF378C}" = Microsoft Exchange Client Language Pack - Norwegian
"{DEDFFB64-42EC-4E26-0415-430E86DF378C}" = Microsoft Exchange Client Language Pack - Polish
"{DEDFFB64-42EC-4E26-0416-430E86DF378C}" = Microsoft Exchange Client Language Pack - Portuguese
"{DEDFFB64-42EC-4E26-0418-430E86DF378C}" = Microsoft Exchange Client Language Pack - Romanian
"{DEDFFB64-42EC-4E26-0419-430E86DF378C}" = Microsoft Exchange Client Language Pack - Russian
"{DEDFFB64-42EC-4E26-041A-430E86DF378C}" = Microsoft Exchange Client Language Pack - Croatian
"{DEDFFB64-42EC-4E26-041B-430E86DF378C}" = Microsoft Exchange Client Language Pack - Slovak
"{DEDFFB64-42EC-4E26-041D-430E86DF378C}" = Microsoft Exchange Client Language Pack - Swedish
"{DEDFFB64-42EC-4E26-041E-430E86DF378C}" = Microsoft Exchange Client Language Pack - Thai
"{DEDFFB64-42EC-4E26-041F-430E86DF378C}" = Microsoft Exchange Client Language Pack - Turkish
"{DEDFFB64-42EC-4E26-0420-430E86DF378C}" = Microsoft Exchange Client Language Pack - Urdu
"{DEDFFB64-42EC-4E26-0421-430E86DF378C}" = Microsoft Exchange Client Language Pack - Indonesian
"{DEDFFB64-42EC-4E26-0422-430E86DF378C}" = Microsoft Exchange Client Language Pack - Ukrainian
"{DEDFFB64-42EC-4E26-0424-430E86DF378C}" = Microsoft Exchange Client Language Pack - Slovenian
"{DEDFFB64-42EC-4E26-0425-430E86DF378C}" = Microsoft Exchange Client Language Pack - Estonian
"{DEDFFB64-42EC-4E26-0426-430E86DF378C}" = Microsoft Exchange Client Language Pack - Latvian
"{DEDFFB64-42EC-4E26-0427-430E86DF378C}" = Microsoft Exchange Client Language Pack - Lithuanian
"{DEDFFB64-42EC-4E26-0429-430E86DF378C}" = Microsoft Exchange Client Language Pack - Persian
"{DEDFFB64-42EC-4E26-042A-430E86DF378C}" = Microsoft Exchange Client Language Pack - Vietnamese
"{DEDFFB64-42EC-4E26-042D-430E86DF378C}" = Microsoft Exchange Client Language Pack - Basque
"{DEDFFB64-42EC-4E26-0439-430E86DF378C}" = Microsoft Exchange Client Language Pack - Hindi
"{DEDFFB64-42EC-4E26-043E-430E86DF378C}" = Microsoft Exchange Client Language Pack - Malay
"{DEDFFB64-42EC-4E26-043F-430E86DF378C}" = Microsoft Exchange Client Language Pack - Kazakh
"{DEDFFB64-42EC-4E26-0441-430E86DF378C}" = Microsoft Exchange Client Language Pack - Kiswahili
"{DEDFFB64-42EC-4E26-0445-430E86DF378C}" = Microsoft Exchange Client Language Pack - Bengali (India)
"{DEDFFB64-42EC-4E26-0447-430E86DF378C}" = Microsoft Exchange Client Language Pack - Gujarati
"{DEDFFB64-42EC-4E26-0448-430E86DF378C}" = Microsoft Exchange Client Language Pack - Oriya (India)
"{DEDFFB64-42EC-4E26-0449-430E86DF378C}" = Microsoft Exchange Client Language Pack - Tamil
"{DEDFFB64-42EC-4E26-044A-430E86DF378C}" = Microsoft Exchange Client Language Pack - Telugu
"{DEDFFB64-42EC-4E26-044B-430E86DF378C}" = Microsoft Exchange Client Language Pack - Kannada
"{DEDFFB64-42EC-4E26-044C-430E86DF378C}" = Microsoft Exchange Client Language Pack - Malayalam (India)
"{DEDFFB64-42EC-4E26-044E-430E86DF378C}" = Microsoft Exchange Client Language Pack - Marathi
"{DEDFFB64-42EC-4E26-0452-430E86DF378C}" = Microsoft Exchange Client Language Pack - Welsh (United Kingdom)
"{DEDFFB64-42EC-4E26-0456-430E86DF378C}" = Microsoft Exchange Client Language Pack - Galician
"{DEDFFB64-42EC-4E26-045E-430E86DF378C}" = Microsoft Exchange Client Language Pack - Amharic (Ethiopia)
"{DEDFFB64-42EC-4E26-0464-430E86DF378C}" = Microsoft Exchange Client Language Pack - Filipino (Philippines)
"{DEDFFB64-42EC-4E26-0804-430E86DF378C}" = Microsoft Exchange Client Language Pack - Chinese (Simplified)
"{DEDFFB64-42EC-4E26-0809-430E86DF378C}" = Microsoft Exchange Client Language Pack - English (Great Britain)
"{DEDFFB64-42EC-4E26-080A-430E86DF378C}" = Microsoft Exchange Client Language Pack - Spanish (Mexico)
"{DEDFFB64-42EC-4E26-0816-430E86DF378C}" = Microsoft Exchange Client Language Pack - Portuguese (Portugal)
"{DEDFFB64-42EC-4E26-081A-430E86DF378C}" = Microsoft Exchange Client Language Pack - Serbian
"{DEDFFB64-42EC-4E26-0C04-430E86DF378C}" = Microsoft Exchange Client Language Pack - Chinese (Hong Kong S.A.R.)
"{DEDFFB64-42EC-4E26-0C09-430E86DF378C}" = Microsoft Exchange Client Language Pack - English (Australia)
"{DEDFFB64-42EC-4E26-0C0A-430E86DF378C}" = Microsoft Exchange Client Language Pack - Spanish
"{DEDFFB64-42EC-4E26-0C0C-430E86DF378C}" = Microsoft Exchange Client Language Pack - French (Canada)
"{DEDFFB64-42EC-4E26-0C1A-430E86DF378C}" = Microsoft Exchange Client Language Pack - Serbian (Cyrillic, Serbia)
"{DEDFFB64-42EC-4E26-1009-430E86DF378C}" = Microsoft Exchange Client Language Pack - English (Canada)
"{DEDFFB64-42EC-4E26-4009-430E86DF378C}" = Microsoft Exchange Client Language Pack - English (India)
"{F31183CF-E10F-4DE1-BB59-6C0FF38E481E}" = Sql Server Customer Experience Improvement Program
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = SQL Server 2008 R2 SP2 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = SQL Server 2008 R2 SP2 Database Engine Services
"LAN-Fax Utilities" = LAN-Fax Utilities
"Microsoft Exchange v14" = Microsoft Exchange Server 2010
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2 (64-bit)
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2 (64-bit)
"PROSetDX" = Intel® Network Connections 18.2.63.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{42E52398-5674-414E-892C-907BF65CA46E}" = CrashPlan
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{53E10F4E-B361-45D7-8DBD-A6BF073236F0}" = LogMeIn
"{A93701AA-EC70-46E4-832F-E92BD88BC938}" = Microsoft Exchange Pre-Deployment Analyzer
"{B917B014-00BA-4732-8A1A-9FD367109FD7}_is1" = RD1000 Utilities version 1.55
"{BF9BF038-FE03-429D-9B26-2FA0FD756052}" = Microsoft SQL Server Browser
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Matrox Graphics Uninstaller" = Matrox Graphics Software (remove only)
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"QNAP_FINDER" = QNAP Qfinder
"TeamViewer 6" = TeamViewer 6
"TipssRecords System - Client" = TipssRecords System - Client

========== Last 20 Event Log Errors ==========

[ Active Directory Web Services Events ]
Error - 11/6/2013 12:22:49 AM | Computer Name = CHSERVER.Prescott.local | Source = ADWS | ID = 1202
Description =

Error - 11/6/2013 12:44:57 AM | Computer Name = CHSERVER.Prescott.local | Source = ADWS | ID = 1202
Description =

Error - 11/7/2013 9:14:04 PM | Computer Name = CHSERVER.Prescott.local | Source = ADWS | ID = 1202
Description =

Error - 11/8/2013 12:36:03 AM | Computer Name = CHSERVER.Prescott.local | Source = ADWS | ID = 1202
Description =

Error - 11/8/2013 8:20:08 AM | Computer Name = CHSERVER.Prescott.local | Source = ADWS | ID = 1202
Description =

Error - 11/11/2013 11:01:13 AM | Computer Name = CHSERVER.Prescott.local | Source = ADWS | ID = 1202
Description =

Error - 11/13/2013 4:56:08 PM | Computer Name = CHSERVER.Prescott.local | Source = ADWS | ID = 1202
Description =

Error - 11/14/2013 12:39:19 AM | Computer Name = CHSERVER.Prescott.local | Source = ADWS | ID = 1202
Description =

Error - 11/14/2013 12:52:18 AM | Computer Name = CHSERVER.Prescott.local | Source = ADWS | ID = 1202
Description =

[ Application Events ]
Error - 11/14/2013 12:53:12 AM | Computer Name = CHSERVER.Prescott.local | Source = WinMgmt | ID = 10
Description =

Error - 11/14/2013 12:53:19 AM | Computer Name = CHSERVER.Prescott.local | Source = MSExchange ADAccess | ID = 264266
Description = Process MSEXCHANGEADTOPOLOGYSERVICE.EXE (PID=2444). Error 0x8007251e
occurred when DNS was queried for the service location (SRV) resource record used
to locate a domain controller for domain Prescott.local The query was for the SRV
record for _ldap._tcp.dc._msdcs.Prescott.local For information about correcting
this problem, Type in the command line: hh tcpip.chm::/sag_DNS_tro_dcLocator_messageA.htm

Error - 11/14/2013 12:53:20 AM | Computer Name = CHSERVER.Prescott.local | Source = MSExchangeIS | ID = 394337
Description = Error 0x96f connecting to Active Directory.

Error - 11/14/2013 12:53:20 AM | Computer Name = CHSERVER.Prescott.local | Source = MSExchangeIS | ID = 398216
Description = Unable to initialize the Microsoft Exchange Information Store service.
- Error 0x96f.

Error - 11/14/2013 12:53:44 AM | Computer Name = CHSERVER.Prescott.local | Source = MSExchangeRepl | ID = 265298
Description = Active Manager failed to mount database Public Folder Database 1121323700
on server CHSERVER.Prescott.local. Error: An Active Manager operation failed with
a transient error. Please retry the operation. Error: Database action failed with
transient error. Error: A transient error occurred during a database operation.
Error: MapiExceptionNetworkError: Unable to make admin interface connection to
server. (hr=0x80040115, ec=-2147221227) Diagnostic context: ...... Lid: 12696
dwParam: 0x6D9 Msg: EEInfo: Generation Time: 2013-11-14 04:53:43:433
Lid: 10648 dwParam: 0x6D9 Msg: EEInfo: Generating component: 2 Lid: 14744
dwParam: 0x6D9 Msg: EEInfo: Status: 1753 Lid: 9624 dwParam: 0x6D9
Msg: EEInfo: Detection location: 501 Lid: 13720 dwParam: 0x6D9 Msg:
EEInfo: Flags: 0 Lid: 11672 dwParam: 0x6D9 Msg: EEInfo: NumberOfParameters:
4 Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[0]: Unicode string: ncalrpc

Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[1]: Unicode string: Lid:
12952 dwParam: 0x6D9 Msg: EEInfo: prm[2]: Long val: -1988875570 Lid:
12952 dwParam: 0x6D9 Msg: EEInfo: prm[3]: Long val: 382312662 Lid: 24060
StoreEc: 0x80040115 Lid: 23746 Lid: 31938 StoreEc: 0x80040115 Lid:
19650 Lid: 27842 StoreEc: 0x80040115 Lid: 20866 Lid: 29058 StoreEc:
0x80040115

Error - 11/14/2013 12:53:44 AM | Computer Name = CHSERVER.Prescott.local | Source = MSExchangeRepl | ID = 265298
Description = Active Manager failed to mount database Mailbox Database 0738947844
on server CHSERVER.Prescott.local. Error: An Active Manager operation failed with
a transient error. Please retry the operation. Error: Database action failed with
transient error. Error: A transient error occurred during a database operation.
Error: MapiExceptionNetworkError: Unable to make admin interface connection to
server. (hr=0x80040115, ec=-2147221227) Diagnostic context: ...... Lid: 12696
dwParam: 0x6D9 Msg: EEInfo: Generation Time: 2013-11-14 04:53:43:995
Lid: 10648 dwParam: 0x6D9 Msg: EEInfo: Generating component: 2 Lid: 14744
dwParam: 0x6D9 Msg: EEInfo: Status: 1753 Lid: 9624 dwParam: 0x6D9
Msg: EEInfo: Detection location: 501 Lid: 13720 dwParam: 0x6D9 Msg:
EEInfo: Flags: 0 Lid: 11672 dwParam: 0x6D9 Msg: EEInfo: NumberOfParameters:
4 Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[0]: Unicode string: ncalrpc

Lid: 8856 dwParam: 0x6D9 Msg: EEInfo: prm[1]: Unicode string: Lid:
12952 dwParam: 0x6D9 Msg: EEInfo: prm[2]: Long val: -1988875570 Lid:
12952 dwParam: 0x6D9 Msg: EEInfo: prm[3]: Long val: 382312662 Lid: 24060
StoreEc: 0x80040115 Lid: 23746 Lid: 31938 StoreEc: 0x80040115 Lid:
19650 Lid: 27842 StoreEc: 0x80040115 Lid: 20866 Lid: 29058 StoreEc:
0x80040115

Error - 11/14/2013 12:53:49 AM | Computer Name = CHSERVER.Prescott.local | Source = MSExchange OAB Maintenance | ID = 264152
Description = While attempting to move the offline address book \Default Offline
Address List, the OAB Maintenance Servicelet caught an exception of type Microsoft.Exchange.Configuration.MonadDataProvider.MonadDataAdapterInvocationException:
"A value can't be provided automatically for the "Server" mandatory parameter.
Specify an explicit value for the parameter and try again, or add the Verbose parameter
to obtain more information about the failure. It was running the command 'Move-OfflineAddressBook
-Identity "\Default Offline Address List" -DomainController "CHSERVER.Prescott.local"'.".
The offline address book was not moved.

Error - 11/14/2013 6:40:26 AM | Computer Name = CHSERVER.Prescott.local | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 11/14/2013 7:11:29 AM | Computer Name = CHSERVER.Prescott.local | Source = MSExchangeSA | ID = 9360
Description = OABGen encountered an error while generating the changes.oab file
for version 2 and 3 differential downloads of address list '\Global Address List'.
The offline address book has not been updated so clients will not be able to download
the current set of changes. Check other logged events to find the cause of this
error. If the cause of the problem was intentional or cannot be resolved, OABGen
can be forced to post a full offline address book by creating the DWORD registry
key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeSA\Parameters\OAL
post full if diff fails' and setting it to 1 on this server. When OABGen next
generates the offline address book, clients will perform a full OAB download. After
that time, the registry key should be removed to prevent further full downloads.

-
\Default Offline Address List

Error - 11/14/2013 7:11:29 AM | Computer Name = CHSERVER.Prescott.local | Source = MSExchangeSA | ID = 9360
Description = OABGen encountered an error while generating the changes.oab file
for version 2 and 3 differential downloads of address list '\Global Address List'.
The offline address book has not been updated so clients will not be able to download
the current set of changes. Check other logged events to find the cause of this
error. If the cause of the problem was intentional or cannot be resolved, OABGen
can be forced to post a full offline address book by creating the DWORD registry
key 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeSA\Parameters\OAL
post full if diff fails' and setting it to 1 on this server. When OABGen next
generates the offline address book, clients will perform a full OAB download. After
that time, the registry key should be removed to prevent further full downloads.

-
\Default Offline Address List

[ DNS Server Events ]
Error - 11/7/2013 9:15:29 PM | Computer Name = CHSERVER.Prescott.local | Source = DNS | ID = 408
Description =

Error - 11/7/2013 9:15:29 PM | Computer Name = CHSERVER.Prescott.local | Source = DNS | ID = 407
Description =

Error - 11/7/2013 9:15:29 PM | Computer Name = CHSERVER.Prescott.local | Source = DNS | ID = 408
Description =

Error - 11/7/2013 9:15:29 PM | Computer Name = CHSERVER.Prescott.local | Source = DNS | ID = 404
Description =

Error - 11/7/2013 9:15:29 PM | Computer Name = CHSERVER.Prescott.local | Source = DNS | ID = 408
Description =

Error - 11/7/2013 9:15:30 PM | Computer Name = CHSERVER.Prescott.local | Source = DNS | ID = 407
Description =

Error - 11/7/2013 9:15:30 PM | Computer Name = CHSERVER.Prescott.local | Source = DNS | ID = 408
Description =

Error - 11/7/2013 9:15:30 PM | Computer Name = CHSERVER.Prescott.local | Source = DNS | ID = 404
Description =

Error - 11/7/2013 9:15:30 PM | Computer Name = CHSERVER.Prescott.local | Source = DNS | ID = 408
Description =

Error - 11/7/2013 9:15:30 PM | Computer Name = CHSERVER.Prescott.local | Source = DNS | ID = 4015
Description =

[ MSExchange Management Events ]
Error - 11/1/2013 8:50:47 PM | Computer Name = CHSERVER.Prescott.local | Source = MSExchange CmdletLogs | ID = 6
Description = Cmdlet failed. Cmdlet New-MoveRequest, parameters {TargetDatabase=Mailbox
Database 0738947844, BadItemLimit=0, Identity=chovel}.

Error - 11/1/2013 8:50:48 PM | Computer Name = CHSERVER.Prescott.local | Source = MSExchange CmdletLogs | ID = 6
Description = Cmdlet failed. Cmdlet New-MoveRequest, parameters {TargetDatabase=Mailbox
Database 0738947844, BadItemLimit=0, Identity=emichaels}.

Error - 11/1/2013 8:50:48 PM | Computer Name = CHSERVER.Prescott.local | Source = MSExchange CmdletLogs | ID = 6
Description = Cmdlet failed. Cmdlet New-MoveRequest, parameters {TargetDatabase=Mailbox
Database 0738947844, BadItemLimit=0, Identity=isaac}.

Error - 11/1/2013 8:50:48 PM | Computer Name = CHSERVER.Prescott.local | Source = MSExchange CmdletLogs | ID = 6
Description = Cmdlet failed. Cmdlet New-MoveRequest, parameters {TargetDatabase=Mailbox
Database 0738947844, BadItemLimit=0, Identity=bdravis}.

Error - 11/2/2013 8:40:48 AM | Computer Name = CHSERVER.Prescott.local | Source = MSExchange CmdletLogs | ID = 6
Description = Cmdlet failed. Cmdlet Set-OwaVirtualDirectory, parameters {Identity=CHSERVER.Prescott.local\ecp
(default web site), InternalUrl=https://remote.prescottcity.org/owa, ExternalUrl=https://remote.prescottcity.org/owa}.

Error - 11/3/2013 9:18:04 AM | Computer Name = CHSERVER.Prescott.local | Source = MSExchange CmdletLogs | ID = 6
Description = Cmdlet failed. Cmdlet Set-GlobalAddressList, parameters {RecipientFilter=Parameter
value is too large., Identity=Default Global Address List}.

Error - 11/8/2013 9:54:31 AM | Computer Name = CHSERVER.Prescott.local | Source = MSExchange CmdletLogs | ID = 6
Description = Cmdlet failed. Cmdlet Set-ReceiveConnector, parameters {Identity=CHSERVER\Default
CHSERVER, AuthMechanism=Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer,
Fqdn=mail.prescottcity.org}.

Error - 11/8/2013 9:54:35 AM | Computer Name = CHSERVER.Prescott.local | Source = MSExchange CmdletLogs | ID = 6
Description = Cmdlet failed. Cmdlet Set-ReceiveConnector, parameters {Identity=CHSERVER\Default
CHSERVER, AuthMechanism=Tls, Integrated, BasicAuth, BasicAuthRequireTLS, ExchangeServer,
Fqdn=mail.prescottcity.org}.

Error - 11/13/2013 4:57:35 PM | Computer Name = CHSERVER.Prescott.local | Source = MSExchange CmdletLogs | ID = 6
Description = Cmdlet failed. Cmdlet Move-OfflineAddressBook, parameters {Identity=\Default
Offline Address List, DomainController=CHSERVER.Prescott.local}.

Error - 11/14/2013 12:40:44 AM | Computer Name = CHSERVER.Prescott.local | Source = MSExchange CmdletLogs | ID = 6
Description = Cmdlet failed. Cmdlet Move-OfflineAddressBook, parameters {Identity=\Default
Offline Address List, DomainController=CHSERVER.Prescott.local}.

[ System Events ]
Error - 11/14/2013 12:53:21 AM | Computer Name = CHSERVER.Prescott.local | Source = Service Control Manager | ID = 7024
Description =

Error - 11/14/2013 12:53:45 AM | Computer Name = CHSERVER.Prescott.local | Source = Service Control Manager | ID = 7031
Description =

Error - 11/14/2013 2:31:17 AM | Computer Name = CHSERVER.Prescott.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 1203.

Error - 11/14/2013 2:32:17 AM | Computer Name = CHSERVER.Prescott.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 1203.

Error - 11/14/2013 4:31:17 AM | Computer Name = CHSERVER.Prescott.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 1203.

Error - 11/14/2013 4:32:17 AM | Computer Name = CHSERVER.Prescott.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 1203.

Error - 11/14/2013 6:31:18 AM | Computer Name = CHSERVER.Prescott.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 1203.

Error - 11/14/2013 6:32:17 AM | Computer Name = CHSERVER.Prescott.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 1203.

Error - 11/14/2013 8:31:18 AM | Computer Name = CHSERVER.Prescott.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 1203.

Error - 11/14/2013 8:32:18 AM | Computer Name = CHSERVER.Prescott.local | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
is 1203.


< End of report >
  • 0

Advertisements

#2
godawgs
Posted 14 November 2013 - 11:00 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
I'm sorry but our assistance is offered for home and personal computer use. Our Terms of Use do not permit assistance to individuals or companies working for profit.
Please see 3. b of our TOU policy.

If you believe that this does not or should not apply to you please contact one of our Administrators or Moderators. You can do that by clicking the Report button at the bottom left of this post. A member of the Admin team will get back to you.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP